Hi misc@
I have a somewhat similar issue using wireguard on a different scenario.
I'm running a wireguard roadwarrior gateway on -CURRENT, most of my
clients are tiny devices running recent openwrt.
This gateway has ~ 15 peers connected, some are always on, most are on
disconnected state and are seldomly used, maybe one or two times a
week.
Devices that are always on via stable infrastructure/connections run
without any issues for months.
If a client is connected to this roadwarrior everything works
properly, but if by any chance power goes down or an issue happens
with the connection, the tunnel won't reconnect.
My workaround at the moment is removing and readding the peer.
I've added a small script to crontab which manages to iterate all
peers, remove and readd those every 24h.
Is it possible to use ifstated to manage such failure conditions?
I'd rather use a well mantained daemon instead of using my own script.
Thank you for your time.
Best regards,
Pedro Caetano
On Sat, Nov 16, 2024 at 10:51 PM Will <bulk.m...@xhci.com> wrote:
>
>
> On Nov 16, 2024, at 12:41, Stuart Henderson <stu.li...@spacehopper.org> wrote:
>
> What do you mean by "refresh the connection”?
>
>
> Hi Stuart,
>
> I’m glad you replied, because I’m sure you have a much deeper understanding
> of how wireguard works than me. I think wgpka is probably working as
> intended, and a network appliance somewhere in the middle of the route has
> forgotten about the state, and keepalive packets are not enough at that point.
>
> I *think* that running “sh /etc/netstart wg0” will fix the issue in my case
> by sending some new packets to the server (?) I know from previous experience
> that a simple reboot will re-establish the wireguard tunnel. Maybe a simple
> ping will get it going again, but it’s difficult for me to get to the failed
> client at this moment.
>
> I will be able to test out my “fix,” which would just be to run /etc/netstart
> on the interface again. Here’s what I’ve hacked together in ifstated.conf and
> plan on trying out if continuous pings don’t work. The goal would be to keep
> trying “sh /etc/netstart wg0” at some interval until the tunnel becomes
> responsive
>
>
> tunnel_up = '"ping -q -c 1 -w 5 [server ip] >/dev/null 2>&1" every 10'
>
> state wg_up {
> if ! $tunnel_up {
> run "logger -st ifstated 'wireguard tunnel down'"
> set-state wg_down
> }
> }
>
> state wg_down {
> init {
> run "sleep 20 && sh /etc/netstart wg0"
> }
> if $tunnel_up {
> run "logger -st ifstated 'wireguard tunnel up'"
> set-state wg_up
> }
> if ! $tunnel_up {
> set-state wg_down
> }
> }
