Page MenuHomeSolus

WireGuard
Open, NormalPublic

Tokens
"Love" token, awarded by liepumartins."Orange Medal" token, awarded by Mr.Midnight."Love" token, awarded by ArjenR."Love" token, awarded by playforvoices."Love" token, awarded by jtflynnz."Love" token, awarded by nezorflame."Like" token, awarded by wuzhe."Love" token, awarded by Jacalz."Like" token, awarded by retiform."Love" token, awarded by stigarn."Love" token, awarded by Brandywine."Love" token, awarded by angristan."Love" token, awarded by severucold."Love" token, awarded by validupuma."Love" token, awarded by patrickstarispink."Love" token, awarded by mattrazol."Love" token, awarded by maxtriano."Love" token, awarded by racerdot."Love" token, awarded by Timalex."Love" token, awarded by mgrandl."Love" token, awarded by kaotik."Love" token, awarded by IntenceYT."Love" token, awarded by Herdo."Love" token, awarded by baimafeima."Love" token, awarded by TheMarketAnarchist.
Assigned To
None
Authored By
anaknaga, May 28 2017

Description

Name: WireGuard

Homepage: https://www.wireguard.io

Reason: WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

Open Source: Yes

Source: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20170517.tar.xz
(see https://git.zx2c4.com/WireGuard/ for latest release)

Related Objects

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
kaotik awarded a token.Jan 2 2018, 2:28 PM
kaotik added a subscriber: kaotik.

Wireguard is working well in China and would be tremendously helpful in circumventing the nasty censorship system at place. I am running a Streisand server and would love to be able to use Wireguard on Solus. See: https://github.com/StreisandEffect/streisand/pull/1119
Isn't there a possibility to add wireguard-dkms modules as distribution packages to the repository? To my knowledge, these would not have to be rebuilt when kernels are rebuilt. See: https://launchpad.net/~wireguard/+archive/ubuntu/wireguard (Ubuntu), https://packages.debian.org/sid/wireguard-dkms (Debian), https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/ (Fedora)

pokgak added a subscriber: pokgak.Jan 19 2018, 8:58 AM

Since December's WireGuard release, I've been having difficulties building on Solus. Code from November still build. Any help would be much appreciated, but it seems that something changed in the kernel. Unsure.

user@t450s-solus ~/bin/WireGuard-0.0.20180118/src $ make debug
test -e include/generated/autoconf.h -a -e include/config/auto.conf || (	\
echo >&2;							\
echo >&2 "  ERROR: Kernel configuration is invalid.";		\
echo >&2 "         include/generated/autoconf.h or include/config/auto.conf are missing.";\
echo >&2 "         Run 'make oldconfig && make prepare' on kernel src to fix it.";	\
echo >&2 ;							\
/bin/false)
mkdir -p /home/user/bin/WireGuard-0.0.20180118/src/.tmp_versions ; rm -f /home/user/bin/WireGuard-0.0.20180118/src/.tmp_versions/*
make -f ./scripts/Makefile.build obj=/home/user/bin/WireGuard-0.0.20180118/src
make[2]: *** No rule to make target '/home/user/bin/WireGuard-0.0.20180118/src/main.o', needed by '/home/user/bin/WireGuard-0.0.20180118/src/wireguard.o'.  Stop.
make[1]: *** [Makefile:1507: _module_/home/user/bin/WireGuard-0.0.20180118/src] Error 2
make: *** [Makefile:39: module-debug] Error 2

Since December's WireGuard release, I've been having difficulties building on Solus. Code from November still build. Any help would be much appreciated, but it seems that something changed in the kernel. Unsure.

user@t450s-solus ~/bin/WireGuard-0.0.20180118/src $ make debug
test -e include/generated/autoconf.h -a -e include/config/auto.conf || (	\
echo >&2;							\
echo >&2 "  ERROR: Kernel configuration is invalid.";		\
echo >&2 "         include/generated/autoconf.h or include/config/auto.conf are missing.";\
echo >&2 "         Run 'make oldconfig && make prepare' on kernel src to fix it.";	\
echo >&2 ;							\
/bin/false)
mkdir -p /home/user/bin/WireGuard-0.0.20180118/src/.tmp_versions ; rm -f /home/user/bin/WireGuard-0.0.20180118/src/.tmp_versions/*
make -f ./scripts/Makefile.build obj=/home/user/bin/WireGuard-0.0.20180118/src
make[2]: *** No rule to make target '/home/user/bin/WireGuard-0.0.20180118/src/main.o', needed by '/home/user/bin/WireGuard-0.0.20180118/src/wireguard.o'.  Stop.
make[1]: *** [Makefile:1507: _module_/home/user/bin/WireGuard-0.0.20180118/src] Error 2
make: *** [Makefile:39: module-debug] Error 2

Bug and workaround posted here: https://dev.solus-project.com/T5607

asonix added a subscriber: asonix.Jan 31 2018, 5:03 PM
mgrandl added a subscriber: mgrandl.

