And using smart dan instead?
Sorry?
Posted 9 April 2020 - 15:58
And using smart dan instead?
Sorry?
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Posted 18 April 2020 - 14:06
What is actually the advantage of wireguard to openvpn? Why would anyone want to use it anyway? Openvpn quite a good product.
* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.
Posted 18 April 2020 - 14:36
In my opinion that counts for OpenVPN just as well?
* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.
Posted 18 April 2020 - 14:53
Posted 18 April 2020 - 15:06
Lying, no. Maybe presenting a selective view, yes
I have been using OpenVPN for 17 years now, and I don't recognise these findings. It has been used on a 50 mbps connection between two locations of my work, which clearly isn't that fast, but the CPU load was always at or near 0.01, so it really can't be that CPU heavy. Also I am using it on my phone and streaming (not even transcoding) is not a problem.
So yes, Wireguard may be more efficient but does it really matter in our situation? My objection is that we need to add another package that needs to be maintained. We can't drop OpenVPN.
BTW in the test for Wireguard vs. IPsec vs. OpenVPN it looks like Wireguard is using some hardware cipher accelerator that OpenVPN doesn't (or can't, in this situation). So the comparison may not be 100% fair. This situation may vary significantly between platforms.
* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.
Posted 18 April 2020 - 16:17
Edited by littlesat, 18 April 2020 - 16:19.
WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W
Posted 18 April 2020 - 17:14
That benchmark smells a bit like "wij van WC-eend adviseren WC-eend"...
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Posted 18 April 2020 - 18:34
OpenVPN v.s. Wireguard = Apples v.s. Oranges
WG will find it's place between the other options depending on use-case.
WG has no track record, the crypto used is only mathematically vetted.
If it is/gets broken you are at the mercy of devs.
In OpenVPN you just change the crypto options and problem solved.
There is lots more but kinda moot because "depending on use-case".
Edited by Pippin, 18 April 2020 - 18:35.
Posted 19 April 2020 - 23:36
root@osmio4k:~# opkg install wireguard-tools Installing kernel-module-ip6-udp-tunnel (5.5.16) on root Downloading http://.../osmio4k/kernel-module-ip6-udp-tunnel_5.5.16-r0_osmio4k.ipk. Installing kernel-module-udp-tunnel (5.5.16) on root Downloading http://.../osmio4k/kernel-module-udp-tunnel_5.5.16-r0_osmio4k.ipk. Installing kernel-module-wireguard (1.0.20200413) on root Downloading http://...osmio4k/kernel-module-wireguard_1.0.20200413-r0_osmio4k.ipk. Installing wireguard-tools (1.0.20200319) on root Downloading http://.../armv7ahf-neon/wireguard-tools_1.0.20200319-r0_armv7ahf-neon.ipk. Configuring kernel-module-ip6-udp-tunnel. Configuring kernel-module-udp-tunnel. Configuring kernel-module-wireguard. Configuring wireguard-tools.
root@osmio4k:~# wg interface: wg0 public key: h....g= private key: (hidden) listening port: 54129 peer: J...s= endpoint: 163.172.161.0:12912 allowed ips: 0.0.0.0/0 latest handshake: 9 seconds ago transfer: 31.51 KiB received, 19.05 KiB sent persistent keepalive: every 25 seconds root@osmio4k:~# curl http://192.168.4.1 <title>WireGuard Demo Configuration: Success!</title> <body bgcolor="#444444"> <script src="snowstorm.js"></script> <script src="trail.js"></script> <center> <blink> <marquee width="100%" behavior="alternate" direction="right" scrollamount="10"> <marquee height="100%" behavior="alternate" direction="down"> <marquee width="100%" bgcolor="#33aadd" direction="right" behavior="alternate"><font face="comic sans ms" size="7" style="font-size: 3vw" color="#ddaa33">Congrats! You've successfully configured WireGuard!</font><br><marquee scrollamount="30"><img src="emblem.svg" width="20%"></marquee><br><marquee direction="left" scrollamount="40" behavior="alternate"><script>document.write('<iframe frameborder="0" height="80%" width="70%" src="/?' + (((document.location.search.substring(1)|0) + 1) % 4) + '"></iframe>');</script></marquee><br><br></marquee> </marquee> </marquee> </blink> </center> </body> root@osmio4k:~# wg --version wireguard-tools v1.0.20200319 - https://git.zx2c4.com/wireguard-tools/ root@osmio4k:~# dmesg .... wireguard: WireGuard 1.0.20200413 loaded. See www.wireguard.com for information. wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.There are 70 boxes that need CONFIG_NET_UDP_TUNNEL=m, few already have it.
grep -r "CONFIG_NET_UDP_TUNNEL is not set" meta-* | wc -l 70
Edited by athoik, 19 April 2020 - 23:36.
Posted 20 April 2020 - 07:20
build from source we have add for some weeks
for this models build fail Kernel to old all other ok
cube spark spark7162 dm900 dm920 vuduo2 vusolose vusolo2 vuzero vuuno vuduo vuultimo vusolo inihde2 jj7362 odinm9 et9x00 et6x00 et5x00 dags7356 dags7335 inihdx inihde inihdp vg5000 vg2000 vg1000 ew7356 ew7358 ew7362 ixussone ixusszero blackbox7405 dm520 dm8000 dm7020hd dm7020hdv2 dm800sev2 dm500hdv2 dm7080 dm820 yh7362 yh62tc gb800solo gb7325 ch62lc
Edited by babsy98, 20 April 2020 - 07:21.
