wireguard - invalid check parameter + doesn't show active peers

[dnlldl]

Here is the output of the check plugin:

<<<wireguard:sep(9)>>>
[[wg0]]
(censored)    (wan_ip):(port)     10.99.1.2/32    1733461693      118546  1325844 off

It produces the 2 following checks:

WireGuard wg0	1 configured peer(s), 0 active peer(s)	
Timeout: 	-1, -1

WireGuard wg0 Peer (censored)
endpoint: (wan_ip):(port), allowed IPs: 10.99.1.2/32, latest handshake 6 minutes 25 seconds ago
Invalid check parameter: Undefined key 'allowed-ips' in the dictionary. Allowed are timeout.
Variable: checkgroup_parameters:wireguard_data
Parameters:
{'allowed-ips': '10.99.1.2/32', 'timeout': (-1, -1)}

There is an error with the second check. Looking at the code, I'm a little bit confused at the active peer calculation; it seems like it requires a timeout rule defined, but that same timeout is also used as a criteria for WARN/CRIT? I want both checks to stay OK as long as the tunnel is up but would also like to have the active peer chart work.

[dnlldl]

The errors also prevent updates on the server side, the plugin must be disabled before updating and re-enabled after.

[dnlldl]

Any chance for an update on this?

[gurubert]

Thanks for reporting this regression bug introduced with pull request #148.

The timeout is needed because wireguard sessions do not terminate. After a certain time a peer is considered not active.

[dnlldl]

The allowed-ip problem is fixed, the timeout isn't. By default with no timeout configured all peers are considered on. If we put any timeout, it does fix the number of active peer, but then you get WARNS and CRITS for any peer that hasn't connected in said timeout. This needs to be a different variable completely.

I use my Wireguard VPN tunnel only very sporadically; I don't want alerts because I haven't used it in a while, yet I don't want all peers to be considered active at all time when they are not.

[dnlldl]

I created a separate issue, #187.