Hello, i've experienced an issue... my (smartphone's or other device) endpoint ip remain stuck in the WG peer Endpoint address, and i am unable to reconnect. The only way is to deactivate/reactivate it (i was going crazy because sometimes wg was working, sometime not..).
So i've made a script who reiterate trough comment-tagged WG peers, to check if there is an endpoint set, then if the handshake is too old, and finally ping the peer via the private WG address. If the ping is unsuccessful the peer/peers (all in once) are disabled and enabled.
Plus there is a debug function (to see what's happening), and an anti-flood option to temp. disable logging, so no "peer deactivated and activated log messages", just the reset info.
Just to share this, have fun !
So i've made a script who reiterate trough comment-tagged WG peers, to check if there is an endpoint set, then if the handshake is too old, and finally ping the peer via the private WG address. If the ping is unsuccessful the peer/peers (all in once) are disabled and enabled.
Plus there is a debug function (to see what's happening), and an anti-flood option to temp. disable logging, so no "peer deactivated and activated log messages", just the reset info.
Just to share this, have fun !
Code:
#v0.91 made Tg: @wavelov3r# <-- Insert this to the comment of the WG peers you want to monitor -->:local vpnPeerComment "private" # <-- Number of pings to be sent to the private WG peer to check if it's alive -->:local pingCount 10 # <-- Time in seconds to consider the peer as disconnected -->:local handShakeLimitDelay 30s # <-- Disable the "disabled/enabled peers logging" -->:local loggingRulesOff true# <-- Show script steps for debugging -->:local showDebug true############################################### CONFIG END ################################################job start:local peerList "":local clientAddress "":local peersToReset []:local loggingDisabled false:local lastHandshake:if ([:len [/interface wireguard peers find comment~"$vpnPeerComment"]] > 0) do={ :local peerList [/interface wireguard peers find comment~"$vpnPeerComment"] :foreach peerId in=$peerList do={ # retrieve the private WG client address as string :local clientAddress [:tostr [/interface wireguard peers get $peerId client-address]] # Remove the /32 suffix directly :set clientAddress [:pick $clientAddress 0 [:find $clientAddress "/"]] # Get current endpoint address (to remove if it's stuck) :local clientCurrEndpoint [:tostr [/interface wireguard peers get $peerId current-endpoint-address]] # Get peer name :local peerName [:tostr [/interface wireguard peers get $peerId name]] #4 debug :if ($showDebug) do={ :if ($clientCurrEndpoint = "") do={ :log warning "Peer $peerName | ip: $clientAddress | Endpoint ready, no ip is set |" } else={ :log warning "Peer $peerName | ip: $clientAddress | Endpoint: $clientCurrEndpoint |" } } # Check if the current endpoint address is not empty :if ($clientCurrEndpoint != "") do={ :set lastHandshake [/interface wireguard peers get $peerId last-handshake] #4 debug :if ($showDebug) do={ :if ($lastHandshake < $handShakeLimitDelay) do={ :log warning "Peer $peerName | ip: $clientAddress | Endpoint: $clientCurrEndpoint | Last Handshake $lastHandshake is still valid |" } else={ :log warning "Peer $peerName | ip: $clientAddress | Endpoint: $clientCurrEndpoint | Last Handshake $lastHandshake > handshake time limit | " } } :if ($lastHandshake > $handShakeLimitDelay) do={ :local failedPings 0 :for i from=1 to=$pingCount do={ :if ([ping $clientAddress count=1] = 0) do={ :set failedPings ($failedPings + 1) } } #4 debug :if ($showDebug) do={ :log warning "Peer $peerName | ip: $clientAddress | Endpoint: $clientCurrEndpoint | Last Handshake: $lastHandshake | Failed pings: $failedPings |" } # If all pings are unsuccessful, disable and re-enable the peer :if ($failedPings = $pingCount) do={ :set peersToReset ($peersToReset, $peerId) } } } } :if ($loggingRulesOff && ([:len $peersToReset] > 0)) do={ /system logging disable [find topics="info"] :set loggingDisabled true } :foreach peerId in=$peersToReset do={ /interface wireguard peers disable $peerId :delay 1s /interface wireguard peers enable $peerId :delay 500ms :local peerName [:tostr [/interface wireguard peers get $peerId name]] :local clientAddress [:tostr [/interface wireguard peers get $peerId client-address]] :set lastHandshake [/interface wireguard peers get $peerId last-handshake] :log warning "Wireguard Peer RESET | $peerName | ip: $clientAddress | Last Handshake $lastHandshake |" } :if ($loggingDisabled) do={ /system logging enable [find topics="info"] }} else={ :log error "Wireguard peer containing comment $vpnPeerComment not found"}Statistics: Posted by gargiuseppe — Sat Dec 28, 2024 1:15 pm