I’m looking to automate/script my pfsense wireguard tunnels so that each wireguard tunnel only goes up if there are one or more clients connected to the subnet associated with that tunnel and goes down once all clients have disconnected. I was wondering if there is already a plugin that accomplishes this or can be adapted, otherwise what is best practice for running scripts on the pfsense box?
My initial thought was to have a cronjob monitor the various DHCP servers for each subnet, then initiate a script to connect the associated wireguard tunnel if it detects any active DHCP leases on that subnet.
I have multiple subnets on this box, each with it’s own wireguard gateway. I like the idea of only making the VPN connection if there is a client calling for it.
In OpenWRT land this could be accomplished with a hook
The question is, do you really need this. Wireguard is a fairly quite protocol and if you open ports on both sides you don’t even need keep alive packets. The connection will stay open but no data will be sent until someone uses it.