> On Nov 16, 2024, at 12:41, Stuart Henderson <[email protected]> wrote:
>
> What do you mean by "refresh the connection”?
Hi Stuart,
I’m glad you replied, because I’m sure you have a much deeper understanding of
how wireguard works than me. I think wgpka is probably working as intended, and
a network appliance somewhere in the middle of the route has forgotten about
the state, and keepalive packets are not enough at that point.
I *think* that running “sh /etc/netstart wg0” will fix the issue in my case by
sending some new packets to the server (?) I know from previous experience that
a simple reboot will re-establish the wireguard tunnel. Maybe a simple ping
will get it going again, but it’s difficult for me to get to the failed client
at this moment.
I will be able to test out my “fix,” which would just be to run /etc/netstart
on the interface again. Here’s what I’ve hacked together in ifstated.conf and
plan on trying out if continuous pings don’t work. The goal would be to keep
trying “sh /etc/netstart wg0” at some interval until the tunnel becomes
responsive
tunnel_up = '"ping -q -c 1 -w 5 [server ip] >/dev/null 2>&1" every 10'
state wg_up {
if ! $tunnel_up {
run "logger -st ifstated 'wireguard tunnel down'"
set-state wg_down
}
}
state wg_down {
init {
run "sleep 20 && sh /etc/netstart wg0"
}
if $tunnel_up {
run "logger -st ifstated 'wireguard tunnel up'"
set-state wg_up
}
if ! $tunnel_up {
set-state wg_down
}
}
