Sign in Subscribe
wireguard

Wireguard Tunnel Monitoring & Auto-Restart with Shoutrr Notifications

Automate Wireguard Tunnel Monitoring, Restart, and Receive Shoutrr Notifications.

Gregg

2 min read
Wireguard Tunnel Monitoring & Auto-Restart with Shoutrr Notifications
Photo by Oleg Laptev / Unsplash

I use this script which pairs a BASH script running as a cronjob with Shoutrr to monitor and attempt to auto-correct Wireguard tunnel faults. The script uses Shoutrr to notify me via Discord if the tunnel went down, if the tunnel restarted, or if the tunnel failed to restart.

Install go - find the latest version here: https://go.dev/dl/

wget https://go.dev/dl/go1.21.4.linux-amd64.tar.gz && rm -rf /usr/local/go && tar -C /usr/local -xzf go1.21.4.linux-amd64.tar.gz && export PATH=$PATH:/usr/local/go/bin

Install Shoutrr using go

GOBIN=/usr/local/bin/ go install github.com/containrrr/shoutrrr/shoutrrr@latest

Create a new shell file and paste in the following script. I store my scripts at /root/scripts/.

This script will need tailored to your environment. You'll need to set a Shoutrr service URL. See Shoutrr docs: https://containrrr.dev/shoutrrr/v0.8/services/discord/. You'll also need to set an IP address for 'testip' to an IP that will be pingable on the other end of the tunnel to monitor tunnel state.

mkdir -p /root/scripts
cd /root/scripts
nano wg-check.sh
#!/bin/bash

# Shoutrrr notifications
# Docs: https://containrrr.dev/shoutrrr

# Define a reliable IP address to ping as a healthcheck on the other side of the tunnel.
testip="<IP>"
# Define a single wireguard tunnel to monitor and restart
wgtun="wg0"
# Defines date and time
dt=$(date '+%d/%m/%Y %H:%M:%S');
# Shoutrrr notification URL
shoutrrurl="discord://<token>@<webhookid>"
# Tunnel restart message
tunrestart="$HOSTNAME: $dt - The $wgtun tunnel restarted successfully."
# Tunnel down message
tundown="$HOSTNAME: $dt - The $wgtun tunnel is down. Attempting to restart."
# Tunnel failed message
tunfail="$HOSTNAME: $dt - The $wgtun tunnel failed to start. Trying again in the next cron interval, typicaly 1 minute."

ping -c1 $testip > /dev/null
if [ $? -eq 0 ]
        then
exit 0
ping -c1 $testip > /dev/null
else [ $? -ne 0 ]
        echo "$tundown"
        /usr/local/bin/shoutrrr send --url "$shoutrrurl" --message "$tundown"
        systemctl restart wg-quick@$wgtun.service;
        ping -c1 $testip > /dev/null
        if [ $? -eq 0 ]
                then
                echo "$tunrestart"
                /usr/local/bin/shoutrrr send --url "$shoutrrurl" --message "$tunrestart"
        else
                echo "$tunfail"
                /usr/local/bin/shoutrrr send --url "$shoutrrurl" --message "$tunfail"
        fi
fi

wg-check.sh

Add a Crontab for the script which triggers every minute or change to the interval that works best for your environment.

See https://crontab.guru/ for configuring crontabs quickly.

* * * * * /root/scripts/wg-check.sh

Give the monitoring script a test by faulting the Wireguard tunnel on either end - bring the tunnel down. The script should restart the tunnel automatically and send appropriate alerts.