Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SoftEtherVPN - WireGuard integration. Possible? #604

Closed
vampywiz17 opened this issue Aug 3, 2018 · 121 comments · Fixed by #1200
Closed

SoftEtherVPN - WireGuard integration. Possible? #604

vampywiz17 opened this issue Aug 3, 2018 · 121 comments · Fixed by #1200

Comments

@vampywiz17
Copy link

vampywiz17 commented Aug 3, 2018

See the article.

https://marc.info/?l=linux-netdev&m=153306429108040&w=2

It is posssible? (like OpenVPN, SSTP, etc...)

@chipitsine
Copy link
Member

@vampywiz17 feel free to send PR

@vampywiz17
Copy link
Author

@chipitsine
Copy link
Member

that's great. are you going to implement it ?

@BlackHoleFox
Copy link
Contributor

I don't think this could work at the moment, as Wireguard has not a trace of Windows support as of writing this. You couldn't run a server or client on Windows.

@vampywiz17
Copy link
Author

@BlackHoleFox

Sure? :)

https://tunsafe.com/

@paulmenzel
Copy link
Contributor

paulmenzel commented Aug 8, 2018 via email

@chipitsine
Copy link
Member

it is not clear about motivation behind such tickets.

looks like "guys, I did the most difficult part, I googled for you ... here are links, now it is your turn"

@paulmenzel
Copy link
Contributor

paulmenzel commented Aug 8, 2018 via email

@chipitsine
Copy link
Member

project scope is "multiprotocol vpn implementation"
in order to implement wireguard (which I like very much) someone has to write code, tests, so on...

if nobody is interested in writing such code, issue is not very usefull.

I would not limit issue to "PR only". I would say that feature request should come with understanding of "who will write the code".

@BlackHoleFox
Copy link
Contributor

According to the official site, there are none, and advise against using third party ones.
image

@chipitsine
Copy link
Member

SE VPN is 3rd party from that point of view

@davidebeatrici davidebeatrici added this to Feature requests in VPN Server/Bridge Sep 6, 2018
@Corsten56
Copy link

+1 to request, just subscribing.

@chipitsine
Copy link
Member

nice, we are getting closer and closer
+1 from me as well

@ghost
Copy link

ghost commented Jun 13, 2019

wth +1 for me too
been experimenting with wireguard for a bit. would love to use SE's management tools with the wireguard protocol.

@amanjuman
Copy link

+1 too. Wire Guard is the best.

@DRSDavidSoft
Copy link
Contributor

DRSDavidSoft commented Oct 20, 2019

I'm particularly interested to see Wireguard be used as a replacement to OpenVPN in already excellent SoftEther stack.

@chipitsine
Copy link
Member

+25

@chinamore
Copy link

I tried Wire Guard. The Android mobile phone is not bad, but I just want softether to support Wire Guard on the server. After I test, the connection of Wire Guard is very unstable and there will be interruption, but because of the Android mobile phone, Existing, has more advantages than the current softether on Android, and in China, I just want to support Wire Guard on the server side, then we SOFTETHER will be more powerful

@chinamore
Copy link

Anyway, openvpn is dead, but the free WIREGUARD server is still alive, but the feature code is too strong, I don't know how long it can live, I think it is time to add support, but my technology is really good! It must be a very complicated operation

@chinamore
Copy link

BlackHoleFox
Actually think about that we rarely run softether server on windows server, and the key problem is that the kernel must be forced to be updated when linux is running, which will cause compatibility problems for deployment. Of course, I did not find any problems when updating the kernel. What I want to say is: "Fear what, let's do it. For the sake of freedom, the Chinese are not afraid. Hong Kong has won."

@ByronAP
Copy link

ByronAP commented Apr 4, 2020

+100 on this issue getting bumped up in priority now that wg is 1.0 and in kernel

@metalefty
Copy link
Contributor

Should be +1 per a person.

@chinamore
Copy link

+1

@ab2525
Copy link

ab2525 commented Apr 6, 2020

+1 would love to leverage wg along with softether management

@ppcharli
Copy link

ppcharli commented Apr 8, 2020

+1

@chipitsine
Copy link
Member

dear sirs, you are not limited to +1 per single person.
feel free to add +100 or even +200

however, it is community driven project with no roadmap.
if you want something to happen, someone has to submit PR

@andrewfer000
Copy link

andrewfer000 commented Dec 11, 2020

I fixed the problem. It was KDE's VPN configuration software that was the issue. I believe that is the case because I have to manually set the Default Gateway and that's no good with WireGuard to begin with. So yea don't use the GUI but instead use wg-quick. This is so cool! This is such as great addition to SoftEther!

