02-13-2018 07:18 AM
02-15-2018 08:18 AM
Unfortuantly I had to update to the .10 release for edgemax x and now cant use wireguard. I tried cloning and building the changes from tssva (https://github.com/tssva/vyatta-wireguard/tree/edgeos-v1.10) however I am getting this from the module: insmod wireguard.ko
Error: could not insert module wireguard.ko: Invalid module format
I can see the kernal level is now 3.10.107-UBNT - so I suspect that is the problem. I am not sure exactly how to build the module at the moment. Has anybody gotten this far
02-15-2018 09:14 AM
You've come to the right conclusion, but sadly there's nothing you (or we) can do before UBNT releases the GPL archives with the latest kernel tree. That's also the reason Tim's 1.10 changes aren't merged yet.
02-16-2018 02:40 PM
The GPL sources were finally released earlier today, and so I'm happy to announce that we now have WireGuard builds for EdgeOS v1.10.
Please be aware that the changes that was done to update the configuration interface to 1.10 is largely untested, so I expect a few bugs to pop up.
I know there's quite a few bugs in 1.10 at the moment, so for those staying behind on 1.9.7, I'll maintain builds for both versions for a while.
02-16-2018 02:50 PM
I meant to say - where do they release the GPL code? I would love to take a look at it...
It is on the downloads page with the firmware. Click on the desired entry and it will expand where you'll see two additional links - one for 'Download Release Notes' and the other for 'Download GPL Archive'
02-16-2018 08:19 PM - edited 02-16-2018 10:40 PM
I have a real beginner problem. I'm so close to getting WireGuard setup on my edgemax x router. I've installed it and setup an account with Azirevpn. But when I enter wg-quick up azirevpn-us1 I get the error message:
[#] ip link add azirevpn-us1 type wireguard
[#] wg setconf azirevpn-us1 /dev/fd/63
[#] ip address add 10.40.8.43/19 dev azirevpn-us1
[#] ip address add 2606:ed00:2:4000::82c/64 dev azirevpn-us1
[#] ip link set mtu 1420 dev azirevpn-us1
[#] ip link set azirevpn-us1 up
[#] resolvconf -a tun.azirevpn-us1 -m 0 -x
/usr/bin/wg-quick: line 72: resolvconf: command not found
What am I missing or doing wrong? It looks like the issue is with resolvconf and I checked and it is in the /etc folder. Any help would be very appreciated!
02-17-2018 08:59 AM
The issue your seeing is caused by resolvconf not being installed, which is to be expected since it's not used on EdgeOS.
wg-quick doesn't really fit on the EdgeRouters, so we've never even tested it.
The right way would be to adapt the wg-quick config to the Vyatta configuration scheme:
edit interfaces wireguard wg0 set private-key "<insert_private_key_here>" set address <insert_ipv4_address_here> set address <insert_ipv6_address_here> set peer "T28Qn5VFzT4wiwEPd7DscwcP3Rsmq23QcnjH1N5G/wc=" allowed-ips 0.0.0.0/0 set peer "T28Qn5VFzT4wiwEPd7DscwcP3Rsmq23QcnjH1N5G/wc=" allowed-ips ::/0 set peer "T28Qn5VFzT4wiwEPd7DscwcP3Rsmq23QcnjH1N5G/wc=" endpoint "22.214.171.124:51820"
Please note that this will most likely fail to commit, due to you having a default route from your ISP modem in your routing table. You can stop the allowed-ip entries from getting added to the routing table automatically by setting route-allowed-ips to false.
This also doesn't cover using AzireVPN's DNS resolver. You can either set the ER-X DNS forwarder to only use their resolver, or use DNAT rules to force clients to use their resolver directly. I'd need to know more about your setup to be sure what's the best solution.
02-18-2018 09:51 AM
Thank you so much for your input! This helped alot. I followed your configuration and I now have a nice little wg0 interface up and running:
interface: wg0 public key: kDOFAC9z9G1A8uuj87Ap+Zr8Kw6TJvtFqEWzhAJbuX0= private key: (hidden) listening port: 33800 peer: Df5xfXLo8cOxEkeZrYis9cm9QvQjAGL6UMco+X9lnHU= endpoint: 126.96.36.199:51820 allowed ips: 0.0.0.0/0, ::/0 latest handshake: 11 hours, 7 minutes, 22 seconds ago transfer: 13.53 KiB received, 55.33 KiB sent
I'm a little stuck on the DNS portion. My ER-X is set up to have a main network, a separate for IOT devices, and a guest connection. How should DNS be configured for this setup with Azirevpn?
Also once DNS has been configured how can I route all my traffic through the wg0 interface now that's it's active?
02-18-2018 01:40 PM
I got it to load by doing an insmod ./ip_tunnel.ko in /lib/modules/3.10.107-UBNT/kernel/net/ipv4 and then insmod wireguard.ko
now I need to figure out how to make it load that module first on boot so it will not require fiddling
02-18-2018 03:11 PM
This should happen automatically when loading the wireguard module. My guess is that the file listing a modules dependencies is not updated, in which case WireGuards dependencies will not get loaded.
You can check by running:
grep wireguard /lib/modules/3.10.107-UBNT/modules.dep
If there's no output, it means you need to update the list, by doing:
sudo depmod -a
What's curious is that we run depmod automatically when the wireguard package is installed, so I can't really tell why it wouldn't have gotten updated.
02-19-2018 07:55 AM
grep wireguard /lib/modules/3.10.107-UBNT/modules.dep
kernel/net/wireguard.ko: kernel/net/ipv4/ip_tunnel.ko kernel/net/ipv6/ipv6.ko
It is there but still didnt load. I did the hand work and poof. This is on a new clean machine. I will do some more looking on this after I get it up and running all the way.