Run script when ping to certain host is successful and failed

terrytw · June 19, 2024, 9:25pm

I have got a x64 openwrt VM in PVE, VM has public IPv4 address, lan subnet 192.168.17.0/24 has IPv6 delegated to it as well, I have got a guest subnet 192.168.18.0/24, I have got a wireguard interface with the subnet 192.168.13.0/24. My x64 openwrt VM in the wireguard interface is at 192.168.13.6, I have got some other peers, one of them is sometimes not working because of network issues over there.

Sorry I don't know how to draw topology. It is a pretty straight forward setup, I also put all the config in the previous post.

ZOzo · June 19, 2024, 9:27pm

the reason you know

what is it?

terrytw · June 19, 2024, 9:28pm

Because it is on a different continent, in a country with internet censorship.

ZOzo · June 19, 2024, 9:30pm

reloading the connection there and acquiring new IP does work again for some time?

ZOzo · June 19, 2024, 9:32pm

do you know how is the censorship being monitored? imei? mac address?

terrytw · June 19, 2024, 9:35pm

Dude, it is a powerful state machine, why would I know how it works? I don't need to circumvent it, I just need to run my little script when that peer is not working.....Also run another little script when it is back for some reason. It is not completely blocked per se, and I am not trying to mitigate the block, I am trying to inform myself when that happens.

The reason why it doesnt work is honestly irrelevant....

anomeome · June 19, 2024, 9:38pm

me thinks either of the two examples in the above link might get the job done, back to a cron job, but, oh well.

ZOzo · June 19, 2024, 9:39pm

hence the first answer from chat gpt

just replace "echo "Ping to $target succeeded.""

and "echo "Ping to $target failed.""

to the action you want to acheive

terrytw · June 19, 2024, 9:40pm

Yeah I am doing it now. Doesn't feel right, but it works.

I will come back tomorrow see if anyone else has a better idea.

egc · June 20, 2024, 7:27am

terrytw:

config wireguard_wireguard
        option description 'Kaide' (This one is sometimes not working for a reason I know)
        option public_key '****'
        list allowed_ips '0.0.0.0/0'

This is an unreliable setup as you have overlapping peers not saying it is the main problem but it needs attention.
This is a typical WireGuard server setup, why do you have allowed-ips set to 0.0.0.0/0?

What is it exactly you want to accomplish?

egc · June 20, 2024, 7:53am

As you do not have an endpoint better not use it

terrytw · June 20, 2024, 3:19pm

I need to route the traffic to a certain country through that peer, it is thousands of lines of IPv4 CIDR that are constantly changing. I need to use 0.0.0.0/0 as allowed IP without routing to it, then I use luci-app-pbr to do the actual routing using custom user file.

This is not a pure "server" so to speak. It might look confusing because if it is connecting to other peer, why isn't there an endpoint? Because internet censorship could work differently in different direction, so I don't want to connect to the peer proactively through wireguard, I want to be connected by the other peer and then route traffic through the peer, and it works.

egc · June 20, 2024, 3:27pm

OK but then you should use a second tunnel for that peer alone as you now have overlapping peers.

The second tunnel is setup the same but has only one peer which you can set to 0.0.0.0/0 do not enable Route Allowed IPs and you should be fine

Having a separate tunnel makes it easier to track the traffic on just that one tunnel e.g. with a wireguard watchdog script:

But having this separate tunnel with non overlapping peers might make it more stable and maybe mitigates your problem

terrytw · June 20, 2024, 3:56pm

Thanks for the advice, I will try it out!

account4538 · June 20, 2024, 11:12pm

This is what I use in rc.local

until ping -4 -c 1 -w 1 -W 1 dns.opendns.com > /dev/null 2>&1
  do
    sleep 1
  done

Simple and working for years in multiple devices. OpenDNS has a history of 100% uptime so that's why I ping that.