What's new

Wireguard implementation?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Which router are you running Go on for this to work?

It looks like this version is being written by the lead dev...I’m curious as to the differences between versions.


Sent from my iPhone using Tapatalk

AC-5300. Main diffs are resource usage & performance.

https://git.zx2c4.com/wireguard-go/about/


Seems like the kernel option is the best way to go...

Kernel is indeed preferred over Go, as it's faster and uses less resources. Wireguard-go however, still runs at double the speed of openvpn (in my case), and the usage is around 60% of the default openvpn server. You can clone it using 'git://git.zx2c4.com/wireguard-go', and compile it using go_1.12.10-1_armv7-2.6.ipk from entware, but you have to hack around the "Illegal instruction" error 'go' it hits by default (I can't remember off hand what I ended up doing for that).
 
AC-5300. Main diffs are resource usage & performance.



Kernel is indeed preferred over Go, as it's faster and uses less resources. Wireguard-go however, still runs at double the speed of openvpn (in my case), and the usage is around 60% of the default openvpn server. You can clone it using 'git://git.zx2c4.com/wireguard-go', and compile it using go_1.12.10-1_armv7-2.6.ipk from entware, but you have to hack around the "Illegal instruction" error 'go' it hits by default (I can't remember off hand what I ended up doing for that).
It's probably less secure running through Go as well
 
I'm making the assumption that the recommendation to not run on Linux is based on more than just performance issues. I could be wrong.

Their docs only mention performance/resource usage as far as using the Go version vs Kernel. Simply using something coded in Go doesn't make it less secure :D
 
AC-5300. Main diffs are resource usage & performance.



Kernel is indeed preferred over Go, as it's faster and uses less resources. Wireguard-go however, still runs at double the speed of openvpn (in my case), and the usage is around 60% of the default openvpn server. You can clone it using 'git://git.zx2c4.com/wireguard-go', and compile it using go_1.12.10-1_armv7-2.6.ipk from entware, but you have to hack around the "Illegal instruction" error 'go' it hits by default (I can't remember off hand what I ended up doing for that).

maybe the entware people can help you remember (it's probably best that you don't in the context of this thread/forum): for anyone getting excited about running it on their ac68u (or older - I think the ac66u and n66u used the 2.6 kernel) - the code probably exceeds the capabilities of the machine you'd like to run it on. If you can get it to run, and it's a much deeper dive into things than setting up amtm and diversion, it'll likely tax the processor to the point that the machine won't route packets to/from your LAN. if you're up for the heavy lifting, godspeed, and please report back
 
It'd probably be best to just attach a pi to your router, and run it there using the Kernel mod either way. I was just saying it's doable with wireguard-go, and I had no packetloss with my ac5300.
 
Great find! And straight from the lead person, no less. He and Merlin would probably have good stories for each other


Sent from my iPhone using Tapatalk
 
The guy is running Wireguard in 'client mode'?

Yup, a client of/to the Wireguard server of his VPN provider. That way, all devices on his network (or the ones that are directed to) go through the tunnel there. Add DoT encryption and both ends of the tunnel are encrypted too - kind of the gold standard of internet traffic privacy as far as I’m concerned.


Sent from my iPhone using Tapatalk
 
Yup, a client of/to the Wireguard server of his VPN provider. That way, all devices on his network (or the ones that are directed to) go through the tunnel there. Add DoT encryption and both ends of the tunnel are encrypted too - kind of the gold standard of internet traffic privacy as far as I’m concerned.


Sent from my iPhone using Tapatalk
Gotcha... Needless for me, running in server mode is more interesting to play with
 
Gotcha... Needless for me, running in server mode is more interesting to play with

I'm running in server mode and my android phone as a client. Performance *looks* better than openvpn, but unfortunately I haven't exact speed/cpu load/battery life etc measure results.
 
Perhaps you should read a little bit about what a kernel is. I can give you a hint, if windows 10 got a new "kernel" does that mean that windows 3.11 can start using it? Hey, they are both windows, right.

I know what a kernel is - i've been doing Unix for 30 years. WireGuard doesn't have to be in the kernel to work. As for changing the answer given - it may or it may not. I think it depends on the level of effort. If it means kernel changes - yeah, zero chance unless ASUS release it. If it can be done in userland - then it is a possibility. It looks like it will become very very mainstream so plans to implement it may well be user driven - and possibly done by ASUS. As for when - it depends on how ahead of the curve the various parties want to be. Reading through this thread, it looks like there is already a userland implementation which someone has tried and managed to get to work. Is it ready for prime-time? Possibly not - but one has to start somewhere.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top