Reply
New Member
Posts: 22
Registered: ‎05-20-2016
Kudos: 1

Re: Release: WireGuard for EdgeRouter

[ Edited ]

Thanks for that. Already did that actually. And with that there can be days between an IP change but the thing is, there are a lot of power outages on the remote site and some of them for hours.
I would pay for a way to reset the vpn connection (instead of just rebooting manually the router on the other end so it can catch the IP change) .
With that (even a bash command) I can make a script that checks the ip and when a change is detected it will trigger a vpn reconnect.

Having to reboot a router is not really  acceptable. 

For the GRE bridge,
I'll try to make a dump so i can send it to you.
Thank you!

New Member
Posts: 1
Registered: ‎02-20-2016
Kudos: 2

Re: Release: WireGuard for EdgeRouter

If you have a script that can detect a change in IP you should be able to run:

 

sudo wg set <name of wg interface> peer "<peer public key>" endpoint <new ip>:<port>

 

to update the ip info wireguard has 

New Member
Posts: 22
Registered: ‎05-20-2016
Kudos: 1

Re: Release: WireGuard for EdgeRouter

thanks! just what I needed. In fact as I tested this it was not necessary to specify the ip but instead the hostname ex:"endpoint.com" and it updated the tunnel.
i'll just make a script that makes a "lookup <endpoint.com>" and when the ip is different from the one I have written in a file for example i'll execute the wg set ... command and update the file with tne new ip.
All this just feels like a patch that should be somehow implemented in the wireguard itself as it takes hostname as an endpoint and not only IP addresses.
Anyway, I'm more than grateful for what it is atm! It's freaking awesome !!
New Member
Posts: 22
Registered: ‎05-20-2016
Kudos: 1

Re: Release: WireGuard for EdgeRouter

does it harm to just execute a " sudo wg set wg0 peer "key=" endpoint endpoint.com:51820" every minute ? like in crontab for example?
Member
Posts: 128
Registered: ‎06-18-2013
Kudos: 110
Solutions: 2

Re: Release: WireGuard for EdgeRouter

[ Edited ]

You wrote:

> I would pay for a way to

Welp, there's always wireguard.com/donations and patreon.com/zx2c4 ... 

 

 But anyway, onto your actual issue. You're using dynamic DNS, and you want the endpoint to reflect changes. If both sides have their ports open, you can usually get away with simply doing PersistentKeepalive=25 on both ends. However, if there isn't port forwarding going on, this sometimes doesn't work.

 

So, instead, for that scenario, just set the endpoint in a cronjob or a busy loop:

 

while sleep 30; do wg set wg0 peer ABCD endpoint somewhere.on.the.inter.tubes:58120; done

 

This is safe to do, and you can run it as many times as you want. The wg(8) utility will re-resolve that domain name, and tell the wireguard kernel module about the new IP.

New Member
Posts: 22
Registered: ‎05-20-2016
Kudos: 1

Re: Release: WireGuard for EdgeRouter

Donated! (3YV73945483324921) Thanks for the links!

I've solved my issue. I forgot to set an endpoint to my far end of the tunnel (because at first I was testing a roadwarrior configuration).
I'll come back with more info about the crash with GRE-Bridge when I have a bit of time to do some testing (with a serial console on the router maybe).
Thanks!
New Member
Posts: 31
Registered: ‎05-25-2017
Kudos: 2

Re: Release: WireGuard for EdgeRouter

@Lochnair Can you please let us know when we can expect an updated package? Your latest version is 1011, and in the meantime two newer versions have been released (latest 1101). Thanks!

 

Member
Posts: 230
Registered: ‎11-01-2015
Kudos: 97
Solutions: 5

Re: Release: WireGuard for EdgeRouter

Sorry for the delay folks, packages for the latest snapshot have now been released.

New Member
Posts: 13
Registered: ‎03-08-2014
Kudos: 2
Solutions: 1

Re: Release: WireGuard for EdgeRouter

Sorry if I missed it, but for which EdgeRouter is this?

I'm currently looking at the EdgeRouter X, X SFP or Lite for some locations we have and I would love to use WireGuard.

 

 

New Member
Posts: 31
Registered: ‎05-25-2017
Kudos: 2

Re: Release: WireGuard for EdgeRouter

[ Edited ]

Super, thanks @Lochnair, upgraded & works like a charm!!

 

@ckruetze: I use it on a ERL, but other platforms are supported as well. If you go to the site where Lochnair posts his releases, you will find the following: "The Octeon release supports the all the Octeon-based models. The Ralink release supports the ER-X."

