Item disappeared in the Cron task scheduler "Restart Wireguard service"

[mater]

What does the new cron "Renew DNS for Wireguard in stale Connections" do?
Is it starting the script "reresolve-dns.sh" from the wireguard-tools provided by wireguard itself?
Then it should work!

@franco
The situation here is, that in germany for example many ISPs have dynamic IPs with forced reconnection once every 24 hours.
So we have to use a dyndns service for wireguard Connections!

[franco]

> Is it starting the script "reresolve-dns.sh" from the wireguard-tools provided by wireguard itself?

Yes and no. It's the same idea but a different script to avoid bash. It should already work without a cron job on a dynamic connection like PPPoE or DHCP.

> The situation here is, that in germany for example many ISPs have dynamic IPs with forced reconnection once every 24 hours.

Kann ich nachvollziehen.  ;)


Cheers,
Franco

[mater]

Sorry for the late reply!

Yes and no. It's the same idea but a different script to avoid bash. It should already work without a cron job on a dynamic connection like PPPoE or DHCP.

You mean the opnsense box will reresolve the dyndns address, when it self gets a new IP?

But to get the new IP of the peer (when changed) I need to run "Renew DNS for Wireguard in stale Connections" with cron. Am I right?

I now have set the cron to run every minute, so I can see today (the peers DSL is not very stable) or at least tomorrow (after the 24h reconnect) if it has worked  ;)

Kann ich nachvollziehen.  ;)

Aha, da spricht jemand deutsch :)

But for other users here, I keep writing in english, even when I'm really bad at it  :D

[mater]

@franco

1. your renew script is working  :)
2. I think I found the issue, why it resolves sometimes an old ip

I looked in the unbound stats and discovered that the url from the wireguard endpoint addess gets resolved with the unbound cache.
when this entry is old you get the old ip adress, even when the external dns server has the new ip.

Wouldn't it be better to always resolve the endpoint address of wireguard with the external dns server, that are setup @System/Settings/Gerneral ?
So no additional settings are necessary, to have the reresolve cronjob running.

[meyergru]

That will only be a problem when you test it, but seldomly in the real world:

All DNS entries have a lifetime, which should be short for DynDNS. All name servers along the way will expire those records after the lifetime has passed. If the DNS records still points to the old peer, the cron job will restart the connection anyway and after a short while, the connection should be up again.

However, note that the cronjob should be called periodically - the python script just checks all wireguard connections once and restarts them if neccessary. I do this every 5 minutes.