Jump to content


Photo

Request for WireGuard VPN implementation

WireGuard VPN

  • Please log in to reply
7 replies to this topic

#1 p_e_p_i_j_n

  • New Member
  • 2 posts

0
Neutral

Posted 9 August 2018 - 23:13

Like the title says, it would be nice for me to have WireGuard working on the OpenPLi image.

 

In the beginning only command line support will be enough for me. And later on as a plugin within the gui or something like that.

 



Re: Request for WireGuard VPN implementation #2 littlesat

  • PLi® Core member
  • 45,198 posts

+463
Excellent

Posted 10 August 2018 - 06:57

We have OpenVPN support. Not from the ui as a e2 box is not really secure (everything is running under root). But you can install it and config it via console etc...

Edited by littlesat, 10 August 2018 - 07:00.

WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W Thanks to Henksat

Re: Request for WireGuard VPN implementation #3 MastaG

  • PLi® Core member
  • 1,493 posts

+115
Excellent

Posted 10 August 2018 - 10:02

WireGuard needs to be enabled at kernel level.

Also since it's not merged into mainline yet, you need to get the patchset and backport it.

See: https://www.phoronix...Likes-WireGuard

 

And the kernel is specific for each receiver and the kernel versions/configurations differ across the multiple BSP-layers we support.

So we'd have to look at the available patchsets, apply, enable and test them.. and then send in PR's I guess.

 

Then of course there's also the UI part..

 

This would require a person with lots of free time available ;)



Re: Request for WireGuard VPN implementation #4 athoik

  • PLi® Core member
  • 7,415 posts

+261
Excellent

Posted 10 August 2018 - 10:42

No it doesn't required build-in kernel support.

You need:
https://layers.opene...x/recipe/60780/
 
WireGuard requires Linux ≥3.10, with the following configuration options, which are likely already configured in your kernel, especially if you're installing via distribution packages, above.

    CONFIG_NET for basic networking support
    CONFIG_INET for basic IP support
    CONFIG_NET_UDP_TUNNEL for sending and receiving UDP packets
    CONFIG_CRYPTO_BLKCIPHER for doing scatter-gather I/O
and:
https://layers.opene...x/recipe/60780/


So all new generation boxes can support it, it's a matter of testing the recipes (and enabling the config on kernels where required).


Of course create a "proper" UI for it, it requires first making "proper" UI for the whole network staff (that currently sucks).

Edited by athoik, 10 August 2018 - 10:42.

Wavefield T90: 0.8W - 1.9E - 4.8E - 13E - 16E - 19.2E - 23.5E - 26E - 33E - 39E - 42E - 45E on EMP Centauri DiseqC 16/1
Unamed: 13E Quattro - 9E Quattro on IKUSI MS-0916

Re: Request for WireGuard VPN implementation #5 MastaG

  • PLi® Core member
  • 1,493 posts

+115
Excellent

Posted 10 August 2018 - 12:14

Ah thanks for clearing that up Athoik.

Guess I've had to do a bit more research.

Btw, you posted the same link twice ;)

 

Great to see the module can be built easily op top of 3.10 or newer.

Going to give it a try soon.



Re: Request for WireGuard VPN implementation #6 athoik

  • PLi® Core member
  • 7,415 posts

+261
Excellent

Posted 10 August 2018 - 13:07

The second link was the wireguard-tools: https://layers.opene...x/recipe/60781/

I guess we should give a "huge" try.

WireGuard uses state-of-the-art cryptography, like the Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, and secure trusted constructions. It makes conservative and reasonable choices and has been reviewed by cryptographers.


Wavefield T90: 0.8W - 1.9E - 4.8E - 13E - 16E - 19.2E - 23.5E - 26E - 33E - 39E - 42E - 45E on EMP Centauri DiseqC 16/1
Unamed: 13E Quattro - 9E Quattro on IKUSI MS-0916

Re: Request for WireGuard VPN implementation #7 p_e_p_i_j_n

  • New Member
  • 2 posts

0
Neutral

Posted 14 August 2018 - 15:38

2 ideas to keep things simple and less time-consuming....

  1. Make it available as an opkg extension. So only the people who need it will install it. Keeps the basic distro lean and clean.
     
  2. Forget the UI. People who will use this have enough experience to get this up and running by the cli. And i.e. entering an WireGuard publickey with you stb remote will be a catastrophe  :(  

Maybe I can help testing or something. I'm running multiple WireGuard VPN setups for a long time.
Where can I follow the progress or be informed about updates around this subject.


Edited by p_e_p_i_j_n, 14 August 2018 - 15:40.


Re: Request for WireGuard VPN implementation #8 athoik

  • PLi® Core member
  • 7,415 posts

+261
Excellent

Posted 15 August 2018 - 16:01

I was able to compile wireguard (20180809) just fine.

Only CONFIG_NET_UDP_TUNNEL is missing from boxes.

Although some boxes like VU+ 1st gen are still using 3.9, Xtrend 1st gen are using 3.8 and DM8000 is using 3.2

Most probably those will fail, if there are not failing (but not working either) it is much better (because no special MACHINE_FEATURES, requrired).

Edited by athoik, 15 August 2018 - 16:02.

Wavefield T90: 0.8W - 1.9E - 4.8E - 13E - 16E - 19.2E - 23.5E - 26E - 33E - 39E - 42E - 45E on EMP Centauri DiseqC 16/1
Unamed: 13E Quattro - 9E Quattro on IKUSI MS-0916




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users