Community discussions

MikroTik App
 
joshhboss
Member Candidate
Member Candidate
Topic Author
Posts: 273
Joined: Thu Aug 01, 2019 2:13 pm

Fix wireguard Scripts

Wed Jan 04, 2023 1:55 am

I have this script ive been using on my Ubiquiti Edge Routers and it has been amazing. Constantly solves a DNS weirdness that happens when a site might change its public address. I was hoping there was a way to create the same one here for Mikrotik because ive already had my HEX poe go offline and from my Management WG network.
#!/bin/bash
logger -t wg2_check start
#ping tunnel wg2
if ps aux | grep -v grep | grep -q wg2; then
logger -t vpncheck wg2 is up, check L3 connectivity
if ! /bin/ping -c 2 -W 2 -I wg2 10.77.74.1 &>/dev/null; then
logger -t wg2_check no L3 connectivity, restarting wg2
if [ 'vyattacfg' != $(id -ng) ]; then
exec sg vyattacfg -c "$0 $@"
fi
cw=/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper
$cw begin
# delete endpoint and commit
$cw delete interfaces wireguard wg2 peer ASDFOIJDFOSJADFOJDSAFOASDMFIOENFiosdjf= endpoint
$cw commit
# set endpoint and commit
$cw set interfaces wireguard wg2 peer ASDFOIJDFOSJADFOJDSAFOASDMFIOENFiosdjf= endpoint my.wireguard.enpoing:56545
$cw commit
# end configure mode
$cw end
logger -t wg2_check wg2 restarted
else
logger -t wg2_check L3 connectivity is ok
fi
else
logger -t wg2_check wg2 is administratively down
fi
logger -t wg2_check end
 
joshhboss
Member Candidate
Member Candidate
Topic Author
Posts: 273
Joined: Thu Aug 01, 2019 2:13 pm

Re: Fix wireguard Scripts

Wed Jan 04, 2023 4:06 am

I did find this but I dont know really how to apply the script.. I tried messing with it but I dont know what im doing wrong..
{; # BeginOfScript

# scripted by msatter
# function: bring up stalled WireGuard interfaces after restart of the router

:local timesRetried 15; # how many times WireGuard is tried to be restarted
:local loopDelay "10s"; # (loopDelay * timesRetried ) = total timeout
:local restarted true; # set default to true
:local domainResolved false # also checking if the endpoint domain-names could be resolved
:local retried 0; # set to starting value

while ( $restarted && ( $retried < $timesRetried ) ) do={ # loop till all Wireguard interfaces are working or there the maximum retries is reached
:set $restarted false
:foreach wg in=[/interface/wireguard/find disabled=no] do={
:local peer [/interface/wireguard/get $wg name]
# scripted by Anav looking for domain names. Adapted by msatter. ( /in/ = /interface/ )
:foreach i in=[/in/wireguard/peers/find interface=$peer endpoint-address~"[a-z]\$"] do={
:if ([:resolve [/interface/wireguard/peers/get $i value-name=endpoint-address]]) do={ :set $domainResolved true
:set $lastHandshake [/in/wireguard/peers/get $i last-handshake]
:if (([:tostr $lastHandshake] = "") || ( $lastHandshake > [:totime [/in/wireguard/peers/get $i persistent-keepalive]])) do={
/in/wireguard/ disable $peer; :delay 1s; /in/wireguard/ enable $peer; # restarting the WireGuard connection
:set $restarted true
}; # EndIf
}; # EndIf
}; # EndForeach
}; # EndForeach
:if (restarted) do={
:put "Check loop: $retried"
:set $retried ($retried + 1)
:put "Checking loop: $retried"
:delay $loopDelay; # waiting time till following check
}; #EndIf
}; # EndWhile
:if ( !$domainResolved ) do={:put "One or more domains could not be resolved, all/some domain based endpoints could not be brought up in the set time of ($timesRetried * $loopDelay)"} else={
:if ( $restarted && ( $retried > $timesRestied ) ) do={:put "Not all WireGuard interfaces could be brought up in the set time of ($timesRetried * $loopDelay)"}
:if ( !$restarted && ( $retried > 0 ) ) do={:put "No WireGuard interfaces are down, after $retried retries"}
:if ( $retried = 0 ) do={:put "No WireGuard interfaces had to be restared"}
}; # EndElse
}; #EndOfScript
Help :(
 
joshhboss
Member Candidate
Member Candidate
Topic Author
Posts: 273
Joined: Thu Aug 01, 2019 2:13 pm