Btw, in the case of my home network which supports IPv6 can SoftEther's WireGuard support it since I know the WireGuard protocol itself does.

@davidebeatrici
Copy link
Member

I fixed the problem. It was KDE's VPN configuration software that was the issue. I believe that is the case because I have to manually set the Default Gateway and that's no good with WireGuard to begin with. So yea don't use the GUI but instead use wg-quick. This is so cool! This is such as great addition to SoftEther!

Interesting. Is it perhaps adding extra parameters to the WireGuard interface?

Btw, in the case of my home network which supports IPv6 can SoftEther's WireGuard support it since I know the WireGuard protocol itself does.

The current implementation only supports IPv4, but I'm planning to add IPv6 support as soon as possible.

@davidebeatrici
Copy link
Member

Support for WireGuard now in master!

@davidebeatrici davidebeatrici unpinned this issue Mar 2, 2021
@ekavun
Copy link

ekavun commented Sep 20, 2021

Hello all!
If I understand well, Wireguard is now supported by Softether.
Is there any documentation to get set up?
How to enable Wireguard, how to assign IPs (Wireguard only works with static client IPs), used in SecureNat only or bridged? Etc. I'm using vpncmd only.
I hope my comment remains within acceptable boundaries of the issue. I'm only using vpncmd.

@davidebeatrici
Copy link
Member

davidebeatrici commented Sep 20, 2021

Hello, right now WireGuard is actually only configurable through vpncmd:

  1. Use SetStaticNetwork to set the non-DHCP network parameters, such as gateway and subnet.
  2. Use ProtoOptionsGet WireGuard to retrieve the server's private key. You can then use GetPublicX25519 to derive the public key for the client configuration.
  3. Use WgkAdd to associate the client's public key to a specific user in a specific virtual hub. You can generate a new keypair using GenX25519.

Client-side you can set any static IP address you want, as long as it's part of the network specified using SetStaticNetwork.

@ekavun
Copy link

ekavun commented Sep 20, 2021

This is amazing, congrats!
How does the IP allocation work for a user? Can the user pick any IP in the subnet, or is there a way to specify the allowed IP and net mask for a particular user? I'm referring to the "AllowedIPs" option in the peer section of a typical Wireguard config.

Thanks again!

@davidebeatrici
Copy link
Member

Right now there is no filter unfortunately, but it's definitely something we will implement.

@anshibanov
Copy link

Any updates here? May be GUI already can config wireguard?

@davidebeatrici
Copy link
Member

Unfortunately not, but you can use vpncmd.

@AliKhadivi
Copy link

GetPublicX25519 and GenX25519 don't work!

@davidebeatrici
Copy link
Member

Why?

@AliKhadivi
Copy link

Say: Command not found

@davidebeatrici
Copy link
Member

What version are you using?

@AliKhadivi
Copy link

master

image

@davidebeatrici
Copy link
Member

$ ./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility Developer Edition
SoftEther VPN Command Line Management Utility (vpncmd command)
Developer Edition
Version 5.02 Build 5180   (English)
Compiled 2022/07/11 17:11:00 by user at User-PC
Copyright (c) all contributors on SoftEther VPN project in GitHub.
Copyright (c) Daiyuu Nobori, SoftEther Project at University of Tsukuba, and SoftEther Corporation.
All rights reserved.

By using vpncmd program, the following can be achieved. 

1. Management of VPN Server or VPN Bridge 
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)

Select 1, 2 or 3: 3

VPN Tools has been launched. By inputting HELP, you can view a list of the commands that can be used.

VPN Tools>?
You can use the following 8 commands: 
 About           - Display the version information
 Check           - Check whether SoftEther VPN Operation is Possible
 GenX25519       - Create new X25519 keypair
 GetPublicX25519 - Retrieve public X25519 key from a private one
 MakeCert        - Create New X.509 Certificate and Private Key (1024 bit)
 MakeCert2048    - Create New X.509 Certificate and Private Key (2048 bit)
 TrafficClient   - Run Network Traffic Speed Test Tool in Client Mode
 TrafficServer   - Run Network Traffic Speed Test Tool in Server Mode

To reference the usage for each command, input "command name ?" to view a help.
The command completed successfully.

