Add Wireguard support

**chewitt** · April 5, 2020 at 3:18 PM Official Post

Read: Configuring WireGuard in LibreELEC (v9.2.1 and newer) [LibreELEC.wiki]

RasPiLi · April 5, 2020 at 5:26 PM

Thnxs for help!

I discovered my fault. file ending was .conf instead of .config and the host was my ddns address and not the IP.

Now, the vpn appears when i check with "services", able to connect and appears in ifconfig as wg0!

imc67 · April 6, 2020 at 5:25 PM

Hi all,

so happy with Wireguard support on Kodi! Thanks for that!

One thing I can't get to work after following step by step the instructions at (Configuring WireGuard in LibreELEC (v9.2.1 and newer) [LibreELEC.wiki]), the last part:

after starting with:

Code

systemctl enable /storage/.config/system.d/wireguard.service

where the wireguard.service is:

Code

[Unit]
Description=WireGuard VPN Service
After=network-online.target nss-lookup.target connman-vpn.service
Wants=network-online.target nss-lookup.target connman-vpn.service

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/connmanctl connect vpn_12_345_67_89_my_home_network
ExecStop=/usr/bin/connmanctl disconnect vpn_12_345_67_89_my_home_network

[Install]
WantedBy=multi-user.target

Display More

The error is:

Code

wireguard.service - WireGuard VPN Service
Loaded: loaded (/storage/.config/system.d/wireguard.service; enabled; vendor preset: disabled)
Active: active (exited) since Thu 2019-04-11 18:28:38 CEST; 11 months 26 days ago
Main PID: 347 (code=exited, status=0/SUCCESS)
Memory: 0B
CGroup: /system.slice/wireguard.service


Apr 11 18:28:38 LibreELEC systemd[1]: Starting WireGuard VPN Service...
Apr 11 18:28:38 LibreELEC connmanctl[347]: Error /net/connman/service/vpn_12_345_67_89_my_home_network: Input/output error
Apr 11 18:28:38 LibreELEC systemd[1]: Started WireGuard VPN Service.

Display More

(** edited the IP)

If I use only the command: connmanctl connect vpn_12_345_67_89_my_home_network it works flawless.

What am I doing wrong here?

(BTW I'm using a RPi4, latest version of Libreelec)

DFlower · May 18, 2020 at 10:23 PM

Hello imc67,

I have the same issue. When I start VPN manualy it works but I don't get it to start as a service/deamon. Did find a solution for this problem?

Regards,

Dutch

trayntab · May 26, 2020 at 9:04 PM

Hey guys, is there an update for the DNS (external and internal) issue?

Best regards

Trayntab

**chewitt** · May 27, 2020 at 11:16 AM Official Post

What's the DNS issue?

trayntab · May 27, 2020 at 6:26 PM

Hey chewitt,

Thank you for your answer!
I mean the problem with the DynDNS server IP in the WireGuard config. I have the problem that my internet have no static IP so I have to use a DynDNS name to connect.

Best regards!

**chewitt** · May 27, 2020 at 8:24 PM Official Post

This is still being looked into, and it's one of those tasks that's programmatically not quite as simple as it initially sounds due to how DNS lookups and DNS caching work.

FeFiFoFum · June 5, 2020 at 2:35 AM

Quote from LE23

This is planned in the near future, but not implemented yet.

WireGuard Didn't Make it To The Mainline Linux Kernel This Cycle - Phoronix

If you really need Wireguard immediately, you can use the beta 3.0 firmware on GL.inet routers

Which routers are these? All of them or only the higher end models?

**chewitt** · June 5, 2020 at 3:42 AM Official Post

OpenWRT supports WireGuard, and i'd expect most the other replacement router firmwares will too.

konakona · June 7, 2020 at 1:43 PM

Quote from chewitt

Read: Configuring WireGuard in LibreELEC (v9.2.1 and newer) [LibreELEC.wiki]

silly question if you don't mind me asking...

The wiki states it is for 9.2.1 and newer... does that mean having v9..21 or newer installed is a pre-requisite to have any chance of geting wireguard working?

I have a 905W (Mecool M8S W pro) here I am hoping to use with wireguard. Had been using it with webDAV previously but was convinced recently leaving a port open to the internet could be a serious potential hazard.

Not sure which version I have on my box (was gifted to my friend who is still using it to stream off my NAS), but would I have to upgrade LE for wireguard? Better yet, does 905W even have an upgrade path to a new enough version for this? Should I look into OpenVPN instead? Thanks!!

**chewitt** · June 7, 2020 at 1:50 PM Official Post

You can experiment with the AMLGX test images on https://test.libreleec.tv using a different SD card, but you will need to experiment with device-trees (Tanix TX3 is another S905W device and might work) but the images are still not ready for prime-time use yet so it would probably be better to stick with the current image and use OpenVPN.

konakona · June 8, 2020 at 8:42 AM

As per your suggestion, I got my openVPN server installed on my OMV media server and confired it works from a win 10 client. Just need to set it up on the mecool box when I get a chance...

Now, here is a different twist to the same problem: I might as well set up a nextcloud on the media server and serve video files via webDAV. How would this compare to OpenVPN in terms of security/speed? The Nextcloud way would be slightly easier to setup for my friend, as all she would need then is to update the video source address.

Back when I had xpenology working, webDAV shares seemed faster than SFTP contrary to popular belief. That setup worked pretty well in fact but I got tired of worrying about patching up Xpenology and am trying to migrate to OMV.

**chewitt** · June 8, 2020 at 9:09 AM Official Post

I've never used either of them (WebDAV or SFTP) so I can't really comment.

konakona · June 8, 2020 at 9:26 AM

Well thanks anyway, you 've been a great help!

darkside40 · June 10, 2020 at 9:05 AM

I have been very glad that Wireguard was added into Libreelec, but the fact that it is not possible to use a FQDM instead of the IP is really a big showstopper for everybody hosting the Wireguard server on a home network.

I hope there will be a way to address this issue.

**chewitt** · June 10, 2020 at 10:15 AM Official Post

Some rough patches to address using an FQDN were posted to the connman mailing list about two months ago. I shared links to them at the same time and so-far received zero feedback. From this I conclude that nobody cares enough to contribute a little effort to testing. I blow hot/cold on my desire to do everything and have other priorities on my to-do list, so I suggest someone else pulls a finger out for once.

novalis · June 10, 2020 at 11:01 AM

my quickshot on this was to get the ip myself and write it to the conf file like this:

myipstr=$(getent hosts my.dynip.com | grep -o '^[^\.]*.[^\.]*.[^\.]*.[^\ ]*')

#hosts is here my local hosts file, you might have to change that to your needs

# replace line 4 in wireguard.config with actual ip

sed -i '4s/.*/Host = '$myipstr'/' /storage/.config/wireguard/wireguard.config

# make servicename by replacing . with _ assuming your domainname in wireguard.conf is kodi.tv

servicename=$(echo "vpn_${myipstr}_kodi_tv" | tr . _)

# put connman commandos into two little switches

echo connmanctl connect $servicename > wgon

echo connmanctl disconnect $servicename > wgoff

now you can use those switches to start and stop wireguard.

If you cron schedule above script you are always equipped with your current ip.