1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Wireguard implementation?

Discussion in 'Asuswrt-Merlin' started by antonispgs, Oct 16, 2019.

  1. antonispgs

    antonispgs New Around Here

    Joined:
    Feb 12, 2019
    Messages:
    3
    Hey, i know it wasn't in the plans of our beloved developer, but in the meantime wireguard seems to become more easily implementable. Technically, i have no idea how easy it would be to do on merlin, but i was wondering if there is any change in the plans?
     
    thc likes this.
  2. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,296
    Location:
    Canada
    No change, still have no plans to implement it.
     
    Vexira likes this.
  3. heysoundude

    heysoundude Very Senior Member

    Joined:
    Sep 20, 2016
    Messages:
    541
    Cloudflare’s app has a lot to do with the increase in mentions of this, I’m sure. I was just on reddit and saw that someone has come up with a way to use cloudflare’s WARP under MacOS.
    There is a way to implement this yourself on Ac86 and up, if you look in the VPN or wireless security forum on this website, but anyone considering it should go directly to the Wireguard website and do their own research first.



    Sent from my iPhone using Tapatalk
     
    Vexira and skeal like this.
  4. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,070
    Astrill's APP which will run on a PC offers a WireGuard option. It is available using four servers in the US. Since the nearest WireGuard server is 900 miles more distant than the server I normally use I don't see much improvement in speed (232/12) but it does increase latency.

    PIA has no announced plans to support WireGuard.

    StrongVPN seems to have quite a few servers where they are testing WireGuard at least on a beta basis. They have a good description on their web site about the complications of establishing what they refer to as a double NATed dual connection on their end.

    I'm sure there are other commercial VPN providers at least looking at the option

    In my opinion users that will benefit most from WireGuard are those individuals using routers with lower powered processors and processors that don't support AES-NI. That may mean that they will be able to utilize more bandwidth leaving less for those of us with currently fast connections unless VPN providers step it up at their end.
     
  5. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,296
    Location:
    Canada
    And these routers cannot run Wireguard because it requires a much more recent Linux kernel than they use.
     
    Vexira likes this.
  6. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,070
    Then it makes sense that there is no point for you to devote any time to incorporating it into your firmware since the more advanced routers gain very little or nothing from Wireguard and less powerful routers can't use it.

    Perhaps there might be some benefit if commercial VPN servers used the firmware on their servers and they could increase their throughput using existing hardware but until they do that there will be minimal improvement on VPN throughput.
     
  7. Sylphia

    Sylphia Occasional Visitor

    Joined:
    Jun 26, 2014
    Messages:
    41
    Wireguard runs on ac86u but has major compatibliy issue. I think it's useless on asus routers, for now.
     
    Vexira likes this.
  8. heysoundude

    heysoundude Very Senior Member

    Joined:
    Sep 20, 2016
    Messages:
    541
    examples? proof?
     
  9. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,070
    Useless may not be the best choice of words, not useful in most cases on most ASUS routers would perhaps be a better statement.

    The AC86 and other ASUS routers with a processor that supports AES-NI have enough processing power to get most or all the speed you are going to get from a commercial VPN server running OpenVPN so WireGuard wouldn't be that useful. Perhaps if you are running a dedicated point to point VPN with your own client and server then you might get some benefit.

    And as Merlin pointed out in Post #5 older ASUS router's Linux kernel can't handle WireGuard so it is useless on them.
     
    Vexira and heysoundude like this.
  10. heysoundude

    heysoundude Very Senior Member

    Joined:
    Sep 20, 2016
    Messages:
    541
    I was actually asking about the "major compatability issue"

    In poking around on WireGuard's website, I saw something that mentioned fq-codel...it might be more worthwhile to ask @FreshJR to look into WireGuard, as his QoS script can use that scheme/alogorithm/method rather than asking @RMerlin
    https://www.wireguard.com/performance/
     
  11. SO333

    SO333 Occasional Visitor

    Joined:
    Jul 15, 2014
    Messages:
    14
    Well, I don't concur. "other ASUS routers" is actually one pricey model where it works. Even with hardware support, as we have seen in the experimental thread, max transfer is around 250MBit/s, while on the same model, Wireguard reaches 400+Mbit/s.
    Without hardware support, OpenVPN has an even harder time in reaching decent speeds.
     
