[SOLVED] Wireguard with two WAN Interfaces - to which is it listening?

[knebb]

Hi all,

I recently added a second WAN interface (one fiber and one DSL now) and it is working really fine (using by default both interfaces, in case of a failing line just using the remaining one).

Wireguard is working fine, my clients (road warrior setup) can easily connect to the local LAN.,

Now due to a excavator digging too deep the fibre line was cut. No worries, the DSL was still ok and I did not even really notice the cut of the line.

Additional Information: I do not use DynamicDNS so the DSL line get a new IP address every time. Therefore my clients are fixed to use the fiber-IP when connecting to Wireguard.

But Wireguard had some serious hickup and I had to do some manual steps (restart....) to get it back up and running after the line was back.

My questions regarding my setup:

• To which of the two WAN interface is Wireguard listening? Is this configurable?
• How can I figure out to which is it listening?
• Can I use DynamicDNS to make sure the client will always use the active IP?

Thanks for letting me know and any hints.

/KNEBB

[Monviech (Cedrik)]

Wireguard is bound to ANY interface. You can see that with:

Code Select Expand

netstat -an

Code Select Expand


udp6       0      0 *.51820                *.*                   
udp4       0      0 *.51820                *.*   


So it listens to both WAN connections if the firewall allows it, and it shouldn't matter which WAN line receives the wireguard packets. Wireguard answers with the WAN that is the current default gateway.

You can't use dynamic DNS since Wireguard only resolves hostnames once when it is started. Using a dynamic DNS name means you have to restart the connection one time when the IP changes. So you would have to trigger a restart of the service when IPs change.

[knebb]

Hi,

thanks for your reply. I realized I did not have the ALLOW filters set on my second WAN interface. So when the first one dropped the client was not able to connect anyways.  ::) Wireguard indeed was listening to both interfaces.

Following now the dynamic DNS part.

I now have a fixed IP interface (fibre) and a dynamic IP interface (DSL). The second one with dynDNS configured.

Is there any chance to configure my (Debian-) client to try the second interface when the connection drops? Just when reconnecting?

Thanks!

/KNEBB

[knebb]

Nevermind.

Created my own script on the client which runs based on /etc/crontab.

Code Select Expand

#!/bin/bash

#!/bin/bash
#set -x
#logger "BACKUP started"
IP="10.10.10.1"
static="123.45.78.97"   # is static address

function reset()
{
ifdown wg0
sleep 2s
ifup wg0
sleep 10s
return
}

function test()
{
OK=0
ping -i 1 -c 1 -q $1 &>/dev/null ||OK=1
echo $OK
}

function replace()
{
# get current dynIP
new=( $(host dyn.dns.fqdn|grep address|awk -F\  '{ print $4 }') )
old=`grep "dyn.dns.fqdn" /etc/hosts|awk -F\  '{ print $1 }'`
if [ "$static" = "$old" ]; then
sed -i "0,/$old/s//$new/" /etc/hosts
else
if [ "$new" = "$old" ]; then
sed -i "0,/$old/s//$static/" /etc/hosts
else
sed -i "0,/$old/s//$new/" /etc/hosts
fi
fi
return
}


BO=0
BO=$(test $IP )
while [ $BO -eq 1 ]
do
echo "Verbindung fehlerhaft"
replace
reset
BO=$(test $IP )
if [ $BO -eq 1 ]; then
sleep 10m
BO=$(test $IP )
fi
done


I had not time to test, though. But it should work.

Thanks for your input!
/KNEBB