Page MenuHomeSolus

WireGuard
Closed, ResolvedPublic

Subscribers
Tokens
"Love" token, awarded by rad4day."Love" token, awarded by onionJL."Love" token, awarded by ur5us."Love" token, awarded by Krutonium."Love" token, awarded by sixtyfive."Party Time" token, awarded by kyrios123."Love" token, awarded by liepumartins."Orange Medal" token, awarded by Mr.Midnight."Love" token, awarded by ArjenR."Love" token, awarded by playforvoices."Love" token, awarded by jtflynnz."Love" token, awarded by nezorflame."Like" token, awarded by wuzhe."Love" token, awarded by Jacalz."Like" token, awarded by retiform."Love" token, awarded by stigarn."Love" token, awarded by Brandywine."Love" token, awarded by angristan."Love" token, awarded by severucold."Love" token, awarded by validupuma."Love" token, awarded by patrickstarispink."Love" token, awarded by mattrazol."Love" token, awarded by maxtriano."Love" token, awarded by racerdot."Love" token, awarded by Timalex."Love" token, awarded by mgrandl."Love" token, awarded by kaotik."Love" token, awarded by IntenceYT."Love" token, awarded by Herdo."Love" token, awarded by baimafeima."Love" token, awarded by TheMarketAnarchist.
Assigned To
Authored By
anaknaga, May 28 2017

Description

Name: WireGuard

Homepage: https://www.wireguard.io

Reason: WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

Open Source: Yes

Source: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20170517.tar.xz
(see https://git.zx2c4.com/WireGuard/ for latest release)

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
angristan added a subscriber: angristan.

@anaknaga did you also get the error because of missing resolvconf when trying wg-quick?
wg-quick up azirevpn-se1:

ip link add azirevpn-se1 type wireguard
wg setconf azirevpn-se1 /dev/fd/63
ip address add 10.10.4.181/19 dev azirevpn-se1
ip address add 2a03:8600:1001:4000::4b6/64 dev azirevpn-se1
ip link set mtu 1420 dev azirevpn-se1
ip link set azirevpn-se1 up
resolvconf -a azirevpn-se1 -m 0 -x
/usr/bin/wg-quick: line 73: resolvconf: command not found
ip link delete dev azirevpn-se1

Compiled and installed using https://www.wireguard.com/install/#option-b-compiling-from-source
Following the guide at: https://www.azirevpn.com/wireguard

Yes, you will need to comment out the resolvconf line and add the following to the conf file for it to work in Solus:

PostUp = echo "nameserver YOUR_WG_DNS" > /etc/resolv.conf
PostDown = echo "nameserver YOUR_NORMAL_DNS" > /etc/resolv.conf

Much more simply solved by installing openresolv. Although it isn't in the current solus repo (It is the only package left to make wireguard an easy install). Luckily there is a community member with a yaml build file + eopkg binaries.

Link: https://gitlab.com/devil505/solus-3rd-party-repo/tree/master/openresolv

Maybe the request for openresolv should be re-opened ? https://dev.solus-project.com/T2931

Maybe the request for openresolv should be re-opened ? https://dev.solus-project.com/T2931

+1 on this idea

I've tested DNS leaks with openresolv + Wireguard. And fortunately there are none. However I have not tested it with OpenVPN so I cannot validate Eric's claim.

Brandywine added a subscriber: Brandywine.
This comment was removed by JoshStrobl.
JoshStrobl added a comment.EditedAug 13 2018, 1:27 AM

@Devil505 Please refrain from posting here about your unofficial repository, where none of the packages have been validated by us to not negatively impact users, or perform actions which may run counter to how Solus works or is intended to function. Furthermore, your repository is not actively rebuilt against ours, leading to breakages like those experienced here, which negatively impacts the experience of our users and despite your warning in your README, leads to undesired support requests directed to us as a result. Thank you.

I apologize if I missed something, but it appears that for the last year developers haven't touched this ticket, the software, or made a statement to the effect of "we're looking at it." Then a user posts a forum link for his install package where he makes it very clear that it's a personal package and he's just looking for testers. Now you show up (a year after this ticket was made), delete the comment, and that's it? Not even a "we're looking at this" after you deleted the comment? I understand your logic in removing the comment and it makes perfect sense. I'm more at a loss as to why your only action on this year old ticket was to warn a user and delete his comment.

Furthermore, if that user is serious about getting his package in, is there a way for him to get his package into official testing? I'm asking in case he comes back looking for guidance.

Furthermore, if that user is serious about getting his package in, is there a way for him to get his package into official testing? I'm asking in case he comes back looking for guidance.

In fact I'm waiting for a change of this ticket status for "accepted for inclusion", after that, I can send a patch. Without this status, my patch will be rejected.

I may very well be wrong but, I believe the reason this package has sat in the backlog for so long is that WireGuard is headed towards inclusion in the Kernel which would likely mean that we wouldn't need to package it separately for the Solus Repository.

I may very well be wrong but, I believe the reason this package has sat in the backlog for so long is that WireGuard is headed towards inclusion in the Kernel which would likely mean that we wouldn't need to package it separately for the Solus Repository.

That's a perfectly logical reason and I'm sure many users (myself included) would understand that. That, however, was never stated.

As4fN1v removed a subscriber: As4fN1v.Aug 14 2018, 7:31 AM
DataDrake added a subscriber: DataDrake.

All,

WireGuard is indeed on the backburner until it gets accepted into the kernel. Frankly, Linus' endorsement of it is enough evidence to me that it should be included. But until it is merged into the kernel, I don't want to include any userland utilities or alternative implementations. Because of that I will not be marking this as accepted until such a time.

