Page MenuHomeSolus

WireGuard
Open, NormalPublic

Subscribers
Tokens
"Love" token, awarded by Jacalz."Like" token, awarded by retiform."Love" token, awarded by stigarn."Love" token, awarded by Brandywine."Love" token, awarded by angristan."Love" token, awarded by severucold."Love" token, awarded by validupuma."Love" token, awarded by patrickstarispink."Love" token, awarded by mattrazol."Love" token, awarded by maxtriano."Love" token, awarded by racerdot."Love" token, awarded by Timalex."Love" token, awarded by mgrandl."Love" token, awarded by kaotik."Love" token, awarded by IntenceYT."Love" token, awarded by Herdo."Love" token, awarded by baimafeima."Love" token, awarded by TheMarketAnarchist.
Assigned To
None
Authored By
anaknaga, May 28 2017

Description

Name: WireGuard

Homepage: https://www.wireguard.io

Reason: WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

Open Source: Yes

Source: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20170517.tar.xz
(see https://git.zx2c4.com/WireGuard/ for latest release)

Related Objects

Duplicates Merged Here
T5468: azclient
siru added a subscriber: siru.Jun 11 2017, 9:49 AM
efsn88 added a subscriber: efsn88.Aug 14 2017, 8:46 PM

Would this need to be implemented in the Linux kernel or is this a standalone application?

https://www.wireguard.com/install/

According to this link it looks like it can be built as an external kernel module or it can built in-line with the kernel. It also looks like they are going for mainline inclusion by the end of this year if things pan out for them.

https://www.phoronix.com/scan.php?page=news_item&px=WireGuard-2016

I've been running WireGuard on Solus for a while now, built it manually. Since then I switched entirely from openVPN to WireGuard. It is better, simpler, and faster. I'm really very happy with it, and hope Solus will include it in its repo at one point.

Caelum added a subscriber: Caelum.Aug 29 2017, 3:37 PM
sborer added a subscriber: sborer.Nov 8 2017, 2:28 PM
Herdo awarded a token.Dec 29 2017, 6:08 AM
Herdo added a subscriber: Herdo.
IntenceYT added a subscriber: IntenceYT.
kaotik awarded a token.Jan 2 2018, 2:28 PM
kaotik added a subscriber: kaotik.

Wireguard is working well in China and would be tremendously helpful in circumventing the nasty censorship system at place. I am running a Streisand server and would love to be able to use Wireguard on Solus. See: https://github.com/StreisandEffect/streisand/pull/1119
Isn't there a possibility to add wireguard-dkms modules as distribution packages to the repository? To my knowledge, these would not have to be rebuilt when kernels are rebuilt. See: https://launchpad.net/~wireguard/+archive/ubuntu/wireguard (Ubuntu), https://packages.debian.org/sid/wireguard-dkms (Debian), https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/ (Fedora)

pokgak added a subscriber: pokgak.Jan 19 2018, 8:58 AM

Since December's WireGuard release, I've been having difficulties building on Solus. Code from November still build. Any help would be much appreciated, but it seems that something changed in the kernel. Unsure.

user@t450s-solus ~/bin/WireGuard-0.0.20180118/src $ make debug
test -e include/generated/autoconf.h -a -e include/config/auto.conf || (	\
echo >&2;							\
echo >&2 "  ERROR: Kernel configuration is invalid.";		\
echo >&2 "         include/generated/autoconf.h or include/config/auto.conf are missing.";\
echo >&2 "         Run 'make oldconfig && make prepare' on kernel src to fix it.";	\
echo >&2 ;							\
/bin/false)
mkdir -p /home/user/bin/WireGuard-0.0.20180118/src/.tmp_versions ; rm -f /home/user/bin/WireGuard-0.0.20180118/src/.tmp_versions/*
make -f ./scripts/Makefile.build obj=/home/user/bin/WireGuard-0.0.20180118/src
make[2]: *** No rule to make target '/home/user/bin/WireGuard-0.0.20180118/src/main.o', needed by '/home/user/bin/WireGuard-0.0.20180118/src/wireguard.o'.  Stop.
make[1]: *** [Makefile:1507: _module_/home/user/bin/WireGuard-0.0.20180118/src] Error 2
make: *** [Makefile:39: module-debug] Error 2

