One annoying issue with wireguard in OpenWRT is the fact that it won’t re-check DNS on connection failure. In the event that my public IP changes (dynamic IP) the OpenWRT wireguard client doesn’t ever get the memo, even when DNS is updated.
I discovered here that you can tell OpenWRT via the command line to stop and start the wireguard interface. This forces a new DNS check and then the tunnel builds successfully. The command:
ubus call network.interface.wg0 down && ubus call network.interface.wg0 up
Success! Throw this into a cron job and you have an automated failsafe to ensure a reconnect after IP change.
Update 2024-01-16
Here is an example of a cron job to accomplish this:
https://forum.openwrt.org/t/restart-wireguard-via-cli/51935/9
#!/bin/sh
#modified from https://openwrt.org/docs/guide-user/base-system/cron
#modified to use logger for global logging instead of scriptlogfile & added infinite reboot protection for reboot
# Prepare vars
DATE=$(date +%Y-%m-%d" "%H:%M:%S)
#logFile="/persistlogs/syslog"
# Ping and reboot if needed
#YOUR WIREGUARD PEER
CHECKHOSTNAME="192.168.X.X"
notification_email="YOUR@EMAIL.ADRESS"
VPNINTERFACE="wgvpn0"
ping -c3 $CHECKHOSTNAME
if [ $? -eq 0 ]; then
echo "ok"
logger $(echo "${DATE} - $0: OK - $VPNINTERFACE UP AND RUNNING")
else
echo "RESTART wgvpn0 Interface"
Alternative/perhaps just as useful in crontab:
*/5 * * * * /usr/bin/wireguard_watchdog > /dev/null 2>&1
(OWRT 21.02)