Jump to content


Photo

Request for WireGuard VPN implementation

WireGuard VPN

  • Please log in to reply
107 replies to this topic

Re: Request for WireGuard VPN implementation #21 WanWizard

  • PLi® Core member
  • 70,552 posts

+1,813
Excellent

Posted 9 April 2020 - 15:58

And using smart dan instead?

Sorry?


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Request for WireGuard VPN implementation #22 littlesat

  • PLi® Core member
  • 57,191 posts

+699
Excellent

Posted 9 April 2020 - 16:51

There is a method where you change the dns and then get vpn working.... at least the geo location block is bypassed.... most vpn providers do support it. Google wiki smart dns.

WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: Request for WireGuard VPN implementation #23 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 18 April 2020 - 14:06

What is actually the advantage of wireguard to openvpn? Why would anyone want to use it anyway? Openvpn quite a good product.


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: Request for WireGuard VPN implementation #24 athoik

  • PLi® Core member
  • 8,458 posts

+327
Excellent

Posted 18 April 2020 - 14:30

Wireguard performance is excellent, minimal CPU consumption, minimal latency, great security.
Wavefield T90: 0.8W - 1.9E - 4.8E - 13E - 16E - 19.2E - 23.5E - 26E - 33E - 39E - 42E - 45E on EMP Centauri DiseqC 16/1
Unamed: 13E Quattro - 9E Quattro on IKUSI MS-0916

Re: Request for WireGuard VPN implementation #25 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 18 April 2020 - 14:36

In my opinion that counts for OpenVPN just as well?


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: Request for WireGuard VPN implementation #26 athoik

  • PLi® Core member
  • 8,458 posts

+327
Excellent

Posted 18 April 2020 - 14:53

So they are lying here?

https://www.wireguard.com/performance/

As long as somebody is willing to take over the maintenance of wireguard, I am not against it.
Wavefield T90: 0.8W - 1.9E - 4.8E - 13E - 16E - 19.2E - 23.5E - 26E - 33E - 39E - 42E - 45E on EMP Centauri DiseqC 16/1
Unamed: 13E Quattro - 9E Quattro on IKUSI MS-0916

Re: Request for WireGuard VPN implementation #27 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 18 April 2020 - 15:06

Lying, no. Maybe presenting a selective view, yes  ;)

 

I have been using OpenVPN for 17 years now, and I don't recognise these findings. It has been used on a 50 mbps connection between two locations of my work, which clearly isn't that fast, but the CPU load was always at or near 0.01, so it really can't be that CPU heavy. Also I am using it on my phone and streaming (not even transcoding) is not a problem.

 

So yes, Wireguard may be more efficient but does it really matter in our situation? My objection is that we need to add another package that needs to be maintained. We can't drop OpenVPN.

 

BTW in the test for Wireguard vs. IPsec vs. OpenVPN it looks like Wireguard is using some hardware cipher accelerator that OpenVPN doesn't (or can't, in this situation). So the comparison may not be 100% fair. This situation may vary significantly between platforms.


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: Request for WireGuard VPN implementation #28 littlesat

  • PLi® Core member
  • 57,191 posts

+699
Excellent

Posted 18 April 2020 - 16:17

And still for bypassing just geolocking smart dns also does the job... you just entered a different dyndns server provided by your vpn provider and you’re done.... then no vpn software required on your box.... and no extra cpu usage...

Edited by littlesat, 18 April 2020 - 16:19.

WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: Request for WireGuard VPN implementation #29 WanWizard

  • PLi® Core member
  • 70,552 posts

+1,813
Excellent

Posted 18 April 2020 - 17:14

That benchmark smells a bit like "wij van WC-eend adviseren WC-eend"... ;)


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Request for WireGuard VPN implementation #30 Pippin

  • Senior Member
  • 103 posts

+2
Neutral

Posted 18 April 2020 - 18:34

OpenVPN v.s. Wireguard = Apples v.s. Oranges

 

WG will find it's place between the other options depending on use-case.

 

WG has no track record, the crypto used is only mathematically vetted.

If it is/gets broken you are at the mercy of devs.