Thanks.

Thanks for updating us.

nazar added a subscriber: nazar.Aug 27 2018, 11:54 AM
DataDrake triaged this task as Normal priority.Aug 31 2018, 5:50 PM
sborer added a comment.Nov 4 2018, 5:45 PM

Looks like it won't be in 4.20 either: https://www.phoronix.com/scan.php?page=news_item&px=WireGuard-Not-In-4.20
The wait continues...

Jacalz awarded a token.Nov 4 2018, 5:56 PM
Lorien added a subscriber: Lorien.Nov 4 2018, 11:32 PM
190n added a subscriber: 190n.Dec 18 2018, 4:05 AM
mclang added a subscriber: mclang.Jan 7 2019, 1:38 PM
wuzhe awarded a token.Feb 20 2019, 4:27 PM
rav101 added a subscriber: rav101.Mar 5 2019, 3:25 PM
usmancc added a comment.EditedMar 13 2019, 5:05 PM

This was working for me when compiling from source. But since recent updates.. It still complies and installs fine but I get

wg-quick[2615]: free(): double free detected in tcache 2
wg-quick[2615]: /usr/bin/wg-quick: line 29: 2645 Aborted "$@"

:/

I've been doing the same. It seems to be due to a bug in resolvconf. I've commented out the following lines in wg-quick (which is just a shell script)

printf 'nameserver %s\n' "${DNS[@]}" | cmd resolvconf -a "$(resolvconf_iface_prefix)$INTERFACE" -m 0 -x

and

cmd resolvconf -d "$(resolvconf_iface_prefix)$INTERFACE"

Seems to be working after I make those changes.

This was working for me when compiling from source. But since recent updates.. It still complies and installs fine but I get

wg-quick[2615]: free(): double free detected in tcache 2
wg-quick[2615]: /usr/bin/wg-quick: line 29: 2645 Aborted "$@"

:/

Following up on this, the actual bug is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860564

Seems like setting the DNS variable in the config isn't going to work. One of the VPNs recommends doing this instead:

PostUp = systemd-resolve -i %i --set-dns=1.1.1.1 --set-domain=~.

@kevindkeogh - Thanks for the tips. I commented those lines out and it works! and removing the DNS variable from wireguard config file also seems to do the trick. albeit I have to manually configure DNS servers each time; the PostUp command isnt working as expected for me ATM, but its a start. Cheers!

JoshStrobl changed the edit policy from "All Users" to "Triage Team (Project)".Apr 24 2019, 6:24 AM
nezorflame added a subscriber: nezorflame.
jtflynnz added a subscriber: jtflynnz.
r3r57 added a subscriber: r3r57.Aug 2 2019, 3:18 PM
ArjenR added a subscriber: ArjenR.Oct 9 2019, 9:13 AM

Following up on this, the actual bug is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860564
Seems like setting the DNS variable in the config isn't going to work. One of the VPNs recommends doing this instead:

PostUp = systemd-resolve -i %i --set-dns=1.1.1.1 --set-domain=~.

I have patched my build to use resolvectl in wg-quick which is quite easy to use, so also software like qomui will work properly.

Mr.Midnight added a subscriber: Mr.Midnight.

What is the best way to update/uninstall Wireguard until this gets into the kernel?

ArjenR added a comment.Nov 1 2019, 8:05 PM

What is the best way to update/uninstall Wireguard until this gets into the kernel?

Well, I prefer to build my own package to be able to properly install it. This should in time be upgraded by an official package provided by Solus dev's.

Packages can be built using solbuild which provides a separate build environment so you don't have to mess with development packages on your regular installation. https://getsol.us/articles/packaging/building-a-package/en/

It is policy not to link to external packages or package recipes from here since these are not tested and verified by the Solus devs.

Mr.Midnight added a comment.EditedNov 12 2019, 9:04 AM

Thank you @ArjenR ! Can you post your resolvectl command btw?

Okra added a subscriber: Okra.Nov 23 2019, 3:00 PM
Jragoon added a subscriber: Jragoon.Dec 8 2019, 7:10 PM
nazar removed a subscriber: nazar.Jan 10 2020, 5:17 AM
Sethox added a subscriber: Sethox.EditedFeb 21 2020, 1:42 PM

Since it was not posted here, Wireguard is in the kernel now:

All we really need to do now is wait for the natural progression for the other modules to sync up (be able to detect.. etc) with the kernel version of Wireguard (meaning that there is no need to meddle in this anymore), I hope.

@Sethox We still need a wireguard-tools package iirc

Support for this is now enabled in the -current kernel. It will NOT work on -lts.

Should a new task be created to have the package wireguard-tools ?
https://github.com/WireGuard/wireguard-tools

Nah, this task is enough.

Krutonium added a subscriber: Krutonium.
ur5us awarded a token.May 3 2020, 3:06 AM

Just wanted to make a small update: I installed wireguard-tools as a snap (https://snapcraft.io/wireguard-ammp), created my private/public keys, defined a wireguard vpn with the Plasma interface and successfully connected to my wireguard enabled router.

onionJL added a subscriber: onionJL.

So, as I didn't find it in this conversation: What is currently preventing wireguard-tools from being accepted for inclusion?

Farcrada removed a subscriber: Farcrada.Jun 7 2020, 6:14 PM
g66925 added a subscriber: g66925.Jul 2 2020, 3:43 AM
JoshStrobl closed this task as Resolved.Jul 15 2020, 7:45 AM
JoshStrobl claimed this task.