Add Wireguard support

  • Hi,

    After all the hype around, I gave a try to Wireguard last weekend, and I must say, I’m also convinced. Man, this is really done so good. Easy to configure, so light on resources, and so fast. It would be really great to add Wireguard to kernel as it can solve so many things, so simple to use and really fast. Any chance that it is added to the Kernel? Is it complicated for some reason?

    Thanks

  • This is planned in the near future, but not implemented yet.

    WireGuard Didn't Make it To The Mainline Linux Kernel This Cycle - Phoronix


    If you really need Wireguard immediately, you can use the beta 3.0 firmware on GL.inet routers

    I think they submitted the code (revised) again and should get into 5.x kernel. Or at least many of us hope so. If yes, it will be in LE too?

    Btw, why is it not possible to add it to kernel on building? Lot of distroes already added, like Armbian.

    WG so good, so simple to configure, and resource friendly, something really important on SoC devices on which LE/CE runs most of the time. I couldn't believe how fast speed I am getting from a NanoPi NEO2 with Armbian, compared to OpenVPN.

  • I think they submitted the code (revised) again and should get into 5.x kernel. Or at least many of us hope so. If yes, it will be in LE too?

    Sooner or later.

    Quote

    Btw, why is it not possible to add it to kernel on building?

    You also need to build a G.U.I. to control it in Kodi. And this might have to be changed after the new kernel is released. Other bugs & features have a higher priority now.

    Quote

    I couldn't believe how fast speed I am getting, compared to OpenVPN.

    Sure, probably 4 or 5 times better -- possibly even more, depending on which cipher was used in OpenVPN. Wireguard is great for creating tunnels between two machines or private networks, but it is not ready to be deployed in commercial proxy applications because it lacks dynamic IP address management:


    WireGuard VPN: What You Need to Know - NOT (Yet) Recommended

  • +1 for intergrating Wireguard into Libreelec.

    I dont think a gui is really neccessary, there is one for OpenVPN and for most of the custom setup at home it failes (at least this is my experience).

    Most people dealing with wireguard should be advanced users which have no problem using SSH.

  • Quote

    Most people dealing with wireguard should be advanced users which have no problem using SSH.

    Why? So normal/average users should not use Wireguard?

  • That was not what i am saying. But if i am experienced enough to setup a VPN Server /Client infrastructure i dont necessarily need a gui for that.

  • looking forward to a Wireguard implementation asap. I would agree that an implementation as such should be prioritized. A gui can always be added later.

    LibreELEC (Leia) on Raspberry Pi 4B

  • I think most people wont use it without a GUI, and if you can already get Wireguard support in a cheap pocket router it liberates CPU resources for Kodi. On those GL routers, both client & server configuration can be done through a web interface for both Wireguard & OpenVPN. At some point maybe the Kodi web interface will support Wireguard client configuration too. But can you afford to expend any CPU resources on a VPN if you have a weak CPU (which represents the majority of LibreELEC users).

      

    Edited 5 times, last by LE23 ().

  • As for the client, which is what I am talking about, there is no additional cpu consumption.

    LibreELEC (Leia) on Raspberry Pi 4B

  • There are people that run an OpenVPN Client on there devices which should use more ressources than the Wireguard client.

    And carrying around a separate router all the time is no solution.

  • Push! I use WireGuard on a few devices and I’m very happy with it. I followed this two commits on github:

    project: add wireguard package by chewitt · Pull Request #3498 · LibreELEC/LibreELEC.tv · GitHub
    WireGuard: add initial package/tools and connman support by chewitt · Pull Request #3966 · LibreELEC/LibreELEC.tv · GitHub


    I’m very sad that this two commits are closed at the moment :(


    is it possible to get a beta with WireGuard or something like that ?

  • I've asked the connman devs for a version bump. Once that's released and tested in Milhouse nightlies I'll resubmit a PR. Now the kernel driver has gone upstream (for Linux 5.6) the packaging is a little easier.

  • WireGuard support is now merged in LE master branch. I will wait on the connman bump before PR'ing to the 9.2 branch as well. It's in a functional state (it works for me) but I'm sure there are some lurking issues to find. Enjoy :)

  • Once Linux 5.6 lands in LE in a few months time we can switch devices to the in-kernel module and drop the wireguard-linux-compat package. Until then it's trivial to build as an out-of-tree package.

  • Just to follow up on this: it means Wireguard is already included in LE recent? Which version I need to get exactly?

    And where do I configure WG? I can do it in no time on Ubuntu Server, creating wg0.conf and using wg-quick to navigate.

    Many thanks for adding the best VPN protocol available. Fast as lightning, easy to set up.


    Btw: on one if my devices I use Coreelec. Will they pull this from LE and include it?

  • Initial WireGuard support has been merged but I regard it as an experimental feature. It's merged to LE master branch, also to LE 9.2 branch as more people are likely to use it there and thus more issues will be discovered. I will need to bump connman and the wireguard module/tools packages before we release LE 9.2.1 (no schedule).


    There is no wg-quick or wg0.conf due to the embedded packaging of LE - read Creating WireGuard Keys [LibreELEC.wiki] to understand how it's implemented.