WireGuard

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2, 3, 4  Next
Author Message
KittyChampion
DD-WRT Novice


Joined: 19 Sep 2017
Posts: 23

PostPosted: Tue Nov 28, 2017 19:43    Post subject: WireGuard Reply with quote
NOTE: The most updated documentation for WireGuard is currently in: WireGuard guides and documentation

Quote:
WireGuard, a Revolutionary VPN Project, Adds Support for Android ROMs

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

https://www.wireguard.com/

https://www.xda-developers.com/wireguard-vpn-project-support-android-roms/

https://forum.xda-developers.com/android/development/wireguard-rom-integration-t3711635

Quote:
Quote:
Have you been in contact with devs behind DD-WRT, AsusWRT-Merlin, Tomato, etc. to help them integrate it into their router firmwares? I'm interested in the improved security, but it won't be easier than OpenVPN for a lot of people until it's baked into their router.


As far as router firmware goes, in addition to the ordinary Linux distros, it's also integrated into OpenWRT/LEDE and EdgeOS. I haven't talked to the DD, Merlin, and Tomato people yet though. That's a good suggestion.


I just found about this on xda. What do you guys think?
Sponsor
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Tue Nov 28, 2017 19:57    Post subject: Reply with quote
Sounds good, but not widely supported, as you can see by their comparison, IPSec has great performance. IPSec support is all over the place. Android,iOS,Android natively support IPSec. Not sure how easy it is to auto generate the config for this new vpn solution.

Once I have time again, I'll work on IPSec again, last time I tested the integrated IPSec (in my builds) it just needed a few clicks to set it all up including client setup.

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
KittyChampion
DD-WRT Novice


Joined: 19 Sep 2017
Posts: 23

PostPosted: Tue Nov 28, 2017 20:45    Post subject: Reply with quote
Hi, Kong.

Which comparison are you referring to?

Edit: Ignore above question. I thought there is a comparison chart which shows IPSec having a greater performance than WireGuard. But you meant having a great performance, closer to WireGuard but significantly better than OpenVPN.



Thanks for the response.


Last edited by KittyChampion on Tue Nov 28, 2017 20:52; edited 1 time in total
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889

PostPosted: Tue Nov 28, 2017 20:51    Post subject: Reply with quote
<Kong> wrote:


Once I have time again, I'll work on IPSec again, last time I tested the integrated IPSec (in my builds) it just needed a few clicks to set it all up including client setup.


Some instructions on how to get it running would be good! As far as I understand you first enable freeradius and generate certificates. Not entirely clear if it's enough to then just enable IPSec server and transfer certificates to the clients. Not clear what to put in the ip/net field under "clients".

_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
KittyChampion
DD-WRT Novice


Joined: 19 Sep 2017
Posts: 23

PostPosted: Tue Nov 28, 2017 20:59    Post subject: Reply with quote
d0ug wrote:
Never heard of them, I would definitely want to make sure that code were well audited before sticking it into the kernel of any device.


Quote:
WireGuard has been designed with ease-of-implementation and simplicity in mind. It is meant to be easily implemented in very few lines of code, and easily auditable for security vulnerabilities. Compared to behemoths like *Swan/IPsec or OpenVPN/OpenSSL, in which auditing the gigantic codebases is an overwhelming task even for large teams of security experts, WireGuard is meant to be comprehensively reviewable by single individuals.




I agree though.
diesel2k
DD-WRT User


Joined: 28 Dec 2009
Posts: 58

PostPosted: Wed Nov 29, 2017 10:56    Post subject: Reply with quote
<Kong> wrote:
Sounds good, but not widely supported, as you can see by their comparison, IPSec has great performance. IPSec support is all over the place. Android,iOS,Android natively support IPSec. Not sure how easy it is to auto generate the config for this new vpn solution.

Once I have time again, I'll work on IPSec again, last time I tested the integrated IPSec (in my builds) it just needed a few clicks to set it all up including client setup.


I would love a guide for this. I think some "easy" to setup IPSEC vpn is a huge miss in dd-wrt. Everyone on ios/mac os cannot use PPTP anymore.

_________________
Internet Router: Edgerouter ER-X v.1.10
Acces Point: R7000 v. Latest Kong
jwh7
DD-WRT Guru


Joined: 25 Oct 2013
Posts: 2670
Location: Indy

PostPosted: Wed Nov 29, 2017 13:11    Post subject: Reply with quote
d0ug wrote:
Never heard of them, I would definitely want to make sure that code were well audited before sticking it into the kernel of any device.
This isn't brand new; only the Android integration aspect (is now easy). The XDA article stated that Greg Kroah-Hartman (maintainer of various Linux kernel subsystems, for those that don't know) was involved in a code review with "a few" others:
Greg wrote:
...few of us did a "code walkthrough" of the wireguard kernel codebase, displaying it on a large screen and walking through the various functionality "here's the receive path, here's the transmit path, here's the cookie handling, etc." which was really informative and highly recommended. I could only stick around for 4 hours, but I saw the main portions, and the other participants finished out the rest a few hours later.

Now I'm trying out a "commercial" vpn who is offering wireguard nodes, to see how well that works out. So far it's just so much simpler to configure and run than any OpenVPN client so on that point alone it's worth it.

