I’m running OpenWrt on a GL-AXT1800 router with a single WireGuard tunnel (wg0) pointed at one of four VPN servers in different countries:
France
Mexico
USA
Canada
I’d like to automatically switch the tunnel’s Endpoint to the next country’s server every 15 minutes. So far I’ve tried:
Cron job invoking a shell script locally
Background loop script via SSH
Neither solution has worked reliably—cron runs the script but the endpoint never changes, and the SSH‐loop often freezes the router requiring a reboot.
What I’m Looking For
A lightweight, stable method (ideally without heavy extra packages)
Rotation of the WireGuard Endpoint every 15 minutes
Minimal impact on router stability and performance
What I’ve Tried
*/15 * * * * /root/rotate_vpn.sh
Excerpt from rotate_vpn.sh
!/bin/sh
endpoints=(
France
Mexico
USA
Canada
)
pub="<SERVER_PUBLIC_KEY>"
idx=$(cat /root/vpn_index 2>/dev/null || echo 0)
next=$(( (idx + 1) % 4 ))
endpoint=${endpoints[$next]}
wg set wg0 peer "$pub" allowed-ips 0.0.0.0/0 endpoint "$endpoint" || echo "Failed to set endpoint"
echo "$next" > /root/vpn_index
**
After the job runs, wg show wg0 still shows the previous endpoint, and sometimes the router becomes unresponsive.
Has anyone successfully implemented endpoint rotation on OpenWrt / GL-AXT1800?**
Any pointers, whether using UCI, a minimal cron alternative, a firmware tweak, or a simple shell trick, would be greatly appreciated.
Version
4.8.0
Firmware Type
beta5
OpenWrt Version
OpenWrt 23.05-SNAPSHOT r23485+125-e92cf0c46f
Kernel Version
5.4.164
Hope you are doing well
Thank you for your reply and feedback
I was really hoping that the GL-AXT1800 can handle the simple IP change address every 15 minute for me when I bought from Amazon.ca
And to answer your question about the reason why I want to change the IP address every 15 minutes:
One of my client, have a business and her customers log in to their Wi-Fi everyday, and while the customers are onsite, they give reviews on google everyday, and many of the reviews get rejected since it comes from the same IP address...
If you have a better approach for me, you can reach-out
Sorry, there is currently no good way to automatically switch VPN profiles.
On v4.8 firmware, supported failover for VPN profile (group), but it does not automatically switch if the profile VPN tunnel works normally.
It seems that your custom request cannot be met because it is a bit special.
When the current profile works normally, ordinary users will not let the router actively switch another profile. Generally, the switch will be triggered after the current profile VPN is abnormal, and failover switch to next one profile.
I think depends on your customize request, may only manually switch the profiles.
Try adding ifdown wg0 before your wg set [...] statement & then immed. ifup wg0 afterwards. It shouldn't take much more than 15 seconds to switch, server load/location, dependent of course.
Failing that, given the Slate AX is a stationary unit & the travel-related GUI isn't really necessary, flashing 'vanilla'/stock OpenWrt would give access to the proper packages for a script with a customized policy based routing w/ rotating IPs but there may be a non-zero impact to the WireGuard maximum throughput (ie: less than the ~550 Mbps advertised -- I speculate). The 'downtime' should be < 30 sec to switch the default route.
I'm on stock OWRT on my Slate AX but I can't comment about the potential decrease in WG throughoutput ATM. I really should get some numbers, though.
Fun fact: stock OpenWrt can be ran in a virtual machine: