I’m looking to automate/script my pfsense wireguard tunnels so that each wireguard tunnel only goes up if there are one or more clients connected to the subnet associated with that tunnel and goes down once all clients have disconnected. I was wondering if there is already a plugin that accomplishes this or can be adapted, otherwise what is best practice for running scripts on the pfsense box?
My initial thought was to have a cronjob monitor the various DHCP servers for each subnet, then initiate a script to connect the associated wireguard tunnel if it detects any active DHCP leases on that subnet.
I have multiple subnets on this box, each with it’s own wireguard gateway. I like the idea of only making the VPN connection if there is a client calling for it.
To my frustration, I’ve tried both your method with ISC and a run_script hook with Kea, and pfsense just overwrites the custom configs. There’s a PR on their github but it’s been sitting there for months.
Well that’s annoying.
You could probably read the file where it writes the leases instead. Although that isn’t event based unless you do your own wrapper to check it every second instead of cronus minutes