Skip to content

Instantly share code, notes, and snippets.

@z0mb1e-kgd
Created February 18, 2022 20:25
Show Gist options
  • Save z0mb1e-kgd/54aede86adf2e30e390dba13886d18e1 to your computer and use it in GitHub Desktop.
Save z0mb1e-kgd/54aede86adf2e30e390dba13886d18e1 to your computer and use it in GitHub Desktop.
Wireguard reresolve-dns Powershell script for Windows
# Copyright (C) 2021 Max Schulze. All Rights Reserved.
# near-literal Translation of the linux version by Jason A. Donenfeld
# to decrypt the dpapi Credentials, you have to be the same user as the wireguard tunnel service, i.e. "nt authority\system", check with "whoami"
# this script might be called by task scheduler as
# powershell -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -Command "Get-ChildItem -File 'c:\Program Files\wireguard\data\configurations\*.dpapi' | foreach {& C:\<path to script>\wireguard_reresolve-dns.ps1 $_.FullName}"
# if you want to try it in cmd, remember to elevate the user, i.e. with psexec from sysutils
# psexec -s -i powershell -NoPr...
Set-StrictMode -Version 3
Add-Type -AssemblyName System.Security
Set-Variable CONFIG_FILE -Value $args[0].ToString().Trim('"')
$byteCrypted = ((Get-Content -LiteralPath $CONFIG_FILE -Encoding Byte -ReadCount 0))
$config = [System.Security.Cryptography.ProtectedData]::Unprotect($byteCrypted,$null,[System.Security.Cryptography.DataProtectionScope]::LocalMachine)
$config = [System.Text.UTF8Encoding]::UTF8.GetString($config)
Set-Variable Interface -Option Constant -Value $(if ($CONFIG_FILE -match '.?([a-zA-Z0-9_=+.-]{1,18})\.conf.dpapi$') { $matches[1] } else { $null })
function process_peer () {
if (-not $PEER_SECTION -or ($PUBLIC_KEY -eq $null) -or ($ENDPOINT -eq $null)) { return }
if (-not ((& wg show "$INTERFACE" latest-handshakes) -replace $PUBLIC_KEY -match ('[0-9]+'))) { return }
if (((Get-Date) - (New-Object -Type DateTime -ArgumentList 1970,1,1,0,0,0,0).AddSeconds($matches[0]).ToLocalTime()).TotalSeconds -le 135) { return }
(& wg set "$INTERFACE" peer "$PUBLIC_KEY" endpoint "$ENDPOINT")
reset_peer_section
}
function reset_peer_section () {
Set-Variable PEER_SECTION -Value $null
Set-Variable PUBLIC_KEY -Value $null
Set-Variable ENDPOINT -Value $null
}
reset_peer_section
Set-Variable PEER_SECTION -Value $null
foreach ($line in $config.Split([Environment]::NewLine,[StringSplitOptions]::RemoveEmptyEntries))
{
if ($line.Trim().length -gt 0) {
$stripped = $line.Trim() -ireplace '\#.*'
$key = $stripped -ireplace '=.*'; $key = $key.Trim()
$val = $stripped -ireplace '^.*?='; $val = $val.Trim()
if ($key -match '\[.*') { process_peer; reset_peer_section; }
if ($key -eq '[Peer]') { $PEER_SECTION = $true }
if ($PEER_SECTION) {
switch ($key) {
"PublicKey" { $PUBLIC_KEY = $val; continue; }
"Endpoint" { $ENDPOINT = $val; continue; }
}
}
}
}
process_peer
@santo998
Copy link

santo998 commented Dec 30, 2024

@kenvix if I let this script running 24/7 in one client, I start getting some errors:
"Unable to access interface: No such file or directory"
"Unknown host. : somehost.dyndns.org:51820'"

My server has DynDNS and is working properly. I can RDP into it, but I can't RDP into my client after IP change.
Packets redirect is configured properly in the server.
Operative System sleep is disabled in the client and server.
Issue has to be related to this script.

