Item disappeared in the Cron task scheduler "Restart Wireguard service"

senseuser · September 01, 2023, 01:17:06 PM

Hi.
Item disappeared in the Cron task scheduler "Restart Wireguard service". This item was correct before. I had a task to restart Wireguard once a day. Now I can't create such a task because there is no corresponding item :(. What to do?

chemlud · September 01, 2023, 01:51:02 PM

Seriously? This ist absolutly essential for WG tunnels. Why should that be deleted?

I'm still waiting with the update to 23.7 to avoid such "surprises"...

meyergru · September 01, 2023, 01:52:13 PM

I do not know were that item went - but depending on what you want to achieve by that, you could probably use the "Renew DNS for Wireguard on stale connections". Probably this is what you want anyway.

chemlud · September 01, 2023, 02:58:03 PM

Quote from: meyergru on September 01, 2023, 01:52:13 PM
I do not know were that item went - but depending on what you want to achieve by that, you could probably use the "Renew DNS for Wireguard on stale connections". Probably this is what you want anyway.

Yepp, sounds like a new name for same purpose..

senseuser · September 01, 2023, 03:11:45 PM

Quote from: meyergru on September 01, 2023, 01:52:13 PM
you could probably use the "Renew DNS for Wireguard on stale connections"

I tried it and it didn't work. This item does not restart the service Wireguard - Connection is not reset, statistics are not reset

meyergru · September 01, 2023, 04:41:05 PM

As I said: Depending on what you are trying to accomplish. The new service does exactly what the name says. And no, it does not restart the Wireguard service unconditionally.

senseuser · September 01, 2023, 05:01:55 PM

Quote from: meyergru on September 01, 2023, 04:41:05 PM
Depending on what you are trying to accomplish.

As I wrote above, I need to completely restart the Wireguard service once a day. With connection reset and all statistics. Previously, this was possible using the "Restart the Wireguard service" item. This item has now disappeared. Am I explaining clearly?
Please return the item "Restart Wireguard service" :D

chemlud · September 01, 2023, 06:01:55 PM

It's a little effort with the console but you can have your own cron jobs in OPNsense, I have one for resetting states (after scheduled firewall rules expire).

https://forum.opnsense.org/index.php?topic=10740.msg49334#msg49334

If you find the old cron job in the source code you can bring it back on your own... ;-)

senseuser · September 01, 2023, 08:05:43 PM

Quote from: chemlud on September 01, 2023, 06:01:55 PM
If you find the old cron job in the source code you can bring it back on your own... ;-)

Oh... It's complicated. But anyway thanks for the advice. :)

franco · September 05, 2023, 09:32:57 AM

Arbitrary hard restart via cron is not something we need following a better integration of WireGuard as a core VPN service. Besides this gets more and more complicated as there is no service to "restart" anymore with a native kernel interface.

Sure, you can clear the stats, but the downsides of disconnecting on a schedule are not worth it and lead to larger complaints.

Cheers,
Franco

senseuser · September 05, 2023, 12:30:16 PM

Ok, thanks for the explanation

meyergru · September 05, 2023, 12:59:37 PM

Quote from: franco on September 05, 2023, 09:32:57 AM
Besides this gets more and more complicated as there is no service to "restart" anymore with a native kernel interface.

Even if this is off-topic:

Will there still be means of forcing a reconnect on stale connections? This is a vital functionality with dynamic IPs, because some connections can only be initiated from one side with CGNAT. If the other side is dynamic IP and stale connections cannot be detected (and re-connected with DynDNS resolution of the new IP (which Wireguard does not do on its own), you are out of luck for a "permanent" site-to-site VPN.

franco · September 05, 2023, 02:55:22 PM

> Will there still be means of forcing a reconnect on stale connections? This is a vital functionality with dynamic IPs

Is that a trick question? Did the protocol at hand design a solution for this? If yes good if not who is responsible to do the "vital" implementation if not the protocol itself?

As far as I understood the "renew" task can help. But the underlying issue is forcing ifconfig to resolve an address at runtime and writing the resulting IP address into the kernel. I'm not sure that's a great idea to begin with...

Cheers,
Franco

chemlud · September 05, 2023, 06:12:33 PM

Then keeping the plugin is the better solution? Still waiting with 23.7 till I'm definitely sure I don't loose dynDNs and Wireguard site-to-site with dynamic IPs...

meyergru · September 05, 2023, 08:12:15 PM

No, not a trick questtion at all but you gave the impression that the option of using my cron job to restart when the connection is stale would be removed. I sure hope you can still check if the connection is stale and restart it if not?

Item disappeared in the Cron task scheduler "Restart Wireguard service"

senseuser

September 01, 2023, 01:17:06 PM

chemlud

September 01, 2023, 01:51:02 PM #1

meyergru

September 01, 2023, 01:52:13 PM #2

chemlud

September 01, 2023, 02:58:03 PM #3

senseuser

September 01, 2023, 03:11:45 PM #4

meyergru

September 01, 2023, 04:41:05 PM #5

senseuser

September 01, 2023, 05:01:55 PM #6

chemlud

September 01, 2023, 06:01:55 PM #7

senseuser

September 01, 2023, 08:05:43 PM #8

franco

September 05, 2023, 09:32:57 AM #9

senseuser

September 05, 2023, 12:30:16 PM #10

meyergru

September 05, 2023, 12:59:37 PM #11

franco

September 05, 2023, 02:55:22 PM #12

chemlud

September 05, 2023, 06:12:33 PM #13

meyergru

September 05, 2023, 08:12:15 PM #14 Last Edit: September 05, 2023, 08:15:31 PM by meyergru