Quick post:
I've been using Wireguard to connect to my offsite back-up server while a little while now. It works quite well, but I've encountered an issue with one of it's limitations: dynamic IP addresses.
The remote network has a dynamic IP address and uses dynamic DNS to provide a resolution. This works perfectly fine when initializing the WG interface, but if the IP changes afterwards, WG does not attempt to re-resolve the domain name. The only way to restore the link is to restart the WG service.
This limitation isn't much of a problem for static IPs or devices that routinely disconnect and re-connect (like a cell phone or laptop), but when trying to run two servers with a 24/7 connection, it poses a problem.
Luckily, I think it's a problem with a simple solution:
#/bin/sh
if ping -c 1 10.10.0.15 > /dev/null 2>&1; then
echo "success"
else
echo "failure, restarting interface"
curl -s \
--form-string "token=$PUSHOVERTOKEN" \
--form-string "user=$PUSHOVERUSER" \
--form-string "message=Lost Connection to remote server - Restarting VPN" \
https://api.pushover.net/1/messages.json > /dev/null 2>&1
ifdown wg_remote
sleep 5
ifup wg_remote
fi
I created this script which periodically runs on my router via cron. If the router can ping the remote server via it's WG address (10.10.0.15), we assume that the VPN is functioning. If the ping fails, it sends me a quick FYI via Pushover, then brings the VPN interface (wg_remote) down, waits a few seconds, then brings it back up, triggering the domain resolution.
It's simple, but it seems to work.