2 2
AZ8

Integrate WireGuard into kernel

Recommended Posts

WireGuard is a modern VPN service for Linux. For best performance it is requred to build WireGuard as kernel module (described at https://www.wireguard.com/install/)

 

Right now after each update of kernel of Armibian WireGuard stops work as new kernel has no compiled wireguard.ko module

 

Is it possible to integrate WireGuard to Armbian kernel?

Share this post


Link to post
Share on other sites

I don't know yet if this is the correct way to do a persistent change like this in Armbian, but the following seems to work for me:

  1. compile kernel once with CREATE_PATCHES="yes"
  2. apply WireGuard patch to kernel source when compile stops via WireGuard/contrib/kernel-tree/create-patch.sh | patch -p1
  3. save the resulting patch file in userpatches/kernel/rk3399-default/wireguard.patch to be reapplied next time

You would still have to add wireguard to the default kernel config for completely automatic compile, but as it is a new option you will be asked individually at compile time.

Share this post


Link to post
Share on other sites

Yeah you can integrate wireguard into the kernel, but you can also use DKMS framework to let it being recompiled each time a new kernel is installed.

Wireguard already comes with a small configuration file for DKMS, just follow a tutorial on how to install and setup DKMS on your machine (which is quite easy, just few steps) and register wireguard module and you're done.

Share this post


Link to post
Share on other sites

I think it would be enough for the armbian developers to support it when its merged into mainline. Until then you can patch your kernel on yourself or use DKMS framework.

Share this post


Link to post
Share on other sites

Do any of you any documentation of how you managed to do this? I am struggling with this right now for my Odroid HC2 :-(

Share this post


Link to post
Share on other sites
11 minutes ago, tpanum said:

Do any of you any documentation of how you managed to do this? I am struggling with this right now for my Odroid HC2 :-(


In case you need to install headers, use a method from armbian-config (generic will not work). Make sure to update your system before.

Share this post


Link to post
Share on other sites
29 minutes ago, Igor said:


In case you need to install headers, use a method from armbian-config (generic will not work). Make sure to update your system before.

 

I am in general struggling to get Wireguard up and running on any kind on armbian build on my Odroid HC2. Following the advice to use DKMS (based on this thread) haven't gotten me far... I'll try to install a clean armbian stretch on it now, following an `apt update && apt upgrade` and then install headers from `armbian-config`

 

Hopefully that will make it run properly.

 

I have described my issues in the following thread.

 

Share this post


Link to post
Share on other sites
On 12/11/2018 at 2:25 AM, AZ8 said:

WireGuard is a modern VPN service for Linux. For best performance it is requred to build WireGuard as kernel module (described at https://www.wireguard.com/install/)

 

Right now after each update of kernel of Armibian WireGuard stops work as new kernel has no compiled wireguard.ko module

 

Is it possible to integrate WireGuard to Armbian kernel?

 

OpenWRT 18.06 has pulled WG into their distro, and the numbers look really good compared to OpenVPN...

Share this post


Link to post
Share on other sites

Interestingly, that after upgrade from 4.14 to 4.19 wg still working without recompiling. Magic?

Share this post


Link to post
Share on other sites
7 hours ago, AZ8 said:

Interestingly, that after upgrade from 4.14 to 4.19 wg still working without recompiling. Magic?


It's in by default. Now it will be in remaining kernels as well.

Share this post


Link to post
Share on other sites
4 hours ago, Igor said:

It's in by default. Now it will be in remaining kernels as well.

 

And that's a win - even distro's outside of Armbian are doing this...

 

It's got Torvald's thumbs up, and even embedded distros have picked it up....

 

WG on chips like AR9531 (MIPS 24K) are hitting good numbers here - WG is about half the bandwidth of the host interface - which is pretty good compared to OpenVPN...

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
2 2