was working properly but after upgrading to Firmeware 7.0.5 i receive an error
Sat Nov 18 15:00:00 2023 cron.err crond[9828]: USER root pid 14131 cmd wg | awk -f /etc/awg.awk
the script is in /etc
any hints what i can do?
thank you
Hello,
Add:
END {
exit(0);
}
at the end of the script.
A better solution would be to use /usr/bin/wireguard_watchdog instead of wg | awk -f /etc/awg.awk it is simpler and I won’t have to maintain the awk script anymore.
Regards,
so you mean:
instead of adding
echo “*/10 * * * * wg | awk -f /etc/awg.awk” >> /etc/crontabs/root
i use
echo "*/10 * * * * /usr/bin/wireguard_watchdog >> /etc/crontabs/root
is that correct?
Yes. And you can also change the */10 by * so the script will run every minute.
Caveat: depending how your dns is set, wireguard_watchdog may fail to re-resolve the name of the server. If so, the workaround is to edit it, comment out the line “wg set ${iface} …” and add two ubus commands as below:
# wg set ${iface} peer ${public_key} endpoint "${endpoint_host}:${endpoint_port}"
ubus call network.interface.${iface} down
ubus call network.interface.${iface} up
i get again the error:
Sat Nov 18 15:50:00 2023 cron.err crond[9840]: USER root pid 13797 cmd /usr/bin/wireguard_watchdog
There must be somthing else broken. any idea where i can get more details?
Yes, wireguard_watchdog is missing a ‘return 0’ at the end.
still receiving error
thats how the script looks like now
thanks for your help 
#!/bin/sh
# SPDX-License-Identifier: GPL-2.0
#
# Copyright (C) 2018 Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>.
# Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
#
# This watchdog script tries to re-resolve hostnames for inactive WireGuard peers.
# Use it for peers with a frequently changing dynamic IP.
# persistent_keepalive must be set, recommended value is 25 seconds.
#
# Run this script from cron every minute:
# echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root
. /lib/functions.sh
check_peer_activity() {
local cfg=$1
local iface=$2
local public_key
local endpoint_host
local endpoint_port
local persistent_keepalive
local last_handshake
local idle_seconds
config_get public_key "${cfg}" "public_key"
config_get endpoint_host "${cfg}" "endpoint_host"
config_get endpoint_port "${cfg}" "endpoint_port"
persistent_keepalive=$(wg show ${iface} persistent-keepalive | grep ${public_key} | awk '{print $2}')
# only process peers with endpoints and keepalive set
[ -z ${endpoint_host} ] && return 0;
[ -z ${persistent_keepalive} -o ${persistent_keepalive} = "off" ] && return 0;
# skip IP addresses
# check taken from packages/net/ddns-scripts/files/dynamic_dns_functions.sh
local IPV4_REGEX="[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}"
local IPV6_REGEX="\(\([0-9A-Fa-f]\{1,4\}:\)\{1,\}\)\(\([0-9A-Fa-f]\{1,4\}\)\{0,1\}\)\(\(:[0-9A-Fa-f]\{1,4\}\)\{1,\}\)"
local IPV4=$(echo ${endpoint_host} | grep -m 1 -o "$IPV4_REGEX$") # do not detect ip in 0.0.0.0.example.com
local IPV6=$(echo ${endpoint_host} | grep -m 1 -o "$IPV6_REGEX")
[ -n "${IPV4}" -o -n "${IPV6}" ] && return 0;
# re-resolve endpoint hostname if not responding for too long
last_handshake=$(wg show ${iface} latest-handshakes | grep ${public_key} | awk '{print $2}')
[ -z ${last_handshake} ] && return 0;
idle_seconds=$(($(date +%s)-${last_handshake}))
[ ${idle_seconds} -lt 150 ] && return 0;
logger -t "wireguard_monitor" "${iface} endpoint ${endpoint_host}:${endpoint_port} is not responding for ${idle_seconds} seconds, trying to re-resolve hostname"
#wg set ${iface} peer ${public_key} endpoint "${endpoint_host}:${endpoint_port}"
ubus call network.interface.${iface} down
ubus call network.interface.${iface} up
}
# query ubus for all active wireguard interfaces
wg_ifaces=$(ubus -S call network.interface dump | jsonfilter -e '@.interface[@.up=true]' | jsonfilter -a -e '@[@.proto="wireguard"].interface' | tr "\n" " ")
# check every peer in every active wireguard interface
config_load network
for iface in $wg_ifaces; do
config_foreach check_peer_activity "wireguard_${iface}" "${iface}"
done
return 0
I see you use a rsyslogd to log the messages from the RUTX.
Create a /etc/rsyslog.d/01-rutx.conf on the syslog server containing:
if $msg contains "cmd /usr/bin/wireguard_watchdog" then stop
and restart the rsyslog process this will kill the spam.
i hope i’m not bothering you, but all that is not helping. i still get the errors
question: even with that error, which i could ignore, is the script doing what it should do? So is the error only cosmetically?
The error is cosmetic only. I dont know why crond / sh return a non-zero value however I was able to get rid of the messages in the syslog output.
1 Like
Ah I think I understand you don’t filter the messages by source.
Add:
#### RULES ####
$template DynaFile,"/var/log/%HOSTNAME%.log"
*.* ?DynaFile
to your /etc/rsyslog.conf and enable the “System->Maintenance->Troubleshoot/Show Hostname” flag on the RUTX.
Hi all
I am also having this issue set up Wireguard and nothing is going out of the router.
Still searching for a good tutorial on how to set it up.