What's new

RT-AC68 Wireguard

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

treeskygrass

Regular Contributor
@RMerlin said “The RT-AC68U does not support Wireguard because kernel 2.6.36 is not supported by Wireguard.”

While kernel support would be great, why is it required? OpenVPN doesn’t have kernel support either, at least until recently with DCO. Why can’t Wireguard run in user space like on my NAS, Tailscale, Mac, etc?

Would just like to understand this better. Thanks.
 
why is it required
Because Wireguard is a kernel feature.

Someone made a userspace implementation of it, but it's very resource intensive, and you lose any performance benefit that the real Wireguard offers by being a kernel space implementation. Asuswrt and Asuswrt-Merlin only support the native kernel implementation.
 
Because Wireguard is a kernel feature.

Someone made a userspace implementation of it, but it's very resource intensive, and you lose any performance benefit that the real Wireguard offers by being a kernel space implementation. Asuswrt and Asuswrt-Merlin only support the native kernel implementation.

Many devices and operating system that don't have kernel support use user-spaces implementation, and they can be nearly as fast, and use less resources than OpenVPN.

Tailscale is user space: "Performance can always become somewhat of an arms race, but our results here demonstrate that we can keep up with our kernel counterparts provided that we are using the right kind of kernel interface – userspace isn’t slow, some kernel interfaces are!"

https://tailscale.com/blog/throughput-improvements/

Cloudflare too. https://blog.cloudflare.com/boringtun-userspace-wireguard-rust/

Wireguard - it's not JUST for kernel anymore.
 
Then you need a powerful processor otherwise.

I believe(?)/assume that RMerlin stated 'Wireguard is a kernel feature' specifically for Asus routers.
 
No, that is not what I meant.

For any real benefit on our underpowered routers, it must be run in kernel mode. For faster, more powerful processors, it needn't be.
 
Many devices and operating system that don't have kernel support use user-spaces implementation, and they can be nearly as fast, and use less resources than OpenVPN.
The userspace port of Wireguard is written in Go, which is very memory-intensive. Guides to run it on routers require the use of a swapfile.

Wireguard lose its performance edge once in userspace because just like OpenVPN will suffer from having to do context switches between user and kernel space. Just like OpenVPN-DCO will be faster than the regular userspace implementation by reducing the number of context switches.

nyone could compile it and use it as long as prerequsitions are met.
And one of these requirements is "kernel 3.10 or newer".
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top