Switching between Wireguard Interface (random)

saphir · June 15, 2023, 6:03pm

Hello,

My script is looking for an interface starting with some name, disabling it, and enable a another interface with a random order.

:local activeInterface
:local inactiveInterfaces []

# Gather all WireGuard interfaces starting with "extWG" and find the active one
:foreach interface in [/interface find where name~"^extWG"] do={
    :local interfaceName [/interface get $interface name]
    :if ([/interface wireguard get $interface running] = true) do={
        :set activeInterface $interfaceName
        :log info ("Currently active interface: " . $interfaceName)
    } else={
        :set inactiveInterfaces ($inactiveInterfaces , $interfaceName)
        :log info ("Adding inactive interface to the list: " . $interfaceName)
    }
}

# Disable the currently active interface
:if ($activeInterface != "") do={
    :log info ("Disabling interface: " . $activeInterface)
    /interface set [find name=$activeInterface] disabled=yes
    :delay 1s
}

# Enable a WireGuard interface from the "inactiveInterfaces" list using a random index
:if ([:len $inactiveInterfaces] > 0) do={
    :local headers "Content-Type: text/plain"
    :local randomIndex ([/tool fetch url="https://www.random.org/integers//?num=1&min=1&max=18&col=1&base=10&format=plain&rnd=new" http-header-field=$headers as-value output=user ]->"data")
    :local randomIndexReal ($randomIndex->"data")
    :log info $randomIndex
    :log info $inactiveInterfaces
    :local interfaceToEnable [:pick $inactiveInterfaces $randomIndexReal]
    :do {
        :log info ("Enabling interface: " . $interfaceToEnable)
        :delay 1s
        /interface set [find name=$interfaceToEnable] disabled=no
        
        # Change the out-interface of the NAT rule with number 14 to match the new interface
        /ip firewall nat set 14 out-interface=$interfaceToEnable
    } on-error={
        :log warning "Error enabling interface."
    }
} else={
    :log warning "No inactive interfaces found to enable."
}

Everything is working quite well but when the script does switch to another interface he does not take care about the random number he got from random.org to select of the 18 wireguard interfaces and instead it selects only the first non-enabled interface.

I must have done something wrong with the :pick function but I’m out of idea now.

Thank you for your help!

rextended · June 16, 2023, 11:32am

The code looks like it was done with the feet by ChatGPT… Are you sure it’s your work?
If yes, it’s better that you at least study the basics…

The first error is to use external service for get the random number.
The second, from external service you get back one string, not one number… (for example, if is 16 the random number, you obtain 0x31 0x36 0x0A = “16\n”)
The third… too many errors… and dozen of useless instructions for nothing…

This is the correct working basis. Add the controls (like if at least two extWG exist, and at least one is disabled), and logging you need, yourself.

:local ifRegEx "^extWG"
/interface wireguard
:local disWiregrdArray [find where disabled=yes and name~$ifRegEx]
disable [find where name~$ifRegEx]
enable ($disWiregrdArray->[:rndnum from=0 to=([:len $disWiregrdArray] - 1)])

About this shit:

        # Change the out-interface of the NAT rule with number 14 to match the new interface
        /ip firewall nat set 14 out-interface=$interfaceToEnable

Never use “printed” numbers on scripts.
Add “extWG” inside on any point of the comment of the NAT rule, and do this:

/ip firewall nat set [find where comment~"extWG"] out-interface=([/interface wireguard find where disabled=no]->0)

saphir · June 16, 2023, 8:28pm

Hello,

Wow, that was quite fast and efficient thank you, and working.

rextended · June 16, 2023, 10:03pm

Thank you,
I always criticize because I hope people don’t just copy and paste, but understand what it does…

Sertik · June 23, 2023, 12:58pm

/ip firewall nat set [find where comment~“extWG”] out-interface=([/interface wireguard find where disabled=no]->0)

([/interface wireguard find where disabled=no]->0) ? Why use ->0 ?

Why not
/ip firewall nat set [find where comment~“extWG”] out-interface=[/interface wireguard find where disabled=no] ?

rextended · June 23, 2023, 4:28pm

If I write something it means that it must be there,
I always see a little further. Not quite, but enough…

How many interfaces you can specify on “out-interface” parameter?