How to auto-restart WireGuard programmatically if tunnel fails?

Dear Teltonika-Team,

How is it possible to auto-restart a WireGuard tunnel, if it fails, from a RUTX11’s side?

I have the problem that sometimes (I don’t know the triggers, and I don’t see a pattern) the WG tunnel between my RUTX11 and my AVM Fritzbox 7490 router fails.

It then helps when I go to RUTX11 > Services > VPN > WireGuard > WireGuard Configuration > and disable and then enable the [on] slider.

Preferably, I would like to do this programmatically, i.e. by regularly checking if the tunnel is still open, and if not, then briefly disable and then again enable the aforementioned slider.

I remember that another user had shared some script, but I cannot find it anymore and back at that time, I did’t understand how to use it.

Thanks for sharing your thought and your help! :+1:

Kind regards
7wells

Hello,

Look at /usr/bin/wireguard_watchdog add a crontab entry as described in the script.

Regards,

1 Like

Sorry, @flebourse but I’m not so savvy to understand what you mean. I have a binary /usr/bin/wireguard_watchdog on my RUTX11. I know (roughly) what to do with crontab, but how exactly does your hint help in my case?

Add the following line to /etc/crontabs/root:

* * * * * /usr/bin/wireguard_watchdog

and restart cron:

/etc/init.d/cron restart
1 Like

And that is all that is needed? Sorry to ask so bluntly (:face_with_open_eyes_and_hand_over_mouth:), but would you mind pointing me to some further reading about the background? I am eager to understand what exactly happens when the binary is triggered on this schedule and the watchdog is indeed fired. I.e., what exactly fires the whatdog, and how does this binary help to re-establish a lost tunnel connection? Thank you so much! :heart:

PS: There is no --help parameter available for wireguard_watchdog, as far as I see.

Yes.
wireguard_watchdog checks for how long the wg tunnel has been idle, and if the value is above a threshold it restarts it. Thats all.

1 Like

Ok, I got it. My /etc/crontabs/root then looks like this. Is it ok?

11 6 * * 2 /sbin/rut_fota --fw_info >/dev/null 2>&1 #xxxxxx
* * * * * /usr/bin/wireguard_watchdog

The #xxxxxx is a commented (and redacted) hex number. I wonder what it means, but that’s not the main topic here.

More important: Is the added crontab line retained after a router update?

BTW, has Teltonika added this WG-watchdog binary based on a previous user request about this topic? Was it you who had proposed code for this? (a longer while ago)

Anyway, thank you so much for your help - I truly appreciate it! :grinning::+1:

PS: Is there a simple way to test if it works?

Yes, if I remember correctly.

No. I had proposed an awk script a long time ago, it has been superseded by this wireguard_watchdog.
However, I had proposed a modification in order to catch a corner case (a DNS issue), not integrated at this time.

1 Like

Dear Teltonika Team,

Would you mind revisiting @flebourse 's proposed modification in order to catch the DNS issue?

This topic was automatically closed 40 hours after the last reply. New replies are no longer allowed.