I have recently experimented with making my own management client for #wireguard VPN connections.
The client would run on a devices for which I cannot control the power nor can you ssh into them, hence I need a reliable healthcheck that I can run on devices to trigger fix-up code in case the tunnel is down.
Of course, using a ping would help me get an idea if my outgoing network is working at all, but it won't tell me if the traffic goes through the tunnel.
Also, I know that there is a #wireguard interface created on system. How can I tell if that interface is operational and configured to allow for traffic to go through?
I doubt it would be as simple as forcing the same ping go through the wireguard typed interface?
Maybe, if I also check that the #wireguard interface actually exists and has UP as well as LOWER_UP as state flags set would do the trick?
But then, I believe one can still mis-configure routing table that makes traffic to not go through tunnel. Do I need to ensure my healthcheck also measures this?
Guess needs more looking... but maybe someone else has first hand experience on how to do this or not do this?
Top comments (0)