Since December's WireGuard release, I've been having difficulties building on Solus. Code from November still build. Any help would be much appreciated, but it seems that something changed in the kernel. Unsure.

user@t450s-solus ~/bin/WireGuard-0.0.20180118/src $ make debug
test -e include/generated/autoconf.h -a -e include/config/auto.conf || (	\
echo >&2;							\
echo >&2 "  ERROR: Kernel configuration is invalid.";		\
echo >&2 "         include/generated/autoconf.h or include/config/auto.conf are missing.";\
echo >&2 "         Run 'make oldconfig && make prepare' on kernel src to fix it.";	\
echo >&2 ;							\
/bin/false)
mkdir -p /home/user/bin/WireGuard-0.0.20180118/src/.tmp_versions ; rm -f /home/user/bin/WireGuard-0.0.20180118/src/.tmp_versions/*
make -f ./scripts/Makefile.build obj=/home/user/bin/WireGuard-0.0.20180118/src
make[2]: *** No rule to make target '/home/user/bin/WireGuard-0.0.20180118/src/main.o', needed by '/home/user/bin/WireGuard-0.0.20180118/src/wireguard.o'.  Stop.
make[1]: *** [Makefile:1507: _module_/home/user/bin/WireGuard-0.0.20180118/src] Error 2
make: *** [Makefile:39: module-debug] Error 2

Bug and workaround posted here: https://dev.solus-project.com/T5607

asonix added a subscriber: asonix.Jan 31 2018, 5:03 PM
mgrandl added a subscriber: mgrandl.

@anaknaga did you also get the error because of missing resolvconf when trying wg-quick?

wg-quick up azirevpn-se1:

ip link add azirevpn-se1 type wireguard
wg setconf azirevpn-se1 /dev/fd/63
ip address add 10.10.4.181/19 dev azirevpn-se1
ip address add 2a03:8600:1001:4000::4b6/64 dev azirevpn-se1
ip link set mtu 1420 dev azirevpn-se1
ip link set azirevpn-se1 up
resolvconf -a azirevpn-se1 -m 0 -x
/usr/bin/wg-quick: line 73: resolvconf: command not found
ip link delete dev azirevpn-se1

Compiled and installed using https://www.wireguard.com/install/#option-b-compiling-from-source
Following the guide at: https://www.azirevpn.com/wireguard

@anaknaga did you also get the error because of missing resolvconf when trying wg-quick?

wg-quick up azirevpn-se1:

ip link add azirevpn-se1 type wireguard
wg setconf azirevpn-se1 /dev/fd/63
ip address add 10.10.4.181/19 dev azirevpn-se1
ip address add 2a03:8600:1001:4000::4b6/64 dev azirevpn-se1
ip link set mtu 1420 dev azirevpn-se1
ip link set azirevpn-se1 up
resolvconf -a azirevpn-se1 -m 0 -x
/usr/bin/wg-quick: line 73: resolvconf: command not found
ip link delete dev azirevpn-se1

Compiled and installed using https://www.wireguard.com/install/#option-b-compiling-from-source
Following the guide at: https://www.azirevpn.com/wireguard

Yes, you will need to comment out the resolvconf line and add the following to the conf file for it to work in Solus:

PostUp = echo "nameserver YOUR_WG_DNS" > /etc/resolv.conf
PostDown = echo "nameserver YOUR_NORMAL_DNS" > /etc/resolv.conf
maxtriano added a subscriber: maxtriano.
mattrazol added a subscriber: mattrazol.
severucold added a subscriber: severucold.
angristan added a subscriber: angristan.