 

In OpenVPN you just change the crypto options and problem solved.

There is lots more but kinda moot because "depending on use-case".


Edited by Pippin, 18 April 2020 - 18:35.

Today's scientists have substituted mathematics for experiments, and they wander off through equation after equation, and eventually build a structure which has no relation to reality. Nikola Tesla

Re: Request for WireGuard VPN implementation #31 littlesat

  • PLi® Core member
  • 57,191 posts

+699
Excellent

Posted 18 April 2020 - 19:35

What is the goal here for the vpn connection (then)?

WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: Request for WireGuard VPN implementation #32 athoik

  • PLi® Core member
  • 8,458 posts

+327
Excellent

Posted 19 April 2020 - 23:36

Hi,
 
It seems that UDP tunnel as module (=m) is enough on osmio4k with kernel 5.5.16.
Need to test an older kernel, eg we have several boxes with 3.14.


I build version v1.0.20200413 for module and v1.0.20200319 for tools (just like debian on wireguard page).
 
root@osmio4k:~# opkg install wireguard-tools
Installing kernel-module-ip6-udp-tunnel (5.5.16) on root
Downloading http://.../osmio4k/kernel-module-ip6-udp-tunnel_5.5.16-r0_osmio4k.ipk.
Installing kernel-module-udp-tunnel (5.5.16) on root
Downloading http://.../osmio4k/kernel-module-udp-tunnel_5.5.16-r0_osmio4k.ipk.
Installing kernel-module-wireguard (1.0.20200413) on root
Downloading http://...osmio4k/kernel-module-wireguard_1.0.20200413-r0_osmio4k.ipk.
Installing wireguard-tools (1.0.20200319) on root
Downloading http://.../armv7ahf-neon/wireguard-tools_1.0.20200319-r0_armv7ahf-neon.ipk.
Configuring kernel-module-ip6-udp-tunnel.
Configuring kernel-module-udp-tunnel.
Configuring kernel-module-wireguard.
Configuring wireguard-tools.
root@osmio4k:~# wg
interface: wg0
  public key: h....g=
  private key: (hidden)
  listening port: 54129

peer: J...s=
  endpoint: 163.172.161.0:12912
  allowed ips: 0.0.0.0/0
  latest handshake: 9 seconds ago
  transfer: 31.51 KiB received, 19.05 KiB sent
  persistent keepalive: every 25 seconds

root@osmio4k:~# curl http://192.168.4.1
<title>WireGuard Demo Configuration: Success!</title>
<body bgcolor="#444444">
<script src="snowstorm.js"></script>
<script src="trail.js"></script>
<center>
<blink>
<marquee width="100%" behavior="alternate" direction="right" scrollamount="10">
<marquee height="100%" behavior="alternate" direction="down">
<marquee width="100%" bgcolor="#33aadd" direction="right" behavior="alternate"><font face="comic sans ms" size="7" style="font-size: 3vw" color="#ddaa33">Congrats! You've successfully configured WireGuard!</font><br><marquee scrollamount="30"><img src="emblem.svg" width="20%"></marquee><br><marquee direction="left" scrollamount="40" behavior="alternate"><script>document.write('<iframe frameborder="0" height="80%" width="70%" src="/?' + (((document.location.search.substring(1)|0) + 1) % 4) + '"></iframe>');</script></marquee><br><br></marquee>
</marquee>
</marquee>
</blink>
</center>
</body>

root@osmio4k:~# wg --version
wireguard-tools v1.0.20200319 - https://git.zx2c4.com/wireguard-tools/

root@osmio4k:~# dmesg
....
wireguard: WireGuard 1.0.20200413 loaded. See www.wireguard.com for information.
wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
There are 70 boxes that need CONFIG_NET_UDP_TUNNEL=m, few already have it.
 
grep -r "CONFIG_NET_UDP_TUNNEL is not set" meta-* | wc -l
70

Edited by athoik, 19 April 2020 - 23:36.

