Add Wireguard support

  • Thnxs for help!


    I discovered my fault. file ending was .conf instead of .config and the host was my ddns address and not the IP.


    Now, the vpn appears when i check with "services", able to connect and appears in ifconfig as wg0! :)

  • Hi all,


    so happy with Wireguard support on Kodi! Thanks for that!


    One thing I can't get to work after following step by step the instructions at (Configuring WireGuard in LibreELEC (v9.2.1 and newer) [LibreELEC.wiki]), the last part:


    after starting with:

    Code
    1. systemctl enable /storage/.config/system.d/wireguard.service

    where the wireguard.service is:


    The error is:


    (** edited the IP)


    If I use only the command: connmanctl connect vpn_12_345_67_89_my_home_network it works flawless.


    What am I doing wrong here?


    (BTW I'm using a RPi4, latest version of Libreelec)

  • Hello imc67,


    I have the same issue. When I start VPN manualy it works but I don't get it to start as a service/deamon. Did find a solution for this problem?


    Regards,

    Dutch

  • Hey chewitt,

    Thank you for your answer!
    I mean the problem with the DynDNS server IP in the WireGuard config. I have the problem that my internet have no static IP so I have to use a DynDNS name to connect.

    Best regards!

  • This is still being looked into, and it's one of those tasks that's programmatically not quite as simple as it initially sounds due to how DNS lookups and DNS caching work.

  • OpenWRT supports WireGuard, and i'd expect most the other replacement router firmwares will too.

  • silly question if you don't mind me asking...


    The wiki states it is for 9.2.1 and newer... does that mean having v9..21 or newer installed is a pre-requisite to have any chance of geting wireguard working?


    I have a 905W (Mecool M8S W pro) here I am hoping to use with wireguard. Had been using it with webDAV previously but was convinced recently leaving a port open to the internet could be a serious potential hazard.


    Not sure which version I have on my box (was gifted to my friend who is still using it to stream off my NAS), but would I have to upgrade LE for wireguard? Better yet, does 905W even have an upgrade path to a new enough version for this? Should I look into OpenVPN instead? Thanks!!

  • You can experiment with the AMLGX test images on https://test.libreleec.tv using a different SD card, but you will need to experiment with device-trees (Tanix TX3 is another S905W device and might work) but the images are still not ready for prime-time use yet so it would probably be better to stick with the current image and use OpenVPN.

  • As per your suggestion, I got my openVPN server installed on my OMV media server and confired it works from a win 10 client. Just need to set it up on the mecool box when I get a chance...


    Now, here is a different twist to the same problem: I might as well set up a nextcloud on the media server and serve video files via webDAV. How would this compare to OpenVPN in terms of security/speed? The Nextcloud way would be slightly easier to setup for my friend, as all she would need then is to update the video source address.


    Back when I had xpenology working, webDAV shares seemed faster than SFTP contrary to popular belief. That setup worked pretty well in fact but I got tired of worrying about patching up Xpenology and am trying to migrate to OMV.

  • I've never used either of them (WebDAV or SFTP) so I can't really comment.

  • I have been very glad that Wireguard was added into Libreelec, but the fact that it is not possible to use a FQDM instead of the IP is really a big showstopper for everybody hosting the Wireguard server on a home network.


    I hope there will be a way to address this issue.

  • Some rough patches to address using an FQDN were posted to the connman mailing list about two months ago. I shared links to them at the same time and so-far received zero feedback. From this I conclude that nobody cares enough to contribute a little effort to testing. I blow hot/cold on my desire to do everything and have other priorities on my to-do list, so I suggest someone else pulls a finger out for once.

  • my quickshot on this was to get the ip myself and write it to the conf file like this:


    myipstr=$(getent hosts my.dynip.com | grep -o '^[^\.]*.[^\.]*.[^\.]*.[^\ ]*')

    #hosts is here my local hosts file, you might have to change that to your needs


    # replace line 4 in wireguard.config with actual ip

    sed -i '4s/.*/Host = '$myipstr'/' /storage/.config/wireguard/wireguard.config


    # make servicename by replacing . with _ assuming your domainname in wireguard.conf is kodi.tv

    servicename=$(echo "vpn_${myipstr}_kodi_tv" | tr . _)


    # put connman commandos into two little switches

    echo connmanctl connect $servicename > wgon

    echo connmanctl disconnect $servicename > wgoff


    now you can use those switches to start and stop wireguard.

    If you cron schedule above script you are always equipped with your current ip.

    LibreELEC (Leia) on Raspberry Pi 4B