[arm-allstar] Solution to a VPN startup problem

Doug Crompton wa3dsp at gmail.com
Thu Mar 12 23:18:57 EDT 2020 

I wonder if this would solve your problem? There is a lot of talk about
this and apparent attempts to fix it. Google - wireguard wait for dns

https://forum.openwrt.org/t/wireguard-problem-with-resolving-peer/40830


*73 Doug*

*WA3DSP*

*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*

On Thu, Mar 12, 2020 at 8:45 PM "Chuck Munro via ARM-allstar" <
arm-allstar at hamvoip.org> wrote:

> Hello list,
>
> I thought I should pass along a tip regarding problems I had starting a
> VPN client on one of the Allstar hamvoip RaspPi-3's used at the ends of
> a split-site repeater link.  Each reboot would fail to automatically
> bring up the VPN client.
>
> I had successfully installed the WireGuard VPN software in hamvoip, but
> one end of the link kept failing to start the client because it couldn't
> resolve my ISP's dynamic IP address for the FQDN of a ddns aliased
> domain.  The network on the Pi-3 just didn't settle quickly enough to
> resolve a DNS query.  I use 1.1.1.1 as the DNS resolver and  DYN's ddns
> service for aliasing.
>
> I guess I could have figured out a different dependency in the systemd
> recipe for the WireGuard unit file, but being a shell scripter I decided
> to do it the easy way (for me) ... keep pinging the FQDN until it
> resolves correctly, then proceed with starting the WireGuard client.
>
> Here is the Bash script that does the job.  A small modification of the
> WireGuard systemd recipe is also required, as shown in the comments
> below.  For anyone not familiar with shell scripting details, note that
> "#!/bin/bash" MUST be the very first line in the script, otherwise it
> will fail under systemd.  This script will stop after 10 failed
> attempts, 1 second apart.
>
> I hope this might ease someone else's pain when trying to bring up a
> remote Allstar node's WireGuard VPN client connection.
>
> ----------------------------------
>
> #!/bin/bash
>
> ##   /usr/local/bin/StartWireGuard.sh     2020-03-12  Chuck  VA7UL
>
> # Script to test-ping the IP address of the WireGuard VPN server until
> success,
> # then start the WireGuard client.
> # This gives a DNS lookup of an aliased FQDN time to work after system
> boot.
> # Could use the IP address if applicable.
> # Set permissions to 755 owned by root.
>
> # Modify the [Service] section of the  wg-quick at xxx.service systemd unit
> file
> # in  /lib/systemd/system/  to exec this shell script .....
> #
> #   [Service]
> #   Type=oneshot
> #   RemainAfterExit=yes
> #   ExecStart=/usr/local/bin/StartWireGuard.sh %i
> #   ExecStop=/usr/bin/wg-quick down %i
> #   Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity
> #
>
> ConfigFile=${1:-/etc/wireguard/wg0.conf}   # Default
> '/etc/wireguard/wg0.conf' if not provided.
> Count=0
> MaxTries=10
> Returncode=2
>
> # This FQDN or IP value MUST match that in the wg conf file!!
> WireGuardServer="your VPN server FQDN or IP Address"       # Use the
> quotes.
>
> # Ping the FQDN or IP address until it returns a zero success:
> while true
> do
>      ping -c 1 ${WireGuardServer} >/dev/null 2>&1
>      Returncode=$?
>      if [ ${Returncode} -eq 0 ]
>      then
>          break
>      fi
>      let Count+=1
>      if [ ${Count} -ge ${MaxTries} ]
>      then
>          echo "Failed pinging the VPN server after ${MaxTries} tries.
> Quitting VPN setup."
>          exit 1
>      fi
>      sleep 1
> done
>
> # Found the VPN serever, start the local client service:
> echo "Ping of ${WireGuardServer} successful.  Starting VPN client."
> /usr/bin/wg-quick up ${ConfigFile}
>
> ----------------------------------
>
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org

More information about the ARM-allstar mailing list