Wireguard implementation?

[antonispgs]

Hey, i know it wasn't in the plans of our beloved developer, but in the meantime wireguard seems to become more easily implementable. Technically, i have no idea how easy it would be to do on merlin, but i was wondering if there is any change in the plans?

 

[RMerlin]

No change, still have no plans to implement it.

 

[heysoundude]

Cloudflare’s app has a lot to do with the increase in mentions of this, I’m sure. I was just on reddit and saw that someone has come up with a way to use cloudflare’s WARP under MacOS.
There is a way to implement this yourself on Ac86 and up, if you look in the VPN or wireless security forum on this website, but anyone considering it should go directly to the Wireguard website and do their own research first.



Sent from my iPhone using Tapatalk

 

[CaptainSTX]

Astrill's APP which will run on a PC offers a WireGuard option. It is available using four servers in the US. Since the nearest WireGuard server is 900 miles more distant than the server I normally use I don't see much improvement in speed (232/12) but it does increase latency.

PIA has no announced plans to support WireGuard.

StrongVPN seems to have quite a few servers where they are testing WireGuard at least on a beta basis. They have a good description on their web site about the complications of establishing what they refer to as a double NATed dual connection on their end.

I'm sure there are other commercial VPN providers at least looking at the option

In my opinion users that will benefit most from WireGuard are those individuals using routers with lower powered processors and processors that don't support AES-NI. That may mean that they will be able to utilize more bandwidth leaving less for those of us with currently fast connections unless VPN providers step it up at their end.

 

[RMerlin]

In my opinion users that will benefit most from WireGuard are those individuals using routers with lower powered processors and processors that don't support AES-NI.

And these routers cannot run Wireguard because it requires a much more recent Linux kernel than they use.

 

[CaptainSTX]

And these routers cannot run Wireguard because it requires a much more recent Linux kernel than they use.

Then it makes sense that there is no point for you to devote any time to incorporating it into your firmware since the more advanced routers gain very little or nothing from Wireguard and less powerful routers can't use it.

Perhaps there might be some benefit if commercial VPN servers used the firmware on their servers and they could increase their throughput using existing hardware but until they do that there will be minimal improvement on VPN throughput.

 

[Sylphia]

Wireguard runs on ac86u but has major compatibliy issue. I think it's useless on asus routers, for now.

 

[heysoundude]

Wireguard runs on ac86u but has major compatibliy issue. I think it's useless on asus routers, for now.

examples? proof?

 

[CaptainSTX]

Useless may not be the best choice of words, not useful in most cases on most ASUS routers would perhaps be a better statement.

The AC86 and other ASUS routers with a processor that supports AES-NI have enough processing power to get most or all the speed you are going to get from a commercial VPN server running OpenVPN so WireGuard wouldn't be that useful. Perhaps if you are running a dedicated point to point VPN with your own client and server then you might get some benefit.

And as Merlin pointed out in Post #5 older ASUS router's Linux kernel can't handle WireGuard so it is useless on them.

 

[heysoundude]

I was actually asking about the "major compatability issue"

In poking around on WireGuard's website, I saw something that mentioned fq-codel...it might be more worthwhile to ask @FreshJR to look into WireGuard, as his QoS script can use that scheme/alogorithm/method rather than asking @RMerlin
https://www.wireguard.com/performance/

 

[SO333]

The AC86 and other ASUS routers with a processor that supports AES-NI have enough processing power to get most or all the speed you are going to get from a commercial VPN server running OpenVPN

Well, I don't concur. "other ASUS routers" is actually one pricey model where it works. Even with hardware support, as we have seen in the experimental thread, max transfer is around 250MBit/s, while on the same model, Wireguard reaches 400+Mbit/s.
Without hardware support, OpenVPN has an even harder time in reaching decent speeds.

 

[CaptainSTX]

IMHO as the commercial VPN client market stands today I don't think most providers are in a position to offer speeds much greater than 250 Mbps, which you can get now using OpenVPN on devices with a processor supporting AES-NI. Based on the prices VPN operators charge, higher speeds would require that they significantly increase their backbone bandwidth and that costs money. I'm sure that some VPN provider will develop and offer a higher speed offering for a premium price.

As I said in my prior post if you were setting up your own point to point VPN with your own server and your own client devices then WireGuard would be worthwhile.

 

[Lost Dog]

As I said in my prior post if you were setting up your own point to point VPN with your own server and your own client devices then WireGuard would be worthwhile.

Exactly... I picked up a ~$40 ODROID C2 and have it behind my AC68 acting as both an OpenVPN and WireGuard server. The whole purpose is to give me simplified and safe browsing while traveling (I stay in hotels often). I use WireGuard pretty much exclusively but fall back on OpenVPN occasionally if something goes wonky with Wireguard (which is rare).

Between my GL.iNet AR750S and the ODROID C2 I max out any hotel wifi I encounter. Keep in mind, this is not to hide my browsing from my ISP but to keep me safe while connecting to open wifi. It also simplifies sharing the connection between computers, phones and my FireTV stick (occasionally you have to pay per devices at some places.... just the other day I used it on a flight to get wifi to both my computer and phones!).

It's a pretty fantastic setup...

 

[savagepagan]

Would it make sense to buy a raspberry pi and run wireguard on that?

 

[heysoundude]

It certainly wouldn’t hurt to run Wireguard on a Pi. The new model 4 would be a monster!



Sent from my iPhone using Tapatalk

 

[CaptainSTX]

You must have an ISP that gives you better upload speeds than Comcast. With my connection uploads top out at 10 - 11 Mbps. I use a VPN client app on my mobile devices while traveling for security and find I get better speeds than connecting back to my router at home an being limited by the dismal upload speeds.

 

[AndreiGuru]

And these routers cannot run Wireguard because it requires a much more recent Linux kernel than they use.

Wireguard-go works just fine. No need for newer Kernel

 

[martinr]

It certainly wouldn’t hurt to run Wireguard on a Pi. The new model 4 would be a monster!



Sent from my iPhone using Tapatalk

I found this guide

https://www.reddit.com/r/pihole/com..._source=amp&utm_medium=&utm_content=post_body

Having read through it, and some of the comments, it makes me even more appreciative of how easy it is to set up OpenVPN on Merlin’s firmware. However, if I ever found myself with nothing to do for a few days and was looking for a challenge.....

 

[heysoundude]

Wireguard-go works just fine. No need for newer Kernel

Which router are you running Go on for this to work?

It looks like this version is being written by the lead dev...I’m curious as to the differences between versions.


Sent from my iPhone using Tapatalk

 

[Jack Yaz]

Wireguard-go works just fine. No need for newer Kernel

https://git.zx2c4.com/wireguard-go/about/

Linux
This will run on Linux; however YOU SHOULD NOT RUN THIS ON LINUX. Instead use the kernel module; see the installation page for instructions.

Seems like the kernel option is the best way to go...