@anaknaga did you also get the error because of missing resolvconf when trying wg-quick?

wg-quick up azirevpn-se1:

ip link add azirevpn-se1 type wireguard
wg setconf azirevpn-se1 /dev/fd/63
ip address add 10.10.4.181/19 dev azirevpn-se1
ip address add 2a03:8600:1001:4000::4b6/64 dev azirevpn-se1
ip link set mtu 1420 dev azirevpn-se1
ip link set azirevpn-se1 up
resolvconf -a azirevpn-se1 -m 0 -x
/usr/bin/wg-quick: line 73: resolvconf: command not found
ip link delete dev azirevpn-se1

Compiled and installed using https://www.wireguard.com/install/#option-b-compiling-from-source
Following the guide at: https://www.azirevpn.com/wireguard

@anaknaga did you also get the error because of missing resolvconf when trying wg-quick?
wg-quick up azirevpn-se1:

ip link add azirevpn-se1 type wireguard
wg setconf azirevpn-se1 /dev/fd/63
ip address add 10.10.4.181/19 dev azirevpn-se1
ip address add 2a03:8600:1001:4000::4b6/64 dev azirevpn-se1
ip link set mtu 1420 dev azirevpn-se1
ip link set azirevpn-se1 up
resolvconf -a azirevpn-se1 -m 0 -x
/usr/bin/wg-quick: line 73: resolvconf: command not found
ip link delete dev azirevpn-se1

Compiled and installed using https://www.wireguard.com/install/#option-b-compiling-from-source
Following the guide at: https://www.azirevpn.com/wireguard

Yes, you will need to comment out the resolvconf line and add the following to the conf file for it to work in Solus:

PostUp = echo "nameserver YOUR_WG_DNS" > /etc/resolv.conf
PostDown = echo "nameserver YOUR_NORMAL_DNS" > /etc/resolv.conf
maxtriano added a subscriber: maxtriano.
mattrazol added a subscriber: mattrazol.
severucold added a subscriber: severucold.
angristan added a subscriber: angristan.

@anaknaga did you also get the error because of missing resolvconf when trying wg-quick?
wg-quick up azirevpn-se1:

ip link add azirevpn-se1 type wireguard
wg setconf azirevpn-se1 /dev/fd/63
ip address add 10.10.4.181/19 dev azirevpn-se1
ip address add 2a03:8600:1001:4000::4b6/64 dev azirevpn-se1
ip link set mtu 1420 dev azirevpn-se1
ip link set azirevpn-se1 up
resolvconf -a azirevpn-se1 -m 0 -x
/usr/bin/wg-quick: line 73: resolvconf: command not found
ip link delete dev azirevpn-se1

Compiled and installed using https://www.wireguard.com/install/#option-b-compiling-from-source
Following the guide at: https://www.azirevpn.com/wireguard

Yes, you will need to comment out the resolvconf line and add the following to the conf file for it to work in Solus:

PostUp = echo "nameserver YOUR_WG_DNS" > /etc/resolv.conf
PostDown = echo "nameserver YOUR_NORMAL_DNS" > /etc/resolv.conf

Much more simply solved by installing openresolv. Although it isn't in the current solus repo (It is the only package left to make wireguard an easy install). Luckily there is a community member with a yaml build file + eopkg binaries.

Link: https://gitlab.com/devil505/solus-3rd-party-repo/tree/master/openresolv

Maybe the request for openresolv should be re-opened ? https://dev.solus-project.com/T2931

Maybe the request for openresolv should be re-opened ? https://dev.solus-project.com/T2931

+1 on this idea

I've tested DNS leaks with openresolv + Wireguard. And fortunately there are none. However I have not tested it with OpenVPN so I cannot validate Eric's claim.

Brandywine added a subscriber: Brandywine.
This comment was removed by JoshStrobl.
JoshStrobl added a comment.EditedAug 13 2018, 1:27 AM

@Devil505 Please refrain from posting here about your unofficial repository, where none of the packages have been validated by us to not negatively impact users, or perform actions which may run counter to how Solus works or is intended to function. Furthermore, your repository is not actively rebuilt against ours, leading to breakages like those experienced here, which negatively impacts the experience of our users and despite your warning in your README, leads to undesired support requests directed to us as a result. Thank you.

I apologize if I missed something, but it appears that for the last year developers haven't touched this ticket, the software, or made a statement to the effect of "we're looking at it." Then a user posts a forum link for his install package where he makes it very clear that it's a personal package and he's just looking for testers. Now you show up (a year after this ticket was made), delete the comment, and that's it? Not even a "we're looking at this" after you deleted the comment? I understand your logic in removing the comment and it makes perfect sense. I'm more at a loss as to why your only action on this year old ticket was to warn a user and delete his comment.

Furthermore, if that user is serious about getting his package in, is there a way for him to get his package into official testing? I'm asking in case he comes back looking for guidance.

Furthermore, if that user is serious about getting his package in, is there a way for him to get his package into official testing? I'm asking in case he comes back looking for guidance.

In fact I'm waiting for a change of this ticket status for "accepted for inclusion", after that, I can send a patch. Without this status, my patch will be rejected.

