Previously I got some great help to get my openwrt 'client' configuration for wireguard sorted out - this was discussed in OpenWrt client to linux hosted wireguard. I also blogged about it https://lowtek.ca/roo/2022/openwrt-as-a-wireguard-client
Recently - my home network connection had some weird problem. My main gateway/router needed a reboot. The external IP did not change, but the remote openwrt wireguard "client" got stuck in some way. I was not seeing updated handshakes happen (for hours)
I was pleased to discover that there was a wireguard_watchdog
script to use. See these forum threads for setting that up:
I've added this to my configuration to check and 'kick' wireguard if my IP does change or something else happens.
I thought this was going to fix me up, but unfortunately it did not. I did some debug on the script - and it's correctly detecting the issue and trying to fix it with
wg set ${iface} peer ${public_key} endpoint "${endpoint_host}:${endpoint_port}"
While this may help deal with an IP address change - it didn't tickle the interface enough to get my wireguard connection to start working again.
I then found this Restart WireGuard via cli - #10 by satheras which indicates doing
ifdown ${iface}
ifup ${iface}
This when manually issued appears to have been the magic required.
The reason for this post - is to see what folks more knowledgeable than myself think of adding this to the wireguard_watchdog
script. Maybe with a brief sleep before it to allow the wg set..
to take effect?
logger -t "wireguard_monitor" "${iface} endpoint ${endpoint_host}:${endpoint_port} is not responding for ${idle_seconds} seconds, trying to re-resolve hostname"
wg set ${iface} peer ${public_key} endpoint "${endpoint_host}:${endpoint_port}"
sleep 1
ifdown ${iface}
ifup ${iface}
I can go find the code and create an issue and pull request, but would like feedback that this makes sense.