Reply
New Member
Posts: 8
Registered: ‎08-03-2016

Re: Release: WireGuard for EdgeRouter

[ Edited ]

@Lochnair : First, Thank you very much for your work.Since the last 3 month, I have in production 3 ER-X  connected with wireguard behind 3 ISP routers.

In your last release (0.0.20171127), I have a problem with "persistent keepalive" witch I use because of NAT. Percistent keepalive is missing from "sudo wg" command line. (0.0.20171011 was OK)

If we add it again, an error tells us : "the specific configuration node already exits". I suspect it does not work because the first ping to the remote subnet does not work anymore. It is often necessary to make several attempts.

 

See screeshots below :

wg erx previous version.JPGPrevious Versionwg erx last version.JPGLast Version (0.0.20171127)

 

Edit : After delete and insert the node, I notice that the command does not take into consideration the time (25s) and systematically turns off

 

persistent-keepalive.JPGsudo wg show all persistent-keepalive

 

New Member
Posts: 13
Registered: ‎08-15-2016
Kudos: 2

Re: Release: WireGuard for EdgeRouter

@Lochnair

 

I'm trying to run WireGuard on EdgeRouter Infinity but it looks like current octeon packages are not compatible with current Infinity firmware.

 

Kernel version 3.10.87

cpuinfo

root@ubnt:/home/ubnt# cat /proc/cpuinfo
system type : UBNT_E1000
machine : Unknown
processor : 0
cpu model : Cavium Octeon III V0.2 FPU V0.0
BogoMIPS : 3600.00
wait instruction : yes
microsecond timers : yes
tlb_entries : 256
extra interrupt vector : yes
hardware watchpoint : yes, count: 2, address/irw mask: [0x0ffc, 0x0ffb]
isa : mips1 mips2 mips3 mips4 mips5 mips64r2
ASEs implemented : vz
shadow register sets : 1
kscratch registers : 4
core : 0
VCED exceptions : not available
VCEI exceptions : not available

 

Is it possible to build debs for Infinity or should we just wait for firmwares to sync kernel versions ?

New Member
Posts: 18
Registered: ‎12-17-2017
Kudos: 1

Re: Release: WireGuard for EdgeRouter

[ Edited ]

I added experimental support for the Infinity to my repository. I don't have this router, so some brave soul needs to test it and give me some feedback. If it works for people I will push releases for the Infinity until Lochnair supports the Infinity in his releases. It can be downloaded at https://github.com/tssva/vyatta-wireguard/releases/tag/0.0.20171211-1-infinity.

 

Member
Posts: 230
Registered: ‎11-01-2015
Kudos: 97
Solutions: 5

Re: Release: WireGuard for EdgeRouter

Sorry for being MIA for a while guys, I've basically been without usable internet access, as both my ADSL links have been utterly useless the last couple of weeks (0.2 Mbit DL), plus one of the modems died and I still haven't received a new one.

 

@Zoe9

Thanks for the bug report. This was fixed in master, but I haven't pushed a new release yet.

 

@svschwartz

If the builds by @tsedlmeyer works as expected, I'll wait until the release of 1.10 when the kernel versions sync up.

New Member
Posts: 18
Registered: ‎12-17-2017
Kudos: 1

Re: Release: WireGuard for EdgeRouter

Lochnair released version 0.0.20171221-1 and I'm once again willing to create and release a version for the ER-8-XG; however, no one has responded regarding whether they were able to successfully use the package I released. Is there still demand for a version for the ER-8-XG? If so, let me know and I will create a package for this version.

New Member
Posts: 34
Registered: ‎12-21-2016
Kudos: 8
Solutions: 1

Re: Release: WireGuard for EdgeRouter

I can test on the ER-4, is that compatible?
New Member
Posts: 3
Registered: ‎12-27-2017

Re: Release: WireGuard for EdgeRouter

I want to route all non-internal traffic through the wg0 interface (because I'm using wg as a network proxy of  sorts).

 

Configuring the interface was easy enough:

 

 

$  show configuration commands | match wireg 
set interfaces wireguard wg0 address 10.99.x.x/32
set interfaces wireguard wg0 listen-port 51820
set interfaces wireguard wg0 peer XXXXX= allowed-ips 0.0.0.0/0
set interfaces wireguard wg0 peer XXXXX= endpoint 'my.peer:51820'
set interfaces wireguard wg0 private-key /config/auth/wg.key
set interfaces wireguard wg0 route-allowed-ips false

 

 

Using wg show I can see that the interface is up and connected. However I'm  having trouble routing traffic through the wg0 interface. I can't reach any machines on the other side.

 

 

$ show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       > - selected route, * - FIB route, p - stale info
IP Route Table for VRF "default"
S    *> 0.0.0.0/0 [210/0] via y.y.y.y, eth0
C    *> 0.0.0.0/32 is directly connected, wg0
C    *> y.y.y.0/24 is directly connected, eth0
C    *> 10.22.22.0/24 is directly connected, switch0
C    *> 10.99.x.x/32 is directly connected, wg0
C    *> 127.0.0.0/8 is directly connected, lo

Where y.y.y.y is the ip address of the router on the WAN side (from the ISP modem).  10.22.22.0/24 is the subnet of my  LAN (ports eth2-eth4 on the edgerouter poe).

