User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
gentoo:wireguard [2026/03/16 09:02] willygentoo:wireguard [2026/03/19 08:21] (current) – [Watchdog] willy
Line 73: Line 73:
 ===== Watchdog ===== ===== Watchdog =====
  
-In my experience, when the main router reboots or the internet connection is switched, the wireguard tunnel might hang up for a very long time. I am not sure why this happen, it shouldn't, specially with the *PersistentKeepAlive = 25setting, but it does anyway. +In my experience, when the main router reboots or the internet connection is switched, the wireguard tunnel might hang up for a very long time. I am not sure why this happen, it shouldn't, specially with the //PersistentKeepAlive = 25// setting, but it does anyway. 
  
 To ensure this doesn't happen, i have written a small OpenRC script that pings the Wireguard remote server and restart the wg-quick interface when the ping fails. Drop the following script as **/etc/init.d/tunnel-watchdog**: To ensure this doesn't happen, i have written a small OpenRC script that pings the Wireguard remote server and restart the wg-quick interface when the ping fails. Drop the following script as **/etc/init.d/tunnel-watchdog**:
Line 82: Line 82:
  
 # The services you want to restart # The services you want to restart
-SERVICES="wg-quick.wg0" +SERVICES="wg-quick.wg0 wg-quick.wg1
-PING_HOST="10.100.0.2"+PING_HOST="10.70.0.2
 +LOG="/var/log/tunnel-watchdog.log"
 FAIL_COUNT_LIMIT=5 FAIL_COUNT_LIMIT=5
 PING_TIMEOUT=1 PING_TIMEOUT=1
Line 102: Line 103:
 start() { start() {
     ebegin "Starting tunnel-watchdog daemon"     ebegin "Starting tunnel-watchdog daemon"
 +    echo $(date)" Starting tunnel watchdog on IP $PING_HOST"  >> ${LOG}
     while : ; do     while : ; do
         # Perform a quick ping.  -q quiet, -c N packets, -W T timeout         # Perform a quick ping.  -q quiet, -c N packets, -W T timeout
         if ! ping -q -c ${PING_COUNT} -W ${PING_TIMEOUT} ${PING_HOST} >/dev/null 2>&1; then         if ! ping -q -c ${PING_COUNT} -W ${PING_TIMEOUT} ${PING_HOST} >/dev/null 2>&1; then
             fail_count=$((fail_count + 1))             fail_count=$((fail_count + 1))
-            elog "Ping to ${PING_HOST} failed (attempt ${fail_count})"+            echo $(date)" Ping to ${PING_HOST} failed (attempt ${fail_count})" >> ${LOG}
         else         else
             fail_count=0             fail_count=0
Line 113: Line 115:
         # If we hit the threshold, restart         # If we hit the threshold, restart
         if [ "${fail_count}" -ge "${FAIL_COUNT_LIMIT}" ]; then         if [ "${fail_count}" -ge "${FAIL_COUNT_LIMIT}" ]; then
-            elog "Consecutive failures reached ${FAIL_COUNT_LIMIT}: restarting ${SERVICES}"+            echo $(date)" Consecutive failures reached ${FAIL_COUNT_LIMIT}: restarting ${SERVICES}" >> ${LOG}
             restart_service             restart_service
             fail_count=0             fail_count=0
Line 122: Line 124:
     done &     done &
     PID=$!     PID=$!
 +    echo ${PID} > /var/run/tunnel-watchdog.pid
     eend 0     eend 0
 } }
Line 127: Line 130:
 stop() { stop() {
     ebegin "Stopping ping‑restart daemon"     ebegin "Stopping ping‑restart daemon"
-    if [ -n "${PID}" && kill -"${PID}" 2>/dev/null; then +    if [ -f /var/run/tunnel-watchdog.pid ]; then 
-        kill "${PID}" +        PID=$(cat /var/run/tunnel-watchdog.pid) 
-        wait "${PID}"+        kill -"${PID}" 2>/dev/null 
 +        rm /var/run/tunnel-watchdog.pid 
 +    else 
 +        eend 255
     fi     fi
     eend 0     eend 0
Line 141: Line 147:
 /etc/init.d/tunnel-whatchdog start /etc/init.d/tunnel-whatchdog start
 </code> </code>
 +
 +As a final note, don't forget to put log file **/var/log/tunnel-watchdog.log** in your logrotate facility.