VPN Tools>GenX25519
GenX25519 command - Create new X25519 keypair

Private key: gEDPN4IUr784tm5AGXs5X/AcOkEE06PDGqhstrTBwVw=
Public key: 4xFeORLFSzd2wI8q13gRwIdhF2+G1/2W6I8zZuoG50w=

The command completed successfully.

VPN Tools>GetPublicX25519
GetPublicX25519 command - Retrieve public X25519 key from a private one
Private key: gEDPN4IUr784tm5AGXs5X/AcOkEE06PDGqhstrTBwVw=


Public key: 4xFeORLFSzd2wI8q13gRwIdhF2+G1/2W6I8zZuoG50w=

The command completed successfully.

VPN Tools>

@AliKhadivi
Copy link

I understood what my problem was. My problem was that I was running these commands inside a hub

Thank you for very good support

@davidebeatrici
Copy link
Member

You're welcome!

@youring
Copy link

youring commented Nov 3, 2022

GenX25519 - Create new X25519 keypair
GetPublicX25519 - Retrieve public X25519 key from a private one

Hello, @davidebeatrici
I build SoftEther Version 5.02 Build 5180 for OpenWrt, but can not find these two commands, only the other 6 command is available. Did I miss something?

VPN Tools>HELP
You can use the following 6 commands:
 About         - Display the version information
 Check         - Check whether SoftEther VPN Operation is Possible
 MakeCert      - Create New X.509 Certificate and Private Key (1024 bit)
 MakeCert2048  - Create New X.509 Certificate and Private Key (2048 bit)
 TrafficClient - Run Network Traffic Speed Test Tool in Client Mode
 TrafficServer - Run Network Traffic Speed Test Tool in Server Mode

Edit: I use the latest release on Jun 24th, 2021, these two commands were added on Jul 7, 2021. That's the reason! Sorry to distrub;) @davidebeatrici

@davidebeatrici
Copy link
Member

No worries. Is everything working properly on OpenWrt?

@youring
Copy link

youring commented Nov 5, 2022

No luck, seems some patches need to be updated on OpenWrt. Currently given up...

@shamilsun
Copy link

Could someone post a clear example how to integrate wireguard client into softher hub.

A steps for reproduce connection

@shakibamoshiri
Copy link

shakibamoshiri commented Dec 14, 2022

Could someone post a clear example how to integrate wireguard client into softher hub.

A steps for reproduce connection

Are looking for setting up WG via ./vpncmd ?
Or you are looking for connecting a separate WG server into SE server via SE local-bridge ?

@ekavun
Copy link

ekavun commented Dec 14, 2022 via email

@shamilsun
Copy link

WG server into SE server via SE local-bridge ?

this one will be nice..

but i would like to see any options... yes it can be case how to connect wg client into SE HUB

@shakibamoshiri
Copy link

shakibamoshiri commented Jan 30, 2023

sudo iptables -t nat -A POSTROUTING -s 192.168.30.0/24 ! -d 192.168.30.0/24 -j SNAT --to-source

  1. As tested the CMD for WG are not available if from release page downloaded, but if repo is cloned and built it will be available
  2. I could make it work on my local machine, everything seems to be good, except there is a delay for initial connectivity . So ping -c4 8.8.8.8 hangs and replies 100% packet loss. But second ping -c4 8.8.8.8 will be okay

@shakibamoshiri
Copy link

shakibamoshiri commented Jan 30, 2023

I would personally be interested in examples with vpncmd. Key generations, client configuration, IP and routing and DNS settings, and configuration export. Thanks!

On Dec 14, 2022, at 11:21 AM, Shakiba Moshiri @.***> wrote: Could someone post a clear example how to integrate wireguard client into softher hub. A steps for reproduce connection Are looking for setting up WG via ./vpncmd ? Or you are looking for connecting a separate WG server into SE server via SE local-bride ? — Reply to this email directly, view it on GitHub <#604 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF7LKBKDSMTGPUZA52JRY43WNGNTTANCNFSM4FNXI4SA. You are receiving this because you are subscribed to this thread.

follow these conversations

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
VPN Server/Bridge
Feature requests
Development

Successfully merging a pull request may close this issue.