Create and run
nano vpn-health.sh chmod +x vpn-health.sh ./vpn-health.sh
#!/bin/bash
echo “=========================================”
echo “🔍 VPN HEALTH CHECK – $(date)”
echo “=========================================”
WG_IF=”wg0″
# — SYSTEM —
echo -e “\n🖥️ SYSTEM STATUS”
uptime
free -m | awk ‘NR==2{printf “RAM Usage: %s/%s MB (%.2f%%)\n”, $3,$2,$3*100/$2 }’
df -h / | awk ‘NR==2{print “Disk Usage:”, $5, “used”}’
# — NETWORK —
echo -e “\n🌐 NETWORK”
ip a show $WG_IF 2>/dev/null | grep inet || echo “❌ wg0 interface not found”
ip route | grep default
PUBLIC_IP=$(curl -s ifconfig.me)
echo “Public IP: $PUBLIC_IP”
# — WIREGUARD STATUS —
echo -e “\n🔐 WIREGUARD STATUS”
if sudo wg show $WG_IF >/dev/null 2>&1; then
sudo wg show $WG_IF
else
echo “❌ WireGuard interface $WG_IF is DOWN”
fi
# — SERVICE STATUS —
echo -e “\n⚙️ SERVICE STATUS”
sudo systemctl is-active wg-quick@$WG_IF
# — CONNECTED CLIENTS —
echo -e “\n👥 CONNECTED CLIENTS (PiVPN)”
if command -v pivpn >/dev/null; then
sudo pivpn -c
else
echo “PiVPN not installed”
fi
# — FIREWALL —
echo -e “\n🔥 FIREWALL (Top DROP rules)”
sudo iptables -L -n -v | grep DROP | head -10
# — PORT CHECK —
echo -e “\n📡 LISTENING PORTS (wg)”
sudo ss -tunap | grep $WG_IF || echo “No wg sockets found”
# — RECENT LOGS —
echo -e “\n📜 RECENT WIREGUARD LOGS”
sudo journalctl -u wg-quick@$WG_IF –since “10 min ago” | tail -20
# — FAILED LOGINS —
echo -e “\n🚨 FAILED LOGIN ATTEMPTS”
sudo grep “Failed password” /var/log/auth.log 2>/dev/null | tail -5
echo -e “\n=========================================”
echo “✅ HEALTH CHECK COMPLETE”
echo “=========================================”