diff --git a/internal/adapters/wgquick.go b/internal/adapters/wgquick.go
index 58de124..828192f 100644
--- a/internal/adapters/wgquick.go
+++ b/internal/adapters/wgquick.go
@@ -28,6 +28,7 @@ func (r *WgQuickRepo) ExecuteInterfaceHook(id domain.InterfaceIdentifier, hookCm
 		return nil
 	}
 
+	logrus.Tracef("interface %s: executing hook %s", id, hookCmd)
 	err := r.exec(hookCmd, id)
 	if err != nil {
 		return fmt.Errorf("failed to exec hook: %w", err)
diff --git a/internal/app/wireguard/wireguard_interfaces.go b/internal/app/wireguard/wireguard_interfaces.go
index ecf368c..48d4225 100644
--- a/internal/app/wireguard/wireguard_interfaces.go
+++ b/internal/app/wireguard/wireguard_interfaces.go
@@ -202,9 +202,6 @@ func (m Manager) RestoreInterfaceState(ctx context.Context, updateDbOnError bool
 
 			// try to move interface to stored state
 			_, err = m.saveInterface(ctx, &iface, peers)
-			if err != nil {
-				return err
-			}
 			if err != nil {
 				if updateDbOnError {
 					// disable interface in database as no physical interface is available
@@ -469,7 +466,26 @@ func (m Manager) hasInterfaceStateChanged(ctx context.Context, iface *domain.Int
 		return false
 	}
 
-	return oldInterface.IsDisabled() != iface.IsDisabled()
+	if oldInterface.IsDisabled() != iface.IsDisabled() {
+		return true // interface in db has changed
+	}
+
+	wgInterface, err := m.wg.GetInterface(ctx, iface.Identifier)
+	if err != nil {
+		return true // interface might not exist - so we assume that there must be a change
+	}
+
+	// compare physical interface settings
+	if len(wgInterface.Addresses) != len(iface.Addresses) ||
+		wgInterface.Mtu != iface.Mtu ||
+		wgInterface.FirewallMark != iface.FirewallMark ||
+		wgInterface.ListenPort != iface.ListenPort ||
+		wgInterface.PrivateKey != iface.PrivateKey ||
+		wgInterface.PublicKey != iface.PublicKey {
+		return true
+	}
+
+	return false
 }
 
 func (m Manager) handleInterfacePreSaveActions(iface *domain.Interface) error {