@anaknaga did you also get the error because of missing resolvconf when trying wg-quick?

wg-quick up azirevpn-se1:

ip link add azirevpn-se1 type wireguard
wg setconf azirevpn-se1 /dev/fd/63
ip address add 10.10.4.181/19 dev azirevpn-se1
ip address add 2a03:8600:1001:4000::4b6/64 dev azirevpn-se1
ip link set mtu 1420 dev azirevpn-se1
ip link set azirevpn-se1 up
resolvconf -a azirevpn-se1 -m 0 -x
/usr/bin/wg-quick: line 73: resolvconf: command not found
ip link delete dev azirevpn-se1

Compiled and installed using https://www.wireguard.com/install/#option-b-compiling-from-source
Following the guide at: https://www.azirevpn.com/wireguard

Yes, you will need to comment out the resolvconf line and add the following to the conf file for it to work in Solus:

PostUp = echo "nameserver YOUR_WG_DNS" > /etc/resolv.conf
PostDown = echo "nameserver YOUR_NORMAL_DNS" > /etc/resolv.conf

Much more simply solved by installing openresolv. Although it isn't in the current solus repo (It is the only package left to make wireguard an easy install). Luckily there is a community member with a yaml build file + eopkg binaries.

Link: https://gitlab.com/devil505/solus-3rd-party-repo/tree/master/openresolv

Maybe the request for openresolv should be re-opened ? https://dev.solus-project.com/T2931

Maybe the request for openresolv should be re-opened ? https://dev.solus-project.com/T2931

+1 on this idea

I've tested DNS leaks with openresolv + Wireguard. And fortunately there are none. However I have not tested it with OpenVPN so I cannot validate Eric's claim.

Brandywine added a subscriber: Brandywine.
This comment was removed by JoshStrobl.
JoshStrobl added a comment.EditedAug 13 2018, 1:27 AM

@Devil505 Please refrain from posting here about your unofficial repository, where none of the packages have been validated by us to not negatively impact users, or perform actions which may run counter to how Solus works or is intended to function. Furthermore, your repository is not actively rebuilt against ours, leading to breakages like those experienced here, which negatively impacts the experience of our users and despite your warning in your README, leads to undesired support requests directed to us as a result. Thank you.

I apologize if I missed something, but it appears that for the last year developers haven't touched this ticket, the software, or made a statement to the effect of "we're looking at it." Then a user posts a forum link for his install package where he makes it very clear that it's a personal package and he's just looking for testers. Now you show up (a year after this ticket was made), delete the comment, and that's it? Not even a "we're looking at this" after you deleted the comment? I understand your logic in removing the comment and it makes perfect sense. I'm more at a loss as to why your only action on this year old ticket was to warn a user and delete his comment.

Furthermore, if that user is serious about getting his package in, is there a way for him to get his package into official testing? I'm asking in case he comes back looking for guidance.

Furthermore, if that user is serious about getting his package in, is there a way for him to get his package into official testing? I'm asking in case he comes back looking for guidance.

In fact I'm waiting for a change of this ticket status for "accepted for inclusion", after that, I can send a patch. Without this status, my patch will be rejected.

I may very well be wrong but, I believe the reason this package has sat in the backlog for so long is that WireGuard is headed towards inclusion in the Kernel which would likely mean that we wouldn't need to package it separately for the Solus Repository.

I may very well be wrong but, I believe the reason this package has sat in the backlog for so long is that WireGuard is headed towards inclusion in the Kernel which would likely mean that we wouldn't need to package it separately for the Solus Repository.

That's a perfectly logical reason and I'm sure many users (myself included) would understand that. That, however, was never stated.

As4fN1v removed a subscriber: As4fN1v.Aug 14 2018, 7:31 AM
DataDrake added a subscriber: DataDrake.

All,

WireGuard is indeed on the backburner until it gets accepted into the kernel. Frankly, Linus' endorsement of it is enough evidence to me that it should be included. But until it is merged into the kernel, I don't want to include any userland utilities or alternative implementations. Because of that I will not be marking this as accepted until such a time.

Thanks.

Thanks for updating us.

nazar added a subscriber: nazar.Aug 27 2018, 11:54 AM
DataDrake triaged this task as Normal priority.Aug 31 2018, 5:50 PM
sborer added a comment.Nov 4 2018, 5:45 PM

Looks like it won't be in 4.20 either: https://www.phoronix.com/scan.php?page=news_item&px=WireGuard-Not-In-4.20
The wait continues...

Jacalz awarded a token.Nov 4 2018, 5:56 PM
Lorien added a subscriber: Lorien.Nov 4 2018, 11:32 PM