On Fri, Jan 5, 2024 at 10:45 AM Christof Hanke <christof.hanke@mpcdf.mpg.de> wrote:
as far as I remember reresolve-dns.sh was never part of the rpm. If you use the "PersistentKeepAlive" option, your tunnel should survive. If both IPs change simultaneously, then you need the re-resolve-script, I guess.
i checked the tunnel today and no traffic was passing through. I also checked the router logs when the broadbad on both sides has possibly changed its addresses, and it was like an hour or so apart, so it should have survived by re-establishing the still known valid side from one side or the other whichever side one would look into it from? too bad it didnt though or I have yet to understand how wg sets up the endpoint stuff exactly? my wg0.conf files has endpoint hostnames (dynamic dns provider) on both sides. a ddclient service (systemd) run on both ends, both leap 15.5 that gets updated to the newly changed public ipv4 within 5minutes or so upon ipv4 change. the tunnel still wasnt valid and working any more until I wg-quick down wg0 and wg-quick up wg0 on both sides of the tunnel, on both leap 15.5 machines. I somewhere once? read that the wg scripts and what not resolve the endpoint hostname exactly once into a then-valid ip address and use that as the actual config and network layer or so. But does it not update or amend or modify the actual ip address into the more-current ip address due to the flow of proper and security-authenticated packets still coming in from the still unchanged side of the wg tunnel? that was my understanding from consulting some discussions or documentations and theory in the past. apparently something is more complex or it doesnt actually work this way? i wish it would be simpler. I have not yet made use of systemd to create a service? for the wg0 stuff on both sides, I only use wg-quick just yet. how would I then use this script? also from yet another systemd service to be running it from? or via some simpler crontab or something? thanks for all the input and hints. ty