New Member
Posts: 31
Registered: ‎05-25-2017
Kudos: 2

Re: Release: WireGuard for EdgeRouter

Hi @Lochnair, can it be that there is an error in the new package? I get the following error:

 

root@ubnt:/home/admin# dpkg -i wireguard-octeon-0.0.20171122-1.deb
(Reading database ... 34740 files and directories currently installed.)
Preparing to replace wireguard 0.0.20171111-1 (using wireguard-octeon-0.0.201711                         22-1.deb) ...
Leaving 'diversion of /opt/vyatta/share/perl5/Vyatta/Interface.pm to /opt/vyatta                         /share/perl5/Vyatta/Interface.pm.vyatta by wireguard'
Unpacking replacement wireguard ...
Removing 'diversion of /opt/vyatta/share/perl5/Vyatta/Interface.pm to /opt/vyatt                         a/share/perl5/Vyatta/Interface.pm.vyatta by wireguard'
dpkg-divert: error: rename involves overwriting `/opt/vyatta/share/perl5/Vyatta/                         Interface.pm' with
  different file `/opt/vyatta/share/perl5/Vyatta/Interface.pm.vyatta', not allow                         ed
dpkg: warning: subprocess old post-removal script returned error exit status 2
dpkg: trying script from the new package instead ...
Removing 'diversion of /opt/vyatta/share/perl5/Vyatta/Interface.pm to /opt/vyatt                         a/share/perl5/Vyatta/Interface.pm.vyatta by wireguard'
dpkg-divert: error: rename involves overwriting `/opt/vyatta/share/perl5/Vyatta/                         Interface.pm' with
  different file `/opt/vyatta/share/perl5/Vyatta/Interface.pm.vyatta', not allow                         ed
dpkg: error processing wireguard-octeon-0.0.20171122-1.deb (--install):
 subprocess new post-removal script returned error exit status 2
Leaving 'diversion of /opt/vyatta/share/perl5/Vyatta/Interface.pm to /opt/vyatta                         /share/perl5/Vyatta/Interface.pm.vyatta by wireguard'
Removing 'diversion of /opt/vyatta/share/perl5/Vyatta/Interface.pm to /opt/vyatt                         a/share/perl5/Vyatta/Interface.pm.vyatta by wireguard'
dpkg-divert: error: rename involves overwriting `/opt/vyatta/share/perl5/Vyatta/                         Interface.pm' with
  different file `/opt/vyatta/share/perl5/Vyatta/Interface.pm.vyatta', not allow                         ed
dpkg: error while cleaning up:
 subprocess new post-removal script returned error exit status 2
Errors were encountered while processing:
 wireguard-octeon-0.0.20171122-1.deb
Member
Posts: 230
Registered: ‎11-01-2015
Kudos: 97
Solutions: 5

Re: Release: WireGuard for EdgeRouter

@dennisvo

I had no troubles installing the latest package on my ER-X when I tested. I see that you're upgrading from a previous release. Could you try removing the old package first?

 

sudo apt-get remove wireguard
Member
Posts: 230
Registered: ‎11-01-2015
Kudos: 97
Solutions: 5

Re: Release: WireGuard for EdgeRouter

@dennisvo

This issue has been fixed in 0.0.20171122-2, which is now available on GitHub.

New Member
Posts: 31
Registered: ‎05-25-2017
Kudos: 2

Re: Release: WireGuard for EdgeRouter

@Lochnair: Thanks! I didn't try to uninstall because all the last updates worked without uninstalling. I will try the new version without uninstalling, and see if it works. If not I'll try with uninstall. I'll report results back here.. Thanks for the quick fix!

Member
Posts: 230
Registered: ‎11-01-2015
Kudos: 97
Solutions: 5

Re: Release: WireGuard for EdgeRouter

Hey folks

 

We now have a fix for the ER-X issue in the latest release, courtesy of Tim Sedlmeyer.

 

Also, I'd like your input on this proposal, as I'm not really familar with advanced routing protocols.

New Member
Posts: 31
Registered: ‎05-25-2017
Kudos: 2

Re: Release: WireGuard for EdgeRouter

Thanks @Lochnair, works fine after your fix. Didn't have time to test the previous release, but the 20171127-1 release works perfectly...

New Member
Posts: 20
Registered: ‎10-27-2017
Kudos: 1

Re: Release: WireGuard for EdgeRouter

[ Edited ]

Nice work so far guys!  Looks great from what I've been reading.  Has this been tested on any firmware greater than whats in this forum subsection?  Man Happy

 

EDIT: And would this mess with any of my OpenVPN configuration I have?  Like be able to test them side by side type thing.

Member
Posts: 230
Registered: ‎11-01-2015
Kudos: 97
Solutions: 5

Re: Release: WireGuard for EdgeRouter

@digiblur

If you mean the 1.10 alpha, then no that won't work. To be able to update my kernel tree, I'd need the GPL sources for the images, which aren't released before GA.

New Member
Posts: 31
Registered: ‎05-25-2017
Kudos: 2

Re: Release: WireGuard for EdgeRouter

Hi @digiblur, don't know if it will mess with OpenVPN, don't believe so. And you can always deinstall, it's just a kernel module you can load an unload ('rmmod wireguard' will do). This is tested against the latest official firmware (1.9.7-hotfix4).

New Member
Posts: 4
Registered: ‎12-22-2016

Re: Release: WireGuard for EdgeRouter

I've been running WireGuard, IPSec, and OpenVPN side by side on several sites for a while. The only issue has been when building a WireGuard VPN to a site that already had a routed IPSec to the same destination and I borked mysel out of the remote router. Beyond that no issue.

Reply