Wavefield T90: 0.8W - 1.9E - 4.8E - 13E - 16E - 19.2E - 23.5E - 26E - 33E - 39E - 42E - 45E on EMP Centauri DiseqC 16/1
Unamed: 13E Quattro - 9E Quattro on IKUSI MS-0916

Re: Request for WireGuard VPN implementation #33 babsy98

  • Senior Member
  • 166 posts

+18
Neutral

Posted 20 April 2020 - 07:20

build from source we have add for some weeks

 

for this models build fail Kernel to old all other ok

 

cube spark spark7162 dm900 dm920 vuduo2 vusolose vusolo2 vuzero vuuno vuduo vuultimo vusolo inihde2 jj7362 odinm9 et9x00 et6x00 et5x00 dags7356 dags7335 inihdx inihde inihdp vg5000 vg2000 vg1000 ew7356 ew7358 ew7362 ixussone ixusszero blackbox7405 dm520 dm8000 dm7020hd dm7020hdv2 dm800sev2 dm500hdv2 dm7080 dm820 yh7362 yh62tc gb800solo gb7325 ch62lc


Edited by babsy98, 20 April 2020 - 07:21.


Re: Request for WireGuard VPN implementation #34 athoik

  • PLi® Core member
  • 8,458 posts

+327
Excellent

Posted 20 April 2020 - 12:54

It's simpler to include wireguard-tools only for boxes with kernel >= 3.14.

        ${@ 'wireguard-tools' if (bb.utils.vercmp_string("${KERNEL_VERSION}" or "0", '3.14') >= 0) else '' } \

Edited by athoik, 20 April 2020 - 12:54.

Wavefield T90: 0.8W - 1.9E - 4.8E - 13E - 16E - 19.2E - 23.5E - 26E - 33E - 39E - 42E - 45E on EMP Centauri DiseqC 16/1
Unamed: 13E Quattro - 9E Quattro on IKUSI MS-0916

Re: Request for WireGuard VPN implementation #35 WanWizard

  • PLi® Core member
  • 70,552 posts

+1,813
Excellent

Posted 20 April 2020 - 13:27

Yes, I did the same for the out-of-tree wifi drivers.

 

Not too happy with this introducing differences in images, but I think it can't be avoided.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Request for WireGuard VPN implementation #36 athoik

  • PLi® Core member
  • 8,458 posts

+327
Excellent

Posted 20 April 2020 - 13:45

There are also userspace wireguard implementations.

One is written in go (from the same owner).

The other is written in rust (from cloudflare, boringvpn).

Unfortunately, I think OE misses both rust and go compilers....

PS. create PR for v1 recipes of wireguard?

Edited by athoik, 20 April 2020 - 13:46.

Wavefield T90: 0.8W - 1.9E - 4.8E - 13E - 16E - 19.2E - 23.5E - 26E - 33E - 39E - 42E - 45E on EMP Centauri DiseqC 16/1
Unamed: 13E Quattro - 9E Quattro on IKUSI MS-0916

Re: Request for WireGuard VPN implementation #37 WanWizard

  • PLi® Core member
  • 70,552 posts

+1,813
Excellent

Posted 20 April 2020 - 14:41

I have no objections.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Request for WireGuard VPN implementation #38 betacentauri

  • PLi® Core member
  • 7,185 posts

+323
Excellent

Posted 20 April 2020 - 16:17

There are go compilers available. But creating a proper go bitbake file was quite difficult:

https://github.com/O...clone/rclone.bb


Xtrend ET-9200, ET-8000, ET-10000, OpenPliPC on Ubuntu 12.04

Re: Request for WireGuard VPN implementation #39 athoik

  • PLi® Core member
  • 8,458 posts

+327
Excellent

Posted 20 April 2020 - 19:19

I didn't know go it was available!

 

The userspace also seems to work, using zeus branch with go 1.12.9.

 

Here it is working with userspace client as well.

