Wireguard peer changed public IP

I have a Openwrt router, with Valid IP and DDNS services up and running fine.

My Fedora Notebook, behind NAT, can form wg tunnel with my router with the DDNS hostname:port without issues.

Until, I force my router to renew its Valid IP.

  • tunnel is not working once Router IP is changed
  • Notebook’s wg interface keep using the old IP
  • Router has no means to estable tunnel to Notebook as it is behind NAT.

I can think of setting a timer job to restart the wg tunnel at the Notebook side. Is there a better way to configure the Notebook to restart the wg tunnel once it is broken?

1 Like

It appears to be a common issue for the WireGuard protocol.
Here’s a solution for OpenWrt:
openwrt/wireguard_watchdog at master · openwrt/openwrt · GitHub
You can try to adjust it for Fedora.

Actually, there’s another script:
reresolve-dns « contrib - wireguard-tools - Required tools for WireGuard, such as wg(8) and wg-quick(8)
It should be a part of the wireguard-tools package.

1 Like