Note: I replaced my real host with "somehost.dyndns.org:51820" for privacy and security reasons.
Here are my shawl logs:

2024-10-10 23:47:10 [DEBUG] ********** LAUNCH **********
2024-10-10 23:47:10 [DEBUG] Cli { sub: Add { common: CommonOpts { pass: None, restart: false, no_restart: false, restart_if: [], restart_if_not: [], stop_timeout: None, no_log: false, no_log_cmd: false, log_dir: None, log_as: None, log_cmd_as: None, log_rotate: None, log_retain: None, pass_start_args: false, env: [], path: [], priority: None, command: ["powershell", "-NoProfile", "-NoLogo", "-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", "C:\proyectos\VPN\WireGuard-Reresolve.ps1", "-LoopRunAsCron", "-DelaySeconds", "250"] }, cwd: None, dependencies: [], name: "WireGuard-Reresolve" } }
2024-10-10 23:47:10 [DEBUG] Finished successfully
2024-10-10 23:49:22 [DEBUG] ********** LAUNCH **********
2024-10-10 23:49:22 [DEBUG] Cli { sub: Run { common: CommonOpts { pass: None, restart: false, no_restart: false, restart_if: [], restart_if_not: [], stop_timeout: None, no_log: false, no_log_cmd: false, log_dir: None, log_as: None, log_cmd_as: None, log_rotate: None, log_retain: None, pass_start_args: false, env: [], path: [], priority: None, command: ["powershell", "-NoProfile", "-NoLogo", "-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", "C:\proyectos\VPN\WireGuard-Reresolve.ps1", "-LoopRunAsCron", "-DelaySeconds", "250"] }, cwd: None, name: "WireGuard-Reresolve" } }
2024-10-10 23:49:22 [DEBUG] Entering main service loop
2024-10-10 23:49:22 [INFO] Launching command
2024-10-10 23:49:22 [DEBUG] stdout: "Running as Cron DelaySeconds=250"
2024-10-17 18:13:23 [INFO] Received shutdown event
2024-10-17 18:13:23 [INFO] Sending ctrl-C to command
2024-10-17 18:13:26 [INFO] Killing command because stop timeout expired
2024-10-17 18:13:26 [DEBUG] Exited main service loop
2024-10-17 18:13:26 [DEBUG] Finished successfully
2024-10-17 18:14:04 [DEBUG] ********** LAUNCH **********
2024-10-17 18:14:04 [DEBUG] Cli { sub: Run { common: CommonOpts { pass: None, restart: false, no_restart: false, restart_if: [], restart_if_not: [], stop_timeout: None, no_log: false, no_log_cmd: false, log_dir: None, log_as: None, log_cmd_as: None, log_rotate: None, log_retain: None, pass_start_args: false, env: [], path: [], priority: None, command: ["powershell", "-NoProfile", "-NoLogo", "-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", "C:\proyectos\VPN\WireGuard-Reresolve.ps1", "-LoopRunAsCron", "-DelaySeconds", "250"] }, cwd: None, name: "WireGuard-Reresolve" } }
2024-10-17 18:14:09 [DEBUG] Entering main service loop
2024-10-17 18:14:09 [INFO] Launching command
2024-10-17 18:14:10 [DEBUG] stdout: "Running as Cron DelaySeconds=250"
2024-10-18 23:49:25 [INFO] Received shutdown event
2024-10-18 23:49:25 [INFO] Sending ctrl-C to command
2024-10-18 23:49:53 [DEBUG] ********** LAUNCH **********
2024-10-18 23:49:53 [DEBUG] Cli { sub: Run { common: CommonOpts { pass: None, restart: false, no_restart: false, restart_if: [], restart_if_not: [], stop_timeout: None, no_log: false, no_log_cmd: false, log_dir: None, log_as: None, log_cmd_as: None, log_rotate: None, log_retain: None, pass_start_args: false, env: [], path: [], priority: None, command: ["powershell", "-NoProfile", "-NoLogo", "-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", "C:\proyectos\VPN\WireGuard-Reresolve.ps1", "-LoopRunAsCron", "-DelaySeconds", "250"] }, cwd: None, name: "WireGuard-Reresolve" } }
2024-10-18 23:49:55 [DEBUG] Entering main service loop
2024-10-18 23:49:55 [INFO] Launching command
2024-10-18 23:49:56 [DEBUG] stdout: "Running as Cron DelaySeconds=250"
2024-10-18 23:49:57 [DEBUG] stderr: "Unable to access interface: No such file or directory"
2024-10-26 21:47:15 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 12:27:35 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 14:20:09 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 14:24:19 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 14:28:29 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 14:32:39 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 14:36:49 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 14:41:00 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 14:45:10 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 14:49:20 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 14:53:30 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 