Add Wireguard support

  • Thnxs for help!

    I discovered my fault. file ending was .conf instead of .config and the host was my ddns address and not the IP.

    Now, the vpn appears when i check with "services", able to connect and appears in ifconfig as wg0! :)

  • Hi all,

    so happy with Wireguard support on Kodi! Thanks for that!

    One thing I can't get to work after following step by step the instructions at (Configuring WireGuard in LibreELEC (v9.2.1 and newer) [LibreELEC.wiki]), the last part:

    after starting with:

    Code
    systemctl enable /storage/.config/system.d/wireguard.service

    where the wireguard.service is:

    The error is:

    (** edited the IP)

    If I use only the command: connmanctl connect vpn_12_345_67_89_my_home_network it works flawless.

    What am I doing wrong here?

    (BTW I'm using a RPi4, latest version of Libreelec)

  • Hey chewitt,

    Thank you for your answer!
    I mean the problem with the DynDNS server IP in the WireGuard config. I have the problem that my internet have no static IP so I have to use a DynDNS name to connect.

    Best regards!

  • silly question if you don't mind me asking...

    The wiki states it is for 9.2.1 and newer... does that mean having v9..21 or newer installed is a pre-requisite to have any chance of geting wireguard working?

    I have a 905W (Mecool M8S W pro) here I am hoping to use with wireguard. Had been using it with webDAV previously but was convinced recently leaving a port open to the internet could be a serious potential hazard.

    Not sure which version I have on my box (was gifted to my friend who is still using it to stream off my NAS), but would I have to upgrade LE for wireguard? Better yet, does 905W even have an upgrade path to a new enough version for this? Should I look into OpenVPN instead? Thanks!!

  • As per your suggestion, I got my openVPN server installed on my OMV media server and confired it works from a win 10 client. Just need to set it up on the mecool box when I get a chance...

    Now, here is a different twist to the same problem: I might as well set up a nextcloud on the media server and serve video files via webDAV. How would this compare to OpenVPN in terms of security/speed? The Nextcloud way would be slightly easier to setup for my friend, as all she would need then is to update the video source address.

    Back when I had xpenology working, webDAV shares seemed faster than SFTP contrary to popular belief. That setup worked pretty well in fact but I got tired of worrying about patching up Xpenology and am trying to migrate to OMV.

  • I have been very glad that Wireguard was added into Libreelec, but the fact that it is not possible to use a FQDM instead of the IP is really a big showstopper for everybody hosting the Wireguard server on a home network.

    I hope there will be a way to address this issue.

  • Some rough patches to address using an FQDN were posted to the connman mailing list about two months ago. I shared links to them at the same time and so-far received zero feedback. From this I conclude that nobody cares enough to contribute a little effort to testing. I blow hot/cold on my desire to do everything and have other priorities on my to-do list, so I suggest someone else pulls a finger out for once.

  • my quickshot on this was to get the ip myself and write it to the conf file like this:

    myipstr=$(getent hosts my.dynip.com | grep -o '^[^\.]*.[^\.]*.[^\.]*.[^\ ]*')

    #hosts is here my local hosts file, you might have to change that to your needs

    # replace line 4 in wireguard.config with actual ip

    sed -i '4s/.*/Host = '$myipstr'/' /storage/.config/wireguard/wireguard.config

    # make servicename by replacing . with _ assuming your domainname in wireguard.conf is kodi.tv

    servicename=$(echo "vpn_${myipstr}_kodi_tv" | tr . _)

    # put connman commandos into two little switches

    echo connmanctl connect $servicename > wgon

    echo connmanctl disconnect $servicename > wgoff

    now you can use those switches to start and stop wireguard.

    If you cron schedule above script you are always equipped with your current ip.