Just to confirm something.. as i seen over vpn provider config the used of some watchdog script. And for openvpn, there is also a 99prevent-leak file into /etc/hotplug.d/iface/.
So 1: can we put the Wg interface name (ex: wgvpn) instead of tun0 in that and get secure like the ovpn ? Or by being different it will not do anything..?
#!/bin/sh if [ "$ACTION" = ifup ] && (ip a s wgvpn up) && (iptables -C forwarding_rule -j REJECT); then iptables -D forwarding_rule -j REJECT fi if [ "$ACTION" = ifdown ] && (! ip a s wgvpn up) && (! iptables -C forwarding_rule -j REJECT); then iptables -I forwarding_rule -j REJECT fi
And 2- on the watchdog as : wireguard_watchdog.sh
#!/bin/sh # ping wg provider dns that can only be reached via the VPN tunnel # if no contact, reboot! tries=0 while [[ $tries -lt 5 ]] do if /bin/ping -c 1 10.160.1.1 then echo "wg works" exit 0 fi echo "wg fail" tries=$((tries+1)) done echo "wg failed 5 times - rebooting" reboot
So is it the same that was supposed to be present into the wireguard-tools package?
And i guess there a cron job to do run it with adding: /etc/crontabs/root
*/15 * * * * /root/wireguard_watchdog.sh
.. but not supposed if fully handle by the wg-tools pack .. ?