Like the title says, it would be nice for me to have WireGuard working on the OpenPLi image.
In the beginning only command line support will be enough for me. And later on as a plugin within the gui or something like that.
Geplaatst op 10 augustus 2018 - 06:57
Veranderd door littlesat, 10 augustus 2018 - 07:00
WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W
Geplaatst op 10 augustus 2018 - 10:02
WireGuard needs to be enabled at kernel level.
Also since it's not merged into mainline yet, you need to get the patchset and backport it.
See: https://www.phoronix...Likes-WireGuard
And the kernel is specific for each receiver and the kernel versions/configurations differ across the multiple BSP-layers we support.
So we'd have to look at the available patchsets, apply, enable and test them.. and then send in PR's I guess.
Then of course there's also the UI part..
This would require a person with lots of free time available
Geplaatst op 10 augustus 2018 - 10:42
WireGuard requires Linux ≥3.10, with the following configuration options, which are likely already configured in your kernel, especially if you're installing via distribution packages, above. CONFIG_NET for basic networking support CONFIG_INET for basic IP support CONFIG_NET_UDP_TUNNEL for sending and receiving UDP packets CONFIG_CRYPTO_BLKCIPHER for doing scatter-gather I/Oand:
Veranderd door athoik, 10 augustus 2018 - 10:42
Geplaatst op 10 augustus 2018 - 13:07
WireGuard uses state-of-the-art cryptography, like the Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, and secure trusted constructions. It makes conservative and reasonable choices and has been reviewed by cryptographers.
Geplaatst op 14 augustus 2018 - 15:38
2 ideas to keep things simple and less time-consuming....
Maybe I can help testing or something. I'm running multiple WireGuard VPN setups for a long time.
Where can I follow the progress or be informed about updates around this subject.
Veranderd door p_e_p_i_j_n, 14 augustus 2018 - 15:40
Geplaatst op 15 augustus 2018 - 16:01
Veranderd door athoik, 15 augustus 2018 - 16:02
Geplaatst op 24 december 2018 - 00:34
Just stumbled across this Thread because i was searching for OpenPli+Wireguard.
Since a few Months i'm playing around with Wireguard on various non-TV-Devices and it works like a charm.
Also it needs much less Resources and is even faster than IPsec/OpenVPN.
It would be really great to have Wireguard on the OpenPli.
Veranderd door AllMassive, 24 december 2018 - 00:35
Geplaatst op 25 december 2018 - 18:15
It requires "CONFIG_NETFILTER_XT_MATCH_HASHLIMIT" to be activated in the kernel config, which in turn means all vendors have to update their BSP package. Which in turn means we can't add it to the build until all vendors have done so.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Geplaatst op 25 december 2018 - 18:32
Geplaatst op 25 december 2018 - 18:39
It also requires:
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Geplaatst op 25 december 2018 - 21:54
- CONFIG_NET_UDP_TUNNEL, found in Linux kernels: 3.17–3.19, 4.0–4.20, so it fails for quite a few boxes
- CONFIG_NF_CONNTRACK, not enabled in any defconfig
- CONFIG_CRYPTO_BLKCIPHER, not enabled in any defconfig
- CONFIG_PADATA, not enabled in any defconfig
The first restricting it's use to STB's with a 4.x kernel, excluding the DM8000, the 1st gen Xtrends, and virtually all VU+.
Hm - ok :*(
You wrote that a 4.x-Kernel is needed and actually my VU+ UNO 4K SE OpenPli 7.rc already has a 4.x-Kernel:
Linux vu 4.1.20-1.9 #1 SMP Sat Nov 24 17:07:00 CET 2018 armv7l GNU/Linux
Geplaatst op 25 december 2018 - 23:39
In which case you can make local BSP modifications and build your own image from source.
In addition to that I wrote before, we're also not a big fan of introducing features that only work on a subset of supported hardware.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Geplaatst op 8 april 2020 - 06:58
Veranderd door littlesat, 8 april 2020 - 06:58
WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W
Geplaatst op 8 april 2020 - 12:33
Almost "a year and a half" further, meanwhile wireguard made it in to kernel 5.6 mainline,
Yet which view have OpenPLi dev's on this tunnel?
I suppose openvpn will be deprecated and wireguard packages will be in soon ?
I sincerely doubt it.
For starters, no box currently runs on 5.6, and most never will.
And as long as most endpoints (NAS boxes, routers, firewalls) don't support it, it will not catch on very quickly.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Geplaatst op 9 april 2020 - 06:28
certainly but as from kernel 3.10 things can be compiled from scratch so I thought things could be incorporated building forthcoming OpenPLi.8
[offtopic]My old Vu+solo won't be in as it has 3.9.6 currently ...[/offtopic]
Geplaatst op 9 april 2020 - 13:03
If it doesn't work on all boxes, don't hold your breath.
Also, if it is not part of Yocto, someone needs to make a bitbake recipe for it. That someone won't be me, see my previous response.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
0 leden, 1 bezoekers, 0 anonieme gebruikers