https://github.com/hatamiarash7/wireguard-peer-monitoring

Monitor Wireguard peers using kernel events
https://github.com/hatamiarash7/wireguard-peer-monitoring

monitoring wireguard wireguard-tools

Last synced: 28 days ago
JSON representation

Monitor Wireguard peers using kernel events

• Host: GitHub
• URL: https://github.com/hatamiarash7/wireguard-peer-monitoring
• Owner: hatamiarash7
• License: mit
• Created: 2024-04-24T18:27:50.000Z (9 months ago)
• Default Branch: main
• Last Pushed: 2024-12-06T14:30:56.000Z (about 1 month ago)
• Last Synced: 2024-12-06T15:31:17.536Z (about 1 month ago)
• Topics: monitoring, wireguard, wireguard-tools
• Language: Python
• Homepage:
• Size: 102 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

        
# Wireguard Peer Monitoring

[![made-with-python](https://img.shields.io/badge/Made%20with-Python-1f425f.svg)](https://www.python.org/) [![GitHub release](https://img.shields.io/github/release/hatamiarash7/Wireguard-Peer-Monitoring.svg)](https://GitHub.com/hatamiarash7/Wireguard-Peer-Monitoring/releases/) [![Release](https://github.com/hatamiarash7/Wireguard-Peer-Monitoring/actions/workflows/release.yml/badge.svg)](https://github.com/hatamiarash7/Wireguard-Peer-Monitoring/actions/workflows/release.yml) ![GitHub](https://img.shields.io/github/license/hatamiarash7/wireguard-peer-monitoring)

This project uses [Linux kernel dynamic debug](https://www.kernel.org/doc/html/latest/admin-guide/dynamic-debug-howto.html) features to capture and process Wireguard events and monitor peer activity.

This assumes that `debugfs` is mounted under `/sys/kernel/debug`.

The main purpose of this project is monitor Wireguard peers. Currently, It can be used to detect and handle `handshake` and `keepalive` events (You can handle more events, check [Events](#events) section).

All peer's information will be stored in Redis for further analysis. Also, notify the user when a peer's endpoint (IP, PORT) is updated.

These data will be stored in Redis for each peer:

- Endpoint's IP

- Endpoint's Port

- Last keepalive time

- Last handshake time

## How to

1. First, you need to enable Wireguard debug logs. You can do this by running the following command:

    ```bash

    echo 'module wireguard +p' | sudo tee /sys/kernel/debug/dynamic_debug/control

    ```

2. Configure rsyslog to capture the logs. You can do this by adding the following line to `/etc/rsyslog.d/99-wireguard.conf`:

    ```bash

    kern.*  @127.0.0.1:9999

    ```

3. Create a new config file and fill it will proper data:

    ```bash

    cp config.example.toml config.toml

    ```

4. Run project to capture and handle events:

    ```bash

    CONFIG_FILE="config.toml" make run

    ```

    Or using Docker

    ```bash

    docker run -d -v $(pwd)/config.toml:/app/config.toml -p 9999:9999/udp -p 9998:9998 hatamiarash7/wg-peer-monitoring:latest

    # Or

    docker compose up -d

    ```

## Events

There are many Wireguard events that can be captured. You can update the code to handle more events. Here are some of them:

- wg_cookie_message_consume: `Could not decrypt invalid cookie response`

- send4: `No route to , error `

- send6: `No route to , error `

- wg_receive_handshake_packet: `Receiving cookie response from `

- wg_receive_handshake_packet: `Invalid MAC of handshake, dropping packet from `

- wg_receive_handshake_packet: `Invalid handshake initiation from `

- wg_receive_handshake_packet: `Receiving handshake initiation from peer  ()`

- wg_receive_handshake_packet: `Invalid handshake response from `

- wg_receive_handshake_packet: `Receiving handshake response from peer  ()`

- wg_packet_consume_data_done: `Receiving keepalive packet from peer  ()`

- wg_packet_consume_data_done: `Packet has unallowed src IP  from peer  ()`

- wg_packet_consume_data_done: `Packet is neither ipv4 nor ipv6 from peer  ()`

- wg_packet_consume_data_done: `Packet has incorrect size from peer  ()`

- wg_packet_rx_poll: `Packet has invalid nonce  (max )`

- wg_packet_receive: `Dropping handshake packet from `

- wg_packet_send_handshake_initiation: `Sending handshake initiation to peer  ()`

- wg_packet_send_handshake_response: `Sending handshake response to peer  ()`

- wg_packet_send_handshake_cookie: `Sending cookie response for denied handshake message for `

- wg_packet_send_keepalive: `Sending keepalive packet to peer  ()`

- wg_expired_retransmit_handshake: `Handshake for peer  () did not complete after  attempts, giving up`

- wg_expired_retransmit_handshake: `Handshake for peer  () did not complete after  seconds, retrying (try )`

- wg_expired_new_handshake: `Retrying handshake with peer  () because we stopped hearing back after  seconds`

- wg_queued_expired_zero_key_material: `Zeroing out all keys for peer  (), since we haven't received a new one in  seconds`

- wg_peer_create: `Peer  created`

- kref_release: `Peer  () destroyed`

- wg_xmit: `Invalid IP packet`

- wg_xmit: `No peer has allowed IPs matching `

- wg_xmit: `No peer has allowed IPs matching `

- wg_xmit: `No valid endpoint has been configured or discovered for peer `

- wg_destruct: `Interface destroyed`

- wg_newlink: `Interface created`

- wg_netns_pre_exit: `Creating namespace exiting`

- keypair_free_kref: `Keypair  destroyed for peer `

- wg_noise_handshake_begin_session: `Keypair  created for peer `

## Monitoring

You can use Prometheus to scrape internal metrics. You can configure your metric configuration in `config.toml` file.

- `metrics_host`: The host that the metrics server will listen on.

- `metrics_port`: The port that the metrics server will listen on.

Check . The following metrics are available:

- `wg_peer_monitoring_app_version_info`: The version information of the application.

- `wg_peer_monitoring_wg_wireguard_events_total`: The total number of Wireguard events per event's title and peer's ID.

- `wg_peer_monitoring_wg_wireguard_events_created`: The latest timestamp of Wireguard events that have been created. per event's title and peer's ID.

---

## Support 💛

[![Donate with Bitcoin](https://img.shields.io/badge/Bitcoin-bc1qmmh6vt366yzjt3grjxjjqynrrxs3frun8gnxrz-orange)](https://donatebadges.ir/donate/Bitcoin/bc1qmmh6vt366yzjt3grjxjjqynrrxs3frun8gnxrz) [![Donate with Ethereum](https://img.shields.io/badge/Ethereum-0x0831bD72Ea8904B38Be9D6185Da2f930d6078094-blueviolet)](https://donatebadges.ir/donate/Ethereum/0x0831bD72Ea8904B38Be9D6185Da2f930d6078094)



## Contributing 🤝

Don't be shy and reach out to us if you want to contribute 😉

1. Fork it!

2. Create your feature branch: `git checkout -b my-new-feature`

3. Commit your changes: `git commit -am 'Add some feature'`

4. Push to the branch: `git push origin my-new-feature`

5. Submit a pull request

## Issues

Each project may have many problems. Contributing to the better development of this project by reporting them. 👍