alectrocute/wg-watchdog.sh

## wg-watchdog.sh
# cron example (wg-watchdog.sh being this file):
# 58 0-7 * * * /root/wg-watchdog.sh

# start config
USERNAME='root'
PASSWORD='mypassword'
HOST='192.168.8.1'

WG_PEER_IP='123.456.5.4'
WG_GROUP_ID=4910 # find in browser devtools
WG_PEER_ID=6132  # find in browser devtools
# end config

log() {
  echo "wg-watchdog $(date '+%Y-%m-%d %H:%M:%S') $1"
}

log "Attempting to turn off and on WireGuard client (if needed)..."

# make sure dependencies are installed
if opkg status jq | grep -q 'Installed-Time'; then
  continue
else
  log "Installing jq package..."
  opkg install jq
  log "Finished installing jq package!"
fi

IPIFY_RESPONSE=$(curl -s 'https://api.ipify.org?format=json')
CURRENT_IP=$(jq -n "$IPIFY_RESPONSE" | jq '.ip' | tr -d '"')

if [ "$CURRENT_IP" == "$WG_PEER_IP" ]; then
  log "VPN is working correctly, IP address is $CURRENT_IP!"
  log "Exiting watchdog script..."
  exit 1
else
  log "VPN is not working correctly, IP address is $CURRENT_IP which doesn't match $WG_PEER_IP. Restarting WireGuard..."
fi

log "Attempting to authenticate with GL.iNet web application..."

CHALLENGE_RESPONSE=$(curl -X POST \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"challenge","params": {"username": "'$USERNAME'"},"id": 0}' \
  http://$HOST/rpc \
  -s)

ALG=$(jq -n "$CHALLENGE_RESPONSE" | jq '.result.alg' | tr -d '"')
SALT=$(jq -n "$CHALLENGE_RESPONSE" | jq '.result.salt' | tr -d '"')
NONCE=$(jq -n "$CHALLENGE_RESPONSE" | jq '.result.nonce' | tr -d '"')

CIPHER_PASSWORD=$(openssl passwd -1 -salt "$SALT" "$PASSWORD")

HASH=$(echo -n "$USERNAME:$CIPHER_PASSWORD:$NONCE" | md5sum | cut -d' ' -f1)

SID=$(curl -X POST \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"login","params": {"username": "'$USERNAME'", "hash": "'$HASH'"},"id": 0}' \
  http://$HOST/rpc \
  -s |
  jq '.result.sid' |
  tr -d '"')

log "Finished authenticating with GL.iNet web application!"
log "Attempting to turn off WireGuard client..."

WIREGUARD_OFF_RESPONSE=$(curl -X POST \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"call","params":["'$SID'","wg-client","stop", {}],"id": 0}' \
  http://$HOST/rpc \
  -s)

log $WIREGUARD_OFF_RESPONSE

log "Attempting to turn on WireGuard client..."

WIREGUARD_ON_RESPONSE=$(curl -X POST \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"call","params":["'$SID'","wg-client","start",{"group_id":'$WG_GROUP_ID',"peer_id":'$WG_PEER_ID'}],"id":0}' \
  http://$HOST/rpc \
  -s)

log $WIREGUARD_ON_RESPONSE

log "Complete!"
	# cron example (wg-watchdog.sh being this file):
	# 58 0-7 * * * /root/wg-watchdog.sh

	# start config
	USERNAME='root'
	PASSWORD='mypassword'
	HOST='192.168.8.1'

	WG_PEER_IP='123.456.5.4'
	WG_GROUP_ID=4910 # find in browser devtools
	WG_PEER_ID=6132 # find in browser devtools
	# end config

	log() {
	echo "wg-watchdog $(date '+%Y-%m-%d %H:%M:%S') $1"
	}

	log "Attempting to turn off and on WireGuard client (if needed)..."

	# make sure dependencies are installed
	if opkg status jq \| grep -q 'Installed-Time'; then
	continue
	else
	log "Installing jq package..."
	opkg install jq
	log "Finished installing jq package!"
	fi

	IPIFY_RESPONSE=$(curl -s 'https://api.ipify.org?format=json')
	CURRENT_IP=$(jq -n "$IPIFY_RESPONSE" \| jq '.ip' \| tr -d '"')

	if [ "$CURRENT_IP" == "$WG_PEER_IP" ]; then
	log "VPN is working correctly, IP address is $CURRENT_IP!"
	log "Exiting watchdog script..."
	exit 1
	else
	log "VPN is not working correctly, IP address is $CURRENT_IP which doesn't match $WG_PEER_IP. Restarting WireGuard..."
	fi

	log "Attempting to authenticate with GL.iNet web application..."

	CHALLENGE_RESPONSE=$(curl -X POST \
	-H 'Content-Type: application/json' \
	-d '{"jsonrpc":"2.0","method":"challenge","params": {"username": "'$USERNAME'"},"id": 0}' \
	http://$HOST/rpc \
	-s)

	ALG=$(jq -n "$CHALLENGE_RESPONSE" \| jq '.result.alg' \| tr -d '"')
	SALT=$(jq -n "$CHALLENGE_RESPONSE" \| jq '.result.salt' \| tr -d '"')
	NONCE=$(jq -n "$CHALLENGE_RESPONSE" \| jq '.result.nonce' \| tr -d '"')

	CIPHER_PASSWORD=$(openssl passwd -1 -salt "$SALT" "$PASSWORD")

	HASH=$(echo -n "$USERNAME:$CIPHER_PASSWORD:$NONCE" \| md5sum \| cut -d' ' -f1)

	SID=$(curl -X POST \
	-H 'Content-Type: application/json' \
	-d '{"jsonrpc":"2.0","method":"login","params": {"username": "'$USERNAME'", "hash": "'$HASH'"},"id": 0}' \
	http://$HOST/rpc \
	-s \|
	jq '.result.sid' \|
	tr -d '"')

	log "Finished authenticating with GL.iNet web application!"
	log "Attempting to turn off WireGuard client..."

	WIREGUARD_OFF_RESPONSE=$(curl -X POST \
	-H 'Content-Type: application/json' \
	-d '{"jsonrpc":"2.0","method":"call","params":["'$SID'","wg-client","stop", {}],"id": 0}' \
	http://$HOST/rpc \
	-s)

	log $WIREGUARD_OFF_RESPONSE

	log "Attempting to turn on WireGuard client..."

	WIREGUARD_ON_RESPONSE=$(curl -X POST \
	-H 'Content-Type: application/json' \
	-d '{"jsonrpc":"2.0","method":"call","params":["'$SID'","wg-client","start",{"group_id":'$WG_GROUP_ID',"peer_id":'$WG_PEER_ID'}],"id":0}' \
	http://$HOST/rpc \
	-s)

	log $WIREGUARD_ON_RESPONSE

	log "Complete!"