 

 

How exactly do I enable a default route for the wg0 interface?

 

Versions: EdgeOSv1.9.7+hotfix.4, and wireguard 0.0.20171221.

New Member
Posts: 18
Registered: ‎12-17-2017
Kudos: 1

Re: Release: WireGuard for EdgeRouter


rmblr wrote:

 

How exactly do I enable a default route for the wg0 interface?

 

You want to set a static interface route.

 

set protocols static interface-route 0.0.0.0/0 next-hop-interface wg0
New Member
Posts: 4
Registered: ‎11-21-2017

Re: Release: WireGuard for EdgeRouter

Hello. I'm trying to test wireguard in my routers (edgerouter infinity  with 10g sfp+ modules)

iperf3 with 1 client to 1 server:

[ ID] Interval           Transfer     Bandwidth       Retr
[  5]   0.00-60.00  sec  7.99 GBytes  1.14 Gbits/sec  375         sender
[  5]   0.00-60.00  sec  7.99 GBytes  1.14 Gbits/sec              receiver

 

If i use iperf3 with 100 parallel clients gives me 600mb/s total speed

New Member
Posts: 4
Registered: ‎11-21-2017

Re: Release: WireGuard for EdgeRouter

[ Edited ]

@tsedlmeyer, i need new build for er8-xg (1.9.7+hf4) Linux ubnt 3.10.87-UBNT #1 SMP Wed Aug 30 04:51:20 PDT 2017 mips64 GNU/Linux
I have installed wireguard, its alive works, but speed is not fast. I wanna to test new builds and hopefully get better results

New Member
Posts: 18
Registered: ‎12-17-2017
Kudos: 1

Re: Release: WireGuard for EdgeRouter

Release 0.0.20171221-1 for the EdgeRouter 8-XG posted to https://github.com/tssva/vyatta-wireguard/releases

New Member
Posts: 33
Registered: ‎11-18-2016
Kudos: 11
Solutions: 1

Re: Release: WireGuard for EdgeRouter

Firmware 1.9.8 was just poseted to the downloads section along with the GPL archive. This is the release firmware version for the ER-4 and ER-6P.

 

When do you think you'll be able to have a build of wireguard for this?  I have an ER-4 that I plan to configure and replace my current ERPOE5 in the next few weeks. It would be nice to be able to setup wireguard at the same time.

 

Thanks.

 

New Member
Posts: 18
Registered: ‎12-17-2017
Kudos: 1

Re: Release: WireGuard for EdgeRouter

@vasilyog iperf3 is single threaded. Have you verified that the 100 parallel client test isn't pegging the CPU core it is assigned to at 100% on the client or server? In general if you are testing a large number of multiple connections using iperf2, which is multi-threaded, or launching multiple instances of iperf3 and distributing the connections across them is recommended.
New Member
Posts: 18
Registered: ‎12-17-2017
Kudos: 1

Re: Release: WireGuard for EdgeRouter

@evildog I won't have time to download and look at the gpl ER-4 release until at least the later part of next week.
Member
Posts: 230
Registered: ‎11-01-2015
Kudos: 97
Solutions: 5

Re: Release: WireGuard for EdgeRouter

@evildog

Please try the binaries I just pushed for the ER-4/ER-6 from the GitHub release page.

New Member
Posts: 34
Registered: ‎12-21-2016
Kudos: 8
Solutions: 1

Re: Release: WireGuard for EdgeRouter

[ Edited ]

@Lochnair thanks very much for posting a release for e300! 

 

Working great on ER-4, getting about 433 Mbits/sec on device to server iperf3 over wg.

Member
Posts: 164
Registered: ‎01-30-2014
Kudos: 97
Solutions: 3

Re: Release: WireGuard for EdgeRouter

@jugs and did you try wit hthe SFE Package too ? ^_^
New Member
Posts: 34
Registered: ‎12-21-2016
Kudos: 8
Solutions: 1

Re: Release: WireGuard for EdgeRouter

@Altheran AFAIK there are no SFE packages for e300 yet, does it improve WireGuard throughput as well?

Member
Posts: 230
Registered: ‎11-01-2015
Kudos: 97
Solutions: 5

Re: Release: WireGuard for EdgeRouter

@jugs

No, threre's not. And yes, it will improve forwarding performance when using WireGuard.

Veteran Member
Posts: 5,686
Registered: ‎07-03-2008
Kudos: 1779
Solutions: 137

Re: Release: WireGuard for EdgeRouter

[ Edited ]

EdgeOS 1.10.0 is also moving towards release.  Same kernel version as 1.9.7 (at least numerically from uname) but quite a few userland changes.

Reply