14:57:40 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 15:01:50 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 15:06:00 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 15:10:10 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 15:14:20 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 15:18:30 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-10-29 15:22:40 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-04 21:48:02 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-05 22:48:55 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-07 22:41:04 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-12 19:22:33 [INFO] Received shutdown event
2024-11-12 19:22:33 [INFO] Sending ctrl-C to command
2024-11-12 19:23:05 [DEBUG] ********** LAUNCH **********
2024-11-12 19:23:05 [DEBUG] Cli { sub: Run { common: CommonOpts { pass: None, restart: false, no_restart: false, restart_if: [], restart_if_not: [], stop_timeout: None, no_log: false, no_log_cmd: false, log_dir: None, log_as: None, log_cmd_as: None, log_rotate: None, log_retain: None, pass_start_args: false, env: [], path: [], priority: None, command: ["powershell", "-NoProfile", "-NoLogo", "-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", "C:\proyectos\VPN\WireGuard-Reresolve.ps1", "-LoopRunAsCron", "-DelaySeconds", "250"] }, cwd: None, name: "WireGuard-Reresolve" } }
2024-11-12 19:23:07 [DEBUG] Entering main service loop
2024-11-12 19:23:07 [INFO] Launching command
2024-11-12 19:23:10 [DEBUG] stdout: "Running as Cron DelaySeconds=250"
2024-11-14 21:04:54 [INFO] Received shutdown event
2024-11-14 21:04:54 [INFO] Sending ctrl-C to command
2024-11-14 21:05:26 [DEBUG] ********** LAUNCH **********
2024-11-14 21:05:26 [DEBUG] Cli { sub: Run { common: CommonOpts { pass: None, restart: false, no_restart: false, restart_if: [], restart_if_not: [], stop_timeout: None, no_log: false, no_log_cmd: false, log_dir: None, log_as: None, log_cmd_as: None, log_rotate: None, log_retain: None, pass_start_args: false, env: [], path: [], priority: None, command: ["powershell", "-NoProfile", "-NoLogo", "-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", "C:\proyectos\VPN\WireGuard-Reresolve.ps1", "-LoopRunAsCron", "-DelaySeconds", "250"] }, cwd: None, name: "WireGuard-Reresolve" } }
2024-11-14 21:05:26 [DEBUG] Entering main service loop
2024-11-14 21:05:26 [INFO] Launching command
2024-11-14 21:05:28 [DEBUG] stdout: "Running as Cron DelaySeconds=250"
2024-11-14 21:05:29 [DEBUG] stderr: "Unable to access interface: No such file or directory"
2024-11-20 11:31:50 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-23 02:12:06 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-24 23:38:29 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-24 23:42:40 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-24 23:46:50 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-24 23:51:00 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-24 23:55:10 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-24 23:59:20 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-25 00:03:30 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-25 00:07:40 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-25 00:11:50 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-25 00:16:00 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-25 00:20:10 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-25 00:24:20 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-25 00:28:30 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-25 00:32:40 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-25 00:36:50 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-25 00:41:00 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-25 00:45:10 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-11-26 16:46:34 [DEBUG] ********** LAUNCH **********
2024-11-26 16:46:34 [DEBUG] Cli { sub: Run { common: CommonOpts { pass: None, restart: false, no_restart: false, restart_if: [], restart_if_not: [], stop_timeout: None, no_log: false, no_log_cmd: false, log_dir: None, log_as: None, log_cmd_as: None, log_rotate: None, log_retain: None, pass_start_args: false, env: [], path: [], priority: None, command: ["powershell", "-NoProfile", "-NoLogo", "-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", "C:\proyectos\VPN\WireGuard-Reresolve.ps1", "-LoopRunAsCron", "-DelaySeconds", "250"] }, cwd: None, name: "WireGuard-Reresolve" } }