I may very well be wrong but, I believe the reason this package has sat in the backlog for so long is that WireGuard is headed towards inclusion in the Kernel which would likely mean that we wouldn't need to package it separately for the Solus Repository.

I may very well be wrong but, I believe the reason this package has sat in the backlog for so long is that WireGuard is headed towards inclusion in the Kernel which would likely mean that we wouldn't need to package it separately for the Solus Repository.

That's a perfectly logical reason and I'm sure many users (myself included) would understand that. That, however, was never stated.

As4fN1v removed a subscriber: As4fN1v.Aug 14 2018, 7:31 AM
DataDrake added a subscriber: DataDrake.

All,

WireGuard is indeed on the backburner until it gets accepted into the kernel. Frankly, Linus' endorsement of it is enough evidence to me that it should be included. But until it is merged into the kernel, I don't want to include any userland utilities or alternative implementations. Because of that I will not be marking this as accepted until such a time.

Thanks.

Thanks for updating us.

nazar added a subscriber: nazar.Aug 27 2018, 11:54 AM
DataDrake triaged this task as Normal priority.Aug 31 2018, 5:50 PM
sborer added a comment.Nov 4 2018, 5:45 PM

Looks like it won't be in 4.20 either: https://www.phoronix.com/scan.php?page=news_item&px=WireGuard-Not-In-4.20
The wait continues...

Jacalz awarded a token.Nov 4 2018, 5:56 PM
Lorien added a subscriber: Lorien.Nov 4 2018, 11:32 PM
190n added a subscriber: 190n.Dec 18 2018, 4:05 AM
mclang added a subscriber: mclang.Jan 7 2019, 1:38 PM
wuzhe awarded a token.Feb 20 2019, 4:27 PM
rav101 added a subscriber: rav101.Mar 5 2019, 3:25 PM
usmancc added a comment.EditedMar 13 2019, 5:05 PM

This was working for me when compiling from source. But since recent updates.. It still complies and installs fine but I get

wg-quick[2615]: free(): double free detected in tcache 2
wg-quick[2615]: /usr/bin/wg-quick: line 29: 2645 Aborted "$@"

:/

I've been doing the same. It seems to be due to a bug in resolvconf. I've commented out the following lines in wg-quick (which is just a shell script)

printf 'nameserver %s\n' "${DNS[@]}" | cmd resolvconf -a "$(resolvconf_iface_prefix)$INTERFACE" -m 0 -x

and

cmd resolvconf -d "$(resolvconf_iface_prefix)$INTERFACE"

Seems to be working after I make those changes.

This was working for me when compiling from source. But since recent updates.. It still complies and installs fine but I get

wg-quick[2615]: free(): double free detected in tcache 2
wg-quick[2615]: /usr/bin/wg-quick: line 29: 2645 Aborted "$@"

:/

Following up on this, the actual bug is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860564

Seems like setting the DNS variable in the config isn't going to work. One of the VPNs recommends doing this instead:

PostUp = systemd-resolve -i %i --set-dns=1.1.1.1 --set-domain=~.

@kevindkeogh - Thanks for the tips. I commented those lines out and it works! and removing the DNS variable from wireguard config file also seems to do the trick. albeit I have to manually configure DNS servers each time; the PostUp command isnt working as expected for me ATM, but its a start. Cheers!

JoshStrobl changed the edit policy from "All Users" to "Triage Team (Project)".Apr 24 2019, 6:24 AM
nezorflame added a subscriber: nezorflame.
jtflynnz added a subscriber: jtflynnz.
r3r57 added a subscriber: r3r57.Aug 2 2019, 3:18 PM
ArjenR added a subscriber: ArjenR.Oct 9 2019, 9:13 AM

Following up on this, the actual bug is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860564
Seems like setting the DNS variable in the config isn't going to work. One of the VPNs recommends doing this instead:

PostUp = systemd-resolve -i %i --set-dns=1.1.1.1 --set-domain=~.

I have patched my build to use resolvectl in wg-quick which is quite easy to use, so also software like qomui will work properly.

Mr.Midnight added a subscriber: Mr.Midnight.

What is the best way to update/uninstall Wireguard until this gets into the kernel?

ArjenR added a comment.Nov 1 2019, 8:05 PM

What is the best way to update/uninstall Wireguard until this gets into the kernel?

Well, I prefer to build my own package to be able to properly install it. This should in time be upgraded by an official package provided by Solus dev's.

Packages can be built using solbuild which provides a separate build environment so you don't have to mess with development packages on your regular installation. https://getsol.us/articles/packaging/building-a-package/en/

It is policy not to link to external packages or package recipes from here since these are not tested and verified by the Solus devs.

Mr.Midnight added a comment.EditedNov 12 2019, 9:04 AM

Thank you @ArjenR ! Can you post your resolvectl command btw?

Okra added a subscriber: Okra.Sat, Nov 23, 3:00 PM
Jragoon added a subscriber: Jragoon.Sun, Dec 8, 7:10 PM