Posted: Fri Dec 01, 2023 22:28 Post subject: Wireguard Commands to Enable or Disable Tunnels
Just wanted to share a couple scripts for anyone interested in switching or disabling WG tunnels using SH commands. Hopefully this will save some search time to those looking for such a solution.
The DISABLE script will fully disable and stop WHATEVER WG tunnel is active without having to specify the interface name. The ENABLE script will prompt for the single digit number of what oet<x> tunnel you would like to enable.
# Disable Current Tunnel:
Code:
INTERFACE=$(ifconfig -a | awk '/oet/{print $1}')
nvram set ${INTERFACE}_en=0 && nvram commit && /etc/config/eop-tunnel.prewall 1>/dev/null && sleep 1 && /etc/config/eop-tunnel.firewall 1>/dev/null && echo "Interface ${INTERFACE} is now disabled."
# Enable Specific Tunnel (enter ONLY single digit, i.e. entering "3" will enable oet3):
Code:
read -p "Enter the interface number: " INTERFACE_NUMBER;INTERFACE="oet${INTERFACE_NUMBER}" && nvram set ${INTERFACE}_en=1 && nvram commit && /etc/config/eop-tunnel.prewall 1>/dev/null && sleep 1 && /etc/config/eop-tunnel.firewall 1>/dev/null && echo "Interface ${INTERFACE} is now enabled."
# name: wireguard-toggle.sh
# version: 0.92 beta, 14-dec-2023, by egc
# purpose: Toggle WireGuard tunnels on/off, show status and log
# script type: standalone
# installation:
# 1. enable jffs2 (administration->jffs2) or use USB stick for storage with /jffs
# 2. change to directory in which you want the script to download e.g.: cd /jffs
# 3. download script from github with:
# curl -LJO https://raw.githubusercontent.com/egc112/ddwrt/main/wireguard-toggle.sh
# or
# wget --no-check-certificate --content-disposition https://raw.githubusercontent.com/egc112/ddwrt/main/wireguard-toggle.sh
# 3. make this script executable with chmod +x /jffs/wireguard-toggle.sh
# 4. run from command line with/jfss/wireguard-toggle.sh
# If you do not have persistent storage you can reinstall the script automatically on reboot by adding
# the following to Administration > Commands and Save as Startup:
# sleep 10
# cd /tmp
# curl -LJO https://raw.githubusercontent.com/egc112/ddwrt/main/wireguard-toggle.sh
# chmod +x wireguard-toggle.sh
# usage:
# toggle tunnels to enable/disable the tunnel and restart wireguard
# limitations:
# - requires dd-wrt build 52241 or later
This script will pick the lowest ping time tunnel IP address and if better than current tunnel IP, it will switch it. If the lowest ping IP is the same IP as the current tunnel, it doesn't switch tunnel and leaves things as they are. Adjust echo log file output to your setup of course.
Code:
#!/bin/sh
timestamp=$(date '+%Y-%m-%d %H:%M:%S')
ip_addresses="
<ip_address>
<Ip_address>
<Ip_address>
"
count=1
output=$(for ip in $ip_addresses; do
average_time=$(ping -c 1 "$ip" | grep "round-trip min/avg/max" | awk '{print $4}' | cut -d '/' -f 2)
printf "%-3s %-15s %-10s \n" "$count" "$ip" "${average_time}ms"
count=$((count + 1))
done | sort -nk 3)
echo "$output" | tee -a /tmp/linksys.log
top_result=$(echo "$output" | head -n 1)
lowest_ping_ip=$(echo "$top_result" | awk '{print $2}')
lowest_ping_interface=$(echo "$top_result" | awk '{print $1}')
INTERFACE=$(ifconfig -a | awk '/oet/{print $1}')
if [ "$INTERFACE" != "oet$lowest_ping_interface" ]; then
nvram set ${INTERFACE}_en=0
nvram commit
/etc/config/eop-tunnel.prewall 1>/dev/null
sleep 1
/etc/config/eop-tunnel.firewall 1>/dev/null
echo "Disabled $INTERFACE interface at $timestamp." | tee -a /tmp/linksys.log
else
echo "$INTERFACE is already the best WG interface at $timestamp." | tee -a /tmp/linksys.log
exit 0
fi
INTERFACE=oet$lowest_ping_interface
nvram set ${INTERFACE}_en=1
nvram commit
/etc/config/eop-tunnel.prewall 1>/dev/null
sleep 1
/etc/config/eop-tunnel.firewall 1>/dev/null
echo "Enabled $INTERFACE interface at $timestamp." | tee -a /tmp/linksys.log
Forgot to add that you can change the number of pings and it picks from the best average ping time. So just change "-c 1" to a reasonable number, probably not more than 5. More than 1 will slow script of course...