Wireguard client

Hi everyone!

Can anyone tell me if its possible to set up a wireguard client on the vero 4k?

I cant find any packages using apt so is there a way to compile it myself?

Thanks

Peter

Wireguard wouldn’t be a package as it would be kernel modules.
So yes compiling yourself would be the way to go, but I would first wait for the 4.9 Kernel to be published for the Vero4k as then your chances might be better.
Check this thread

Wireguard has only just been merged in to Linux 5.6, so I would imagine it would be a while before this is supported in OSMC

Sam

Looking at the kernel requirements, it needs a kernel version >= 3.10, so ok there, but, unlike the OSMC Pi 2/3 kernel, the Vero4K/+ kernel currently seems to lack CONFIG_NET_UDP_TUNNEL.

This should be solved in 4.9; and we could ship it as a downstream module.

1 Like

Is there any update on how to proceed with this?

root@osmc:/etc/wireguard# uname -a
Linux osmc 3.14.29-157-osmc #1 SMP Fri Mar 20 01:38:33 UTC 2020 aarch64 GNU/Linux
root@osmc:/etc/wireguard# wg-quick up wg0
[#] ip link add wg0 type wireguard
RTNETLINK answers: Operation not supported
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0
Cannot find device "wg0"

wireguard-dkms says the headers are not available:

Module build for kernel 3.14.29-157-osmc was skipped since the
kernel headers for this kernel does not seem to be installed.

Yet /lib/modules/3.14.29-157-osmc exists.

Have you tried the testing 4.9 build?

No. IIUC this is quite buggy and might even void warranty?

Or is it somewhat stable now and easier to install?

It will not void the warranty. And while not perfect yet I’ve been running it for months with only a few problems.

as in – if things break “There is a downside to this: your system may be rendered unbootable and you’d need to open the Vero and short two pins on the mainboard to recover it if this is the case.

But seems that that thread also says testing is finished/closed.

So how do I proceed to install 4.9? apt install linux-image-4.9.0-12-arm64 ; reboot ?

Read the first post in the testing thread. [TESTING] Linux 4.9 kernel and improved video stack for Vero 4K / 4K +

1 Like

Cool – that worked:

# uname -a
Linux osmc 4.9.113-16-osmc #1 SMP PREEMPT Thu Apr 16 18:53:29 UTC 2020 aarch64 GNU/Linux

However this an issue with the headers:

root@osmc:/lib/modules# dpkg-reconfigure wireguard-dkms

------------------------------
Deleting module version: 0.0.20200318
completely from the DKMS tree.
------------------------------
Done.
Loading new wireguard-0.0.20200318 DKMS files...
Building for 4.9.113-16-osmc
Module build for kernel 4.9.113-16-osmc was skipped since the
kernel headers for this kernel does not seem to be installed.

I think you’re a bit stuck, I’m afraid.

As noted above, kernel 3.14 probably doesn’t support wireguard. I think the “kernel headers for this kernel does not seem to be installed.” message you saw might have been because of a missing symbolic link.

I’ve checked the OSMC repo and can’t see any headers for the 4.9 kernel.

One other point. Currently DKMS doesn’t wotk well with OSMC due to a few longstanding issues with the kernel headers.

So /lib/modules/4.9.113-16-osmc/build doesn’t exist and indeed there’s no 4.9 under /usr/src/

And indeed that the headers are missing for that particular kernel:

root@osmc:/lib/modules/4.9.113-16-osmc# apt search 4.9 | grep header

WARNING: apt-real does not have a stable CLI interface. Use with caution in scripts.

linux-headers-4.9.0-12-all - All header files for Linux 4.9 (meta-package)
linux-headers-4.9.0-12-all-arm64 - All header files for Linux 4.9 (meta-package)
linux-headers-4.9.0-12-all-armhf - All header files for Linux 4.9 (meta-package)
linux-headers-4.9.0-12-arm64 - Header files for Linux 4.9.0-12-arm64
linux-headers-4.9.0-12-armmp - Header files for Linux 4.9.0-12-armmp
linux-headers-4.9.0-12-armmp-lpae - Header files for Linux 4.9.0-12-armmp-lpae
linux-headers-4.9.0-12-common - Common header files for Linux 4.9.0-12
linux-headers-4.9.0-12-common-rt - Common header files for Linux 4.9.0-12-rt
linux-headers-4.9.0-11-all - All header files for Linux 4.9 (meta-package)
linux-headers-4.9.0-11-all-arm64 - All header files for Linux 4.9 (meta-package)
linux-headers-4.9.0-11-all-armhf - All header files for Linux 4.9 (meta-package)
linux-headers-4.9.0-11-arm64 - Header files for Linux 4.9.0-11-arm64
linux-headers-4.9.0-11-armmp - Header files for Linux 4.9.0-11-armmp
linux-headers-4.9.0-11-armmp-lpae - Header files for Linux 4.9.0-11-armmp-lpae
linux-headers-4.9.0-11-common - Common header files for Linux 4.9.0-11
linux-headers-4.9.0-11-common-rt - Common header files for Linux 4.9.0-11-rt

Is there any chance this will be fixed?

I am still working on a solution for the headers issue.

I can backport Wireguard for you if you are willing to test.

1 Like

I’ll gladly test this. Using Wireguard is the easiest way forward for me to route certain but not all traffic through a certain endpoint.

ill also test it when i get the time. Damn quarantined kids ;D

I would be eager to test this.

I’ve added Wireguard support to our kernel.
It will be in the next 4.9 build.

4 Likes

Perfect – this actually works:

root@osmc:/etc/wireguard# wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.200.200.52/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] ip -4 route add 52.0.0.0/11 dev wg0

root@osmc:/etc/wireguard# ping 10.200.200.1 -c 3
PING 10.200.200.1 (10.200.200.1): 56 data bytes
64 bytes from 10.200.200.1: seq=0 ttl=64 time=175.980 ms
64 bytes from 10.200.200.1: seq=1 ttl=64 time=176.109 ms
64 bytes from 10.200.200.1: seq=2 ttl=64 time=175.955 ms

--- 10.200.200.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 175.955/176.014/176.109 ms

Thanks!

1 Like