Wireguard is open source. I would contribute a pull request with a "don't give up" number of retries, but I could not find how. I might be able to build the driver from source but it would have to be self-signed, which would cause other problems. Suggestions?
- One option may be to connect to an IP vs a name.
- This is probably not a good idea and may even mask problems or create more problems down the road, but one quick and dirty work around may be to create a local hosts file entry for the endpoint assuming it has a static IP that does not change and assuming you have management nodes that can mass-update the host file entry on all your clients. I am assuming this is part of an AD forest.
- Perhaps an even more clunky solution would be to set the registry key [1] that allows running dangerous scripts and then have a PowerShell script that tries to resolve the VPN node and if it can't, sleeps, tries again, then after {n} tries resets the interface. Both of these ideas are probably quite bad and will probably cause a future admin to shake their fists in anger so I would put a "time to live" on any work-around. Ensure this script can only be modified by administrators.
The best answer is probably a feature request to the WireGuard maintainers to put in more registry keys and tunables and retry mechanisms to deal with mobile and ephemeral networks.
[1] - https://git.zx2c4.com/wireguard-windows/about/docs/adminregi...