  12. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,070
    IMHO as the commercial VPN client market stands today I don't think most providers are in a position to offer speeds much greater than 250 Mbps, which you can get now using OpenVPN on devices with a processor supporting AES-NI. Based on the prices VPN operators charge, higher speeds would require that they significantly increase their backbone bandwidth and that costs money. I'm sure that some VPN provider will develop and offer a higher speed offering for a premium price.

    As I said in my prior post if you were setting up your own point to point VPN with your own server and your own client devices then WireGuard would be worthwhile.
     
    heysoundude likes this.
  13. Lost Dog

    Lost Dog Regular Contributor

    Joined:
    Dec 26, 2013
    Messages:
    93
    Location:
    North of the Columbia River
    Exactly... I picked up a ~$40 ODROID C2 and have it behind my AC68 acting as both an OpenVPN and WireGuard server. The whole purpose is to give me simplified and safe browsing while traveling (I stay in hotels often). I use WireGuard pretty much exclusively but fall back on OpenVPN occasionally if something goes wonky with Wireguard (which is rare).

    Between my GL.iNet AR750S and the ODROID C2 I max out any hotel wifi I encounter. Keep in mind, this is not to hide my browsing from my ISP but to keep me safe while connecting to open wifi. It also simplifies sharing the connection between computers, phones and my FireTV stick (occasionally you have to pay per devices at some places.... just the other day I used it on a flight to get wifi to both my computer and phones!).

    It's a pretty fantastic setup...
     
    heysoundude likes this.
  14. savagepagan

    savagepagan Occasional Visitor

    Joined:
    Nov 9, 2013
    Messages:
    14
    Would it make sense to buy a raspberry pi and run wireguard on that?
     
    heysoundude likes this.
  15. heysoundude

    heysoundude Very Senior Member

    Joined:
    Sep 20, 2016
    Messages:
    541
    It certainly wouldn’t hurt to run Wireguard on a Pi. The new model 4 would be a monster!



    Sent from my iPhone using Tapatalk
     
  16. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,070
    You must have an ISP that gives you better upload speeds than Comcast. With my connection uploads top out at 10 - 11 Mbps. I use a VPN client app on my mobile devices while traveling for security and find I get better speeds than connecting back to my router at home an being limited by the dismal upload speeds.
     
  17. AndreiGuru

    AndreiGuru Occasional Visitor

    Joined:
    Jun 13, 2017
    Messages:
    20
    Wireguard-go works just fine. No need for newer Kernel
     
    heysoundude likes this.
  18. martinr

    martinr Part of the Furniture

    Joined:
    Nov 27, 2014
    Messages:
    2,203
    Location:
    Manchester, United Kingdom

    I found this guide

    https://www.reddit.com/r/pihole/com..._source=amp&utm_medium=&utm_content=post_body

    Having read through it, and some of the comments, it makes me even more appreciative of how easy it is to set up OpenVPN on Merlin’s firmware. However, if I ever found myself with nothing to do for a few days and was looking for a challenge.....
     
  19. heysoundude

    heysoundude Very Senior Member

    Joined:
    Sep 20, 2016
    Messages:
    541
    Which router are you running Go on for this to work?

    It looks like this version is being written by the lead dev...I’m curious as to the differences between versions.


    Sent from my iPhone using Tapatalk
     
    Last edited: Oct 19, 2019
  20. Jack Yaz

    Jack Yaz Part of the Furniture

    Joined:
    Apr 20, 2017
    Messages:
    2,459
    https://git.zx2c4.com/wireguard-go/about/
    Seems like the kernel option is the best way to go...
     
    Butterfly Bones likes this.