Posted 20 April 2020 - 12:54
It's simpler to include wireguard-tools only for boxes with kernel >= 3.14.
${@ 'wireguard-tools' if (bb.utils.vercmp_string("${KERNEL_VERSION}" or "0", '3.14') >= 0) else '' } \
Edited by athoik, 20 April 2020 - 12:54.
Posted 20 April 2020 - 13:27
Yes, I did the same for the out-of-tree wifi drivers.
Not too happy with this introducing differences in images, but I think it can't be avoided.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Posted 20 April 2020 - 13:45
Edited by athoik, 20 April 2020 - 13:46.
Posted 20 April 2020 - 14:41
I have no objections.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Posted 20 April 2020 - 16:17
There are go compilers available. But creating a proper go bitbake file was quite difficult:
https://github.com/O...clone/rclone.bb
Posted 20 April 2020 - 19:19
I didn't know go it was available!
The userspace also seems to work, using zeus branch with go 1.12.9.
Here it is working with userspace client as well.
root@osmio4k:~# modprobe tun root@osmio4k:~# wireguard wg0 WARNING WARNING WARNING WARNING WARNING WARNING WARNING W G W You are running this software on a Linux kernel, G W which is probably unnecessary and misguided. This G W is because the Linux kernel has built-in first G W class support for WireGuard, and this support is G W much more refined than this slower userspace G W implementation. For more information on G W installing the kernel module, please visit: G W https://www.wireguard.com/install G W G WARNING WARNING WARNING WARNING WARNING WARNING WARNING INFO: (wg0) 2020/04/20 21:11:46 Starting wireguard-go version 0.0.20200121 root@osmio4k:~# wg setconf wg0 /etc/wireguard/wg0.conf root@osmio4k:~# # disable ipv6 root@osmio4k:~# sysctl -w net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.all.disable_ipv6 = 1 root@osmio4k:~# sysctl -w net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6 = 1 root@osmio4k:~# # set ip / gateway / bring online root@osmio4k:~# ip addr add 10.88.2.125/16 dev wg0 root@osmio4k:~# ip link set dev wg0 up root@osmio4k:~# ip route del default root@osmio4k:~# ip route add default dev wg0 root@osmio4k:~# ip route add 163.172.213.92/32 via 192.168.2.1 dev eth0 root@osmio4k:~# wg interface: wg0 public key: cC..0= private key: (hidden) listening port: 44988 peer: r2..4= preshared key: (hidden) endpoint: 163.172.213.92:11967 allowed ips: 0.0.0.0/0 latest handshake: 20 seconds ago transfer: 92 B received, 180 B sent persistent keepalive: every 25 seconds root@osmio4k:~# curl ifconfig.co 163.172.213.92 root@osmio4k:~# curl ifconfig.co/json 2>/dev/null | python -m json.tool { "asn": "AS12876", "asn_org": "Online S.a.s.", "city": "Amsterdam", "country": "Netherlands", "country_eu": true, "country_iso": "NL", "hostname": "se-nl.serverip.co", "ip": "163.172.213.92", "ip_decimal": 2746013020, "latitude": 52.374, "longitude": 4.8897, "user_agent": { "product": "curl", "raw_value": "curl/7.66.0", "version": "7.66.0" } }
Please note that I disabled the ipv6 because the ifconfig was still reachable using ipv6 without VPN...
Here is the recipe wireguard-go_0.0.20200121.bb
require wireguard.inc LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/COPYING;md5=995598bc9de2b4c987c2cb87fc24f341" SRC_URI = " \ git://git.zx2c4.com/wireguard-go;name=wireguard;destsuffix=git/src/${GO_IMPORT} \ git://github.com/golang/crypto.git;name=crypto;branch=release-branch.go1.13;destsuffix=git/src/golang.org/x/crypto \ git://github.com/golang/net.git;name=net;branch=release-branch.go1.13;destsuffix=git/src/golang.org/x/net \ git://github.com/golang/sys.git;name=sys;branch=release-branch.go1.13;destsuffix=git/src/golang.org/x/sys" SRCREV_FORMAT = "wireguard" SRCREV_wireguard = "05b03c675090df893e8317983702c9661dfc319b" SRCREV_crypto = "8b5121be2f68d8fc40bb06467003bdde1040a094" SRCREV_net = "13f9640d40b9cc418fb53703dfbd177679788ceb" SRCREV_sys = "fde4db37ae7ad8191b03d30d27f258b5291ae4e3" GO_IMPORT = "golang.zx2c4.com/wireguard" inherit go S = "${WORKDIR}/git" RDEPENDS_${PN} += "kernel-module-tun" RDEPENDS_${PN}-dev += "bash"
Posted 20 April 2020 - 19:49
If that also works on older boxes / kernels, it might be a better option than using the kernel module on a subset?
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
0 members, 11 guests, 0 anonymous users