2024-11-26 16:46:34 [DEBUG] Entering main service loop
2024-11-26 16:46:34 [INFO] Launching command
2024-11-26 16:46:40 [DEBUG] stdout: "Running as Cron DelaySeconds=250"
2024-11-26 17:03:35 [DEBUG] ********** LAUNCH **********
2024-11-26 17:03:35 [DEBUG] Cli { sub: Run { common: CommonOpts { pass: None, restart: false, no_restart: false, restart_if: [], restart_if_not: [], stop_timeout: None, no_log: false, no_log_cmd: false, log_dir: None, log_as: None, log_cmd_as: None, log_rotate: None, log_retain: None, pass_start_args: false, env: [], path: [], priority: None, command: ["powershell", "-NoProfile", "-NoLogo", "-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", "C:\proyectos\VPN\WireGuard-Reresolve.ps1", "-LoopRunAsCron", "-DelaySeconds", "250"] }, cwd: None, name: "WireGuard-Reresolve" } }
2024-11-26 17:03:35 [DEBUG] Entering main service loop
2024-11-26 17:03:35 [INFO] Launching command
2024-11-26 17:03:38 [DEBUG] stdout: "Running as Cron DelaySeconds=250"
2024-12-04 16:32:37 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-12-06 19:55:08 [INFO] Received shutdown event
2024-12-06 19:55:08 [INFO] Sending ctrl-C to command
2024-12-06 19:55:42 [DEBUG] ********** LAUNCH **********
2024-12-06 19:55:42 [DEBUG] Cli { sub: Run { common: CommonOpts { pass: None, restart: false, no_restart: false, restart_if: [], restart_if_not: [], stop_timeout: None, no_log: false, no_log_cmd: false, log_dir: None, log_as: None, log_cmd_as: None, log_rotate: None, log_retain: None, pass_start_args: false, env: [], path: [], priority: None, command: ["powershell", "-NoProfile", "-NoLogo", "-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", "C:\proyectos\VPN\WireGuard-Reresolve.ps1", "-LoopRunAsCron", "-DelaySeconds", "250"] }, cwd: None, name: "WireGuard-Reresolve" } }
2024-12-06 19:55:42 [DEBUG] Entering main service loop
2024-12-06 19:55:42 [INFO] Launching command
2024-12-06 19:55:45 [DEBUG] stdout: "Running as Cron DelaySeconds=250"
2024-12-06 19:55:45 [DEBUG] stderr: "Unable to access interface: No such file or directory"
2024-12-09 09:21:13 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"
2024-12-11 18:06:53 [INFO] Received shutdown event
2024-12-11 18:06:53 [INFO] Sending ctrl-C to command
2024-12-11 18:06:53 [INFO] Command exited after 0 ms with code 1
2024-12-11 18:06:53 [DEBUG] Exited main service loop
2024-12-11 18:06:53 [DEBUG] Finished successfully
2024-12-11 18:07:21 [DEBUG] ********** LAUNCH **********
2024-12-11 18:07:21 [DEBUG] Cli { sub: Run { common: CommonOpts { pass: None, restart: false, no_restart: false, restart_if: [], restart_if_not: [], stop_timeout: None, no_log: false, no_log_cmd: false, log_dir: None, log_as: None, log_cmd_as: None, log_rotate: None, log_retain: None, pass_start_args: false, env: [], path: [], priority: None, command: ["powershell", "-NoProfile", "-NoLogo", "-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", "C:\proyectos\VPN\WireGuard-Reresolve.ps1", "-LoopRunAsCron", "-DelaySeconds", "250"] }, cwd: None, name: "WireGuard-Reresolve" } }
2024-12-11 18:07:23 [DEBUG] Entering main service loop
2024-12-11 18:07:23 [INFO] Launching command
2024-12-11 18:07:25 [DEBUG] stdout: "Running as Cron DelaySeconds=250"
2024-12-11 18:07:26 [DEBUG] stderr: "Unable to access interface: No such file or directory"
2024-12-22 23:14:39 [DEBUG] stderr: "Unknown host. : somehost.dyndns.org:51820'"

@santo998
Copy link

Any idea on this?

If I ping my "problematic client" from my server (they are on the same LAN), after a while that client connects to the VPN automatically.

But I have to ping my "problematic client" from my server every few days.

@santo998
Copy link

santo998 commented Jan 28, 2025

Since WireGuard creates Windows service for every active tunnel, you can also use

Get-Service -Name "WireGuardTunnel$*" | Where-Object {$_.Status -eq "Running"} | ForEach-Object { $_.Name.Substring(16) } | ForEach-Object { Get-ChildItem -File "$env:programfiles\wireguard\data\configurations\$_.conf.dpapi" } | ForEach-Object {& .\wg-reresolve-dns.ps1 $_.FullName}

if you have many tunnels but only a few of them are actived.

This could also avoid reloading unused tunnels

Can this be the problem?

I mean, I have 24/7 running client. So, maybe its tunnel gets inactive, so the script isn't re-resolving it...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment