LoL - yeah sophisticated.. that's what I call it.
More like cobbled together and attempting to be as seamless (but useful) as possible. I don't want to stray too far from the beaten path which is why I'm asking questions about the wireguard_watchdog implementation.
Your comments have meant I've locally modified my copy of the watchdog script to have this
idle_seconds=$(($(date +%s)-${last_handshake}))
[ ${idle_seconds} -lt 250 ] && return 0;
logger -t "wireguard_monitor" "${iface} endpoint ${endpoint_host}:${endpoint_port} is not responding for ${idle_seconds} seconds, trying to re-resolve hostname"
wg set ${iface} peer ${public_key} endpoint "${endpoint_host}:${endpoint_port}"
if [ ${idle_seconds} -gt 600 ]; then
ifdown ${iface}
ifup ${iface}
fi
}
Two changes here.
- Bumped the ignore it cut off to 250 seconds from 150
- only if
idle_secondshits more than 600 seconds will I use the hammer to down/up the interface.