Rough POC (Proof of Concept)
Define script to toggle WG peer settings:
/system script
add dont-require-permissions=no name=ToggleWGPeer owner=*** policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
source="
:delay 25
/interface wireguard peer disable 0
:delay 5
/interface wireguard peer enable 0
:log info \"WGPeer toggled\"
"
Define schedule for earlier created script:
I used 2 minute period here, adjust as needed for your own purposes.
/system scheduler
add disabled=yes interval=2m name=ScheduleWGToggle
on-event="/system script run ToggleWGPeer"
policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=may/01/2022 start-time=11:34:35
Define Netwatch up/down actions:
Assuming address to be verified "on the other side" is 10.255.255.1 (change as needed for your purposes)
Assumption 2: run every minute (in most cases there is nothing to do... but I prefer not to wait too long when something does go haywire)
/tool netwatch
add down-script="
log warning \"NETWATCH - WG Down\"
/system scheduler set ScheduleWGToggle disabled=no"
host=10.255.255.1
up-script="/system scheduler set ScheduleWGToggle disabled=yes"
Tested on mAPLite lying around here. Manually disabled WG Peer and after some time, the flow starts ...
- Scheduler gets enabled
- Script is run
- WG peer status is toggled
- Other side is reachable again and scheduler gets disabled.
So I think this might work