Also, "The WireGuard protocol...has been formally verified in the symbolic model using Tamarin" with details here:
https://www.wireguard.com/formal-verification/

_________________
# NAT/SFE/CTF: limited speed w/ DD # Repeater issues # DD-WRT info: FAQ, Builds, Types, Modes, Changes, Demo #
OPNsense x64 5050e ITX|DD: DIR-810L, 2*EA6900@1GHz, R6300v1, RT-N66U@663, WNDR4000@533, E1500@353,
WRT54G{Lv1.1,Sv6}@250
|FreshTomato: F7D8302@532|OpenWRT: F9K1119v1, RT-ACRH13, R6220, WNDR3700v4
kooper2013
DD-WRT User


Joined: 10 Jan 2013
Posts: 109
Location: DE

PostPosted: Fri Jan 19, 2018 23:24    Post subject: WireGuard Reply with quote
WireGuard is coming in since
http://svn.dd-wrt.com/changeset/34416

Version of WG then was 0.0.20171221. Now BS is on it. LEDE is supporting it already.

I hope WG isn't too good to be true.

Currently only (?) Mullvad seems to support it yet officially.

_________________
3xBuffalo WLI-H4-D1300
1xBuffalo WZR-D1800H
1xBuffalo WHR-HP-G300N
1xBuffalo WHR-1166D (stock f/w)
1xAsus RT-AC87U
1xAsus RT-AC88U
1xTP710
aventus
DD-WRT User


Joined: 02 May 2014
Posts: 61

PostPosted: Sat Jan 20, 2018 10:01    Post subject: Reply with quote
@kooper2013

Mullvad and azirevpn
kooper2013
DD-WRT User


Joined: 10 Jan 2013
Posts: 109
Location: DE

PostPosted: Sat Jan 20, 2018 12:22    Post subject: Reply with quote
aventus wrote:
@kooper2013

Mullvad and azirevpn


Thanks. Very interesting, AzireVPN has been somehow below my radar.

AND WireGuard currently is free at AzireVPN:

Quote:
WireGuard with AzireVPN is currently free for everyone

Everything has been running smoothly so far, and we are now interested in testing our WireGuard infrastructure at larger scale. We have therefore decided to open up our WireGuard servers for free. Simply sign up to connect to all of our WireGuard endpoint locations!


Cheers.

_________________
3xBuffalo WLI-H4-D1300
1xBuffalo WZR-D1800H
1xBuffalo WHR-HP-G300N
1xBuffalo WHR-1166D (stock f/w)
1xAsus RT-AC87U
1xAsus RT-AC88U
1xTP710
labo
DD-WRT Guru


Joined: 30 Jan 2015
Posts: 676
Location: Texas, USA

PostPosted: Sun Jan 21, 2018 0:52    Post subject: Reply with quote
Cant't wait... Pretty impressive benchmark:
_________________
ASUS GT-BE98 PRO Main: Fiber 5gbps up/down
ASUS AXE16000: AI Mesh node
2 X ASUS RT-AX89X: AI Mesh nodes
QNAP QSW-1208-8C 12-Port 10GbE Switch
XS712T ProSafe 12-Port 10GbE Switch
3 X R9000 DD-WRT Mesh
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889

PostPosted: Wed Jan 31, 2018 14:51    Post subject: Reply with quote
Anyone tried it? Have viewed some of BS changes in the SVN and WireGuard seems to replace "eoip-networking" which I've never tried. WireGuard seems promising. If it works well I'll replace a couple of OpenVPN bridges with it when available.
_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
aventus
DD-WRT User


Joined: 02 May 2014
Posts: 61

PostPosted: Fri Feb 02, 2018 16:34    Post subject: Reply with quote
Any news on wireguard with ddwrt?
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889

PostPosted: Mon Feb 05, 2018 10:56    Post subject: Reply with quote
Upgraded one of my routers to Kong newest build (34790). Noticed that the tab named eoip-tunnel is now called “tunnel”. This under the “Setup” tab.
There are two alternative tunnels selectable. Suspect the first alternative is WireGuard.
Have no information on how to setup though.
When I setup a second router with a recent build and have time to spare I’ll look into it further.

_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Homerroot
DD-WRT Novice


Joined: 31 Oct 2015
Posts: 5
Location: Stuttgart, Germany

PostPosted: Sat Feb 10, 2018 13:10    Post subject: Reply with quote
wabe wrote:
Upgraded one of my routers to Kong newest build (34790). Noticed that the tab named eoip-tunnel is now called “tunnel”. This under the “Setup” tab.
There are two alternative tunnels selectable. Suspect the first alternative is WireGuard.
Have no information on how to setup though.
When I setup a second router with a recent build and have time to spare I’ll look into it further.


Hey guys,
I set up a EoIP Tunnel on the newest beta version 34876. What do I have to do next to route all my traffic through that EoIP tunnel?

My Asus nt18u is connected to another router via LAN where he gets his internet connection from.

I already set up a wireguard vpn connection on my android smartphone with Mullvad VPN. Works perfect and is amazing fast so I want to set it up on my router, too.

Thanks and greetings
Homerroot
Goto page 1, 2, 3, 4  Next Display posts from previous:    Page 1 of 4
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum