I am building a Wireguard tool for myself and I would like to receive events when a peer connects or disconnects. Does someone know if this is possible through some kernel API or EBPF?

  • Aren’t the keep-alive settings declared in the connection itself? Or are you saying some clients may not respect that?

    If OP controls both endpoints, it may be easier, but still: I know of no Wireguard implementation that provides hooks for something like this.

    Their best bet is probably their own SYN/ACK client-server solution - a dead-man’s switch, separate from Wireguard but connected only over that interface.

    • jrgd@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      Persistent keep alive is configured per connection by all peers (server and client typically). As I understand it, Wireguard’s peer-based architecture will let both client and server peers define an optional persistent keep alive timer in order to send heartbeat packets on interval. Otherwise Wireguard on either peer may keep opening and closing connections for inactivity (or get its connections forcefully closed externally) if traffic isn’t being regularly sent. This can occur even though the network interfaces for Wireguard on both communicating peers remain up.

      I do agree that running some kind of health-check handshake service over the Wireguard tunnel is an easy enough way to periodically check the state of the connection between peers.