Re: Fix wireguard Scripts

Wed Jan 04, 2023 4:26 am

And now ive found this one but I dont know if I need to make any changes to it.. how to run it.. how to check if it is working.. how to set it to run every few minutes.. im lost.. but I am trying im going through forum posts and seeing what I can do.. any tips would be greatly appreciated.
{; # BeginOfScript

# scripted by msatter
# function: bring up stalled WireGuard interfaces after restart of the router

:local timesRetried 15; # how many times WireGuard is tried to be restarted
:local loopDelay "10s"; # (loopDelay * timesRetried ) = total timeout
:local restarted true; # set default to true
:local domainResolved false # also checking if the endpoint domain-names could be resolved
:local retried 0; # set to starting value

while ( $restarted && ( $retried < $timesRetried ) ) do={ # loop till all Wireguard interfaces are working or there the maximum retries is reached
:set $restarted false
:foreach wg in=[/interface/wireguard/find disabled=no] do={
:local peer [/interface/wireguard/get $wg name]
# scripted by Anav looking for domain names. Adapted by msatter. ( /in/ = /interface/ )
:foreach i in=[/in/wireguard/peers/find interface=$peer endpoint-address~"[a-z]\$"] do={
:if ([:resolve [/interface/wireguard/peers/get $i value-name=endpoint-address]]) do={ :set $domainResolved true
:set $lastHandshake [/in/wireguard/peers/get $i last-handshake]
:if (([:tostr $lastHandshake] = "") || ( $lastHandshake > [:totime [/in/wireguard/peers/get $i persistent-keepalive]])) do={
/in/wireguard/ disable $peer; :delay 1s; /in/wireguard/ enable $peer; # restarting the WireGuard connection
:set $restarted true
}; # EndIf
}; # EndIf
}; # EndForeach
}; # EndForeach
:if (restarted) do={
:put "Check loop: $retried"
:set $retried ($retried + 1)
:put "Checking loop: $retried"
:delay $loopDelay; # waiting time till following check
}; #EndIf
}; # EndWhile
:if ( !$domainResolved ) do={:put "One or more domains could not be resolved, all/some domain based endpoints could not be brought up in the set time of ($timesRetried * $loopDelay)"} else={
:if ( $restarted && ( $retried > $timesRestied ) ) do={:put "Not all WireGuard interfaces could be brought up in the set time of ($timesRetried * $loopDelay)"}
:if ( !$restarted && ( $retried > 0 ) ) do={:put "No WireGuard interfaces are down, after $retried retries"}
:if ( $retried = 0 ) do={:put "No WireGuard interfaces had to be restared"}
}; # EndElse
}; #EndOfScript
 
joshhboss
Member Candidate
Member Candidate
Topic Author
Posts: 273
Joined: Thu Aug 01, 2019 2:13 pm

Re: Fix wireguard Scripts

Wed Jan 04, 2023 5:14 am

OKKKK I was able to find get some success with this..
:local wgcheckip 10.X.X.X
:local endpointip my.ddns.com
#:log info "wg check-ip $wgcheckip "
:if ([/ping 10.X.X.x interval=1 count=5] =0) do={
:log info "WG down $wgcheckip"
/interface/wireguard/peers/disable [find endpoint-address=my.ddns.com];
:delay 60
/interface/wireguard/peers/enable [find endpoint-address=my.ddns.com];
:log info "WG up again $wgcheckip"
}
But I had to mess with it for a bit.. wow this post* is insanely helpful!!

viewtopic.php?t=182340

I think I entered it right and I have it on a scheduler and it seems to be working..

Who is online

Users browsing this forum: No registered users and 20 guests