Restart WireGuard via cli

I have a "working" wireguard site-to-site config (thank you to the users/community for the tips in this post).
Every now and then, the connections bounce/drop etc, which causes WG to misbehave.
I can check this via CLI using
wg | grep latest
and then check if the latest handshake is > say X(~=2) mins. If that is the case, I normally just restart just the WireGuard interface via LUCI - and everything comes up again.
I would like to do this via CLI only though - but I can't find the right command. I am assuming :grimacing: that if there's a clickable, then there's a command (CLI) equivalent? or do I need to restart the LAN interface (I guess it's possible that the GUI click does this, but it's not 100% clear to me)?
Any pointers appreciated.
Thanks

simply restart you wireguard network interface...
sometimes, it need to be stopped then started again...

uhmm... that's what I'm trying to find the CLI command for.

I know I can use a broader network restart with
/etc/init.d/network restart
but I would prefer to ONLY restart WG, and not everything (if this is possible)

ifconfig wg0 down
ifconfig wg0 up

may be it will do the trick... in one linked line ?

or with ip;
ip link set wg0 down && ip link set wg0 up

Thanks for that - not sure why I didn't think to try it :blush:

Alas, it does take the wg0 down
wgvpn0: ..... state DOWN mode DEFAULT group default qlen 1
but after the up (tried both command sets), it sets the state to
wgvpn0: ..... state UNKNOWN mode DEFAULT group default qlen 1
and the links don't re-establish.

If I click the restart in the GUI, they come up immediately

Find out name of the netifd interface and just do ifup <iface> as in ifup wan.

3 Likes

YES! Thank you.
I don't quite understand why this is OK while the ip link/ifconfig up/down fails, but it works

It boils down to

ubus call network.interface $mode "{ \"interface\" : \"$interface\" }"

where $mode as ubus method will be down then up

I assume ip link down

That UNKNOWN is just expected.

I guess the difference is that when you do teardown/setup with netifd, the local listen port of wireguard interface change. From observers' point of view, it's new udp session. With ip link set down/up, the session is the same.

1 Like

I am also just simply restarting the interface per cron script. The script runs every 20 minutes...

#!/bin/sh
#modified from https://openwrt.org/docs/guide-user/base-system/cron
#modified to use logger for global logging instead of scriptlogfile & added infinite reboot protection for reboot
# Prepare vars
DATE=$(date +%Y-%m-%d" "%H:%M:%S)
#logFile="/persistlogs/syslog"

# Ping and reboot if needed

#YOUR WIREGUARD PEER
CHECKHOSTNAME="192.168.X.X"

notification_email="YOUR@EMAIL.ADRESS"
VPNINTERFACE="wgvpn0"


ping -c3 $CHECKHOSTNAME

if [ $? -eq 0 ]; then
    echo "ok"
    logger $(echo "${DATE} - $0: OK - $VPNINTERFACE UP AND RUNNING")

else
    echo "RESTART wgvpn0 Interface"
    logger $(echo "${DATE} - $0: NO VPN CONNECTION RESTART $VPNINTERFACE INTERFACE...")
    # Note: To avoid infinite reboot loop, wait 70 seconds and touch a file in /etc
    ifdown $VPNINTERFACE
    ifup $VPNINTERFACE
        echo Subject: $0: VPN $VPNINTERFACE has been restarted | sendmail -v "$notification_email"
fi

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.