 

root@osmio4k:~# modprobe tun
root@osmio4k:~# wireguard wg0
WARNING WARNING WARNING WARNING WARNING WARNING WARNING
W                                                     G
W   You are running this software on a Linux kernel,  G
W   which is probably unnecessary and misguided. This G
W   is because the Linux kernel has built-in first    G
W   class support for WireGuard, and this support is  G
W   much more refined than this slower userspace      G
W   implementation. For more information on           G
W   installing the kernel module, please visit:       G
W           https://www.wireguard.com/install         G
W                                                     G
WARNING WARNING WARNING WARNING WARNING WARNING WARNING
INFO: (wg0) 2020/04/20 21:11:46 Starting wireguard-go version 0.0.20200121
root@osmio4k:~# wg setconf wg0 /etc/wireguard/wg0.conf

root@osmio4k:~# # disable ipv6
root@osmio4k:~# sysctl -w net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.all.disable_ipv6 = 1
root@osmio4k:~# sysctl -w net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6 = 1

root@osmio4k:~# # set ip / gateway / bring online
root@osmio4k:~# ip addr add 10.88.2.125/16 dev wg0
root@osmio4k:~# ip link set dev wg0 up
root@osmio4k:~# ip route del default
root@osmio4k:~# ip route add default dev wg0
root@osmio4k:~# ip route add 163.172.213.92/32 via 192.168.2.1 dev eth0

root@osmio4k:~# wg
interface: wg0
  public key: cC..0=
  private key: (hidden)
  listening port: 44988

peer: r2..4=
  preshared key: (hidden)
  endpoint: 163.172.213.92:11967
  allowed ips: 0.0.0.0/0
  latest handshake: 20 seconds ago
  transfer: 92 B received, 180 B sent
  persistent keepalive: every 25 seconds

root@osmio4k:~# curl ifconfig.co
163.172.213.92
root@osmio4k:~# curl ifconfig.co/json 2>/dev/null | python -m json.tool
{
    "asn": "AS12876",
    "asn_org": "Online S.a.s.",
    "city": "Amsterdam",
    "country": "Netherlands",
    "country_eu": true,
    "country_iso": "NL",
    "hostname": "se-nl.serverip.co",
    "ip": "163.172.213.92",
    "ip_decimal": 2746013020,
    "latitude": 52.374,
    "longitude": 4.8897,
    "user_agent": {
        "product": "curl",
        "raw_value": "curl/7.66.0",
        "version": "7.66.0"
    }
}

 

 

Please note that I disabled the ipv6 because the ifconfig was still reachable using ipv6 without VPN... ;)

 

Here is the recipe  wireguard-go_0.0.20200121.bb

 

require wireguard.inc

LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/COPYING;md5=995598bc9de2b4c987c2cb87fc24f341"

SRC_URI = " \
        git://git.zx2c4.com/wireguard-go;name=wireguard;destsuffix=git/src/${GO_IMPORT} \
        git://github.com/golang/crypto.git;name=crypto;branch=release-branch.go1.13;destsuffix=git/src/golang.org/x/crypto \
        git://github.com/golang/net.git;name=net;branch=release-branch.go1.13;destsuffix=git/src/golang.org/x/net \
        git://github.com/golang/sys.git;name=sys;branch=release-branch.go1.13;destsuffix=git/src/golang.org/x/sys"

SRCREV_FORMAT = "wireguard"
SRCREV_wireguard = "05b03c675090df893e8317983702c9661dfc319b"
SRCREV_crypto = "8b5121be2f68d8fc40bb06467003bdde1040a094"
SRCREV_net = "13f9640d40b9cc418fb53703dfbd177679788ceb"
SRCREV_sys = "fde4db37ae7ad8191b03d30d27f258b5291ae4e3"

GO_IMPORT = "golang.zx2c4.com/wireguard"

inherit go

S = "${WORKDIR}/git"

RDEPENDS_${PN} += "kernel-module-tun"
RDEPENDS_${PN}-dev += "bash"

Wavefield T90: 0.8W - 1.9E - 4.8E - 13E - 16E - 19.2E - 23.5E - 26E - 33E - 39E - 42E - 45E on EMP Centauri DiseqC 16/1
Unamed: 13E Quattro - 9E Quattro on IKUSI MS-0916

Re: Request for WireGuard VPN implementation #40 WanWizard

  • PLi® Core member
  • 70,552 posts

+1,813
Excellent

Posted 20 April 2020 - 19:49

If that also works on older boxes / kernels, it might be a better option than using the kernel module on a subset?


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.



2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users