Does it make sense to turn the Wireguard server off and on with such a bash script? - eviltoast

Hi, when I am at home I don’t need Wireguard, while when I go out of the house I would like it to turn on.

In summary by passing the mac address of my iPhone to the script, it is checked if it is present in the ARP table and if it is connected to the LAN by scanning with nmap. If I don’t find it connected, I starto Wireguard. If it is connected, however, I turn it off.

I was planning to schedule it with crontab every 15 minutes.

Do you see any potential security issues with that? Could it be done better?

network=192.168.1.0/24
if [ “$#” -ne 1 ]; then echo Usage example: $0 aa:bb:cc:dd:ee:ff; exit 2; fi;
nmap -sP -T4 $network >& /dev/null
ip=$(sudo arp -n | grep $1 | awk ‘ { print $1 }’)
ping $ip -n -q -c 2 -i 0.2 -w 1 >& /dev/null
if [ $? -eq 0 ]; then
   echo Device is online \($ip\)
   sudo wg-quick down wg0
   echo Wireguard killed
else
   echo Device is offline
   sudo wg-quick up wg0
   echo Wireguard started
   exit 1
fi;
  • BunnyEruption@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    What’s the point of this? If you don’t think wireguard is secure enough to leave running 24/7 I’m not sure only running it some number of hours a day is going to be much more secure?

    • subven1@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Some people turn off their router at night or when they leave home. Does it make sense? Not really. Can you still do it? Of course…

  • sidusnare@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’d use a state file, test for state change, and only run wg-quick on change. This way you can run every minute, and avoid weirdness about running up when already up or down when down.