Hi, when I am at home I don’t need Wireguard, while when I go out of the house I would like it to turn on.
In summary by passing the mac address of my iPhone to the script, it is checked if it is present in the ARP table and if it is connected to the LAN by scanning with nmap. If I don’t find it connected, I starto Wireguard. If it is connected, however, I turn it off.
I was planning to schedule it with crontab every 15 minutes.
Do you see any potential security issues with that? Could it be done better?
network=192.168.1.0/24
if [ “$#” -ne 1 ]; then echo Usage example: $0 aa:bb:cc:dd:ee:ff; exit 2; fi;
nmap -sP -T4 $network >& /dev/null
ip=$(sudo arp -n | grep $1 | awk ‘ { print $1 }’)
ping $ip -n -q -c 2 -i 0.2 -w 1 >& /dev/null
if [ $? -eq 0 ]; then
echo Device is online \($ip\)
sudo wg-quick down wg0
echo Wireguard killed
else
echo Device is offline
sudo wg-quick up wg0
echo Wireguard started
exit 1
fi;
Funny idea but I see no point in it?
I’d use a state file, test for state change, and only run wg-quick on change. This way you can run every minute, and avoid weirdness about running up when already up or down when down.
What’s the point of this? If you don’t think wireguard is secure enough to leave running 24/7 I’m not sure only running it some number of hours a day is going to be much more secure?