Created
January 25, 2026 20:20
-
-
Save luckman212/cc5ec3ba5c1e646b43eac705e51d7334 to your computer and use it in GitHub Desktop.
Healthcheck script for WireGuard running on pfSense
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| QRY='some-hostname-in-your-tailnet.ts.net' | |
| WANT='100.100.101.101' #expected IP address of that host | |
| RESTART=0 | |
| if ! service tailscaled status | grep -q 'tailscaled is running' ; then | |
| RESTART=1 | |
| logger -t tailscaled "Tailscale service is not running" | |
| fi | |
| res=$(dig +time=1 +tries=1 +short -t a $QRY @100.100.100.100) | |
| if [ "$res" != "$WANT" ] ; then | |
| RESTART=1 | |
| logger -t tailscaled "Quad100 invalid DNS response ($res)" | |
| fi | |
| if ! ifconfig -g Tailscale | grep -q tailscale0 ; then | |
| RESTART=1 | |
| logger -t tailscaled "tailscale0 does not have interface group set" | |
| fi | |
| res=$(tailscale status --json | jq -r '.Health[] | contains("logged out")') | |
| if [ "$res" = "true" ]; then | |
| RESTART=1 | |
| logger -t tailscaled "tailscale is logged out" | |
| sed -i.bak '/pfsense_tailscaled_authkey.*/d' /usr/local/etc/rc.conf.d/pfsense_tailscaled | |
| fi | |
| if [ "$RESTART" -eq 1 ] ; then | |
| logger -t tailscaled "Restarting tailscale service" | |
| pfSsh.php playback svc restart tailscale | |
| fi |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What
This is a simple healthcheck script that should have no noticable impact on your system. It runs a few quick sanity checks to keep WireGuard up and running.
Specifically, it:
tailscale0interface has its interface group set properly (firewall rule helper)How
/root/tscheck.shchmod +x /root/tscheck.shThis has been tested on pfSense+ 25.07.1, 25.11, and 26.03
Please report any issues you encounter.