luci-proto-wireguard: WireGuard VPN Protocol (New) #852
Conversation
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It runs over UDP. Signed-off-by: Dan Lüdtke mail@danrl.com
|
Related: openwrt/packages#3514 |
|
With luci support this is getting better and better hopefully this gets merged into openwrt, really looking foward to get an VPN running with a gui on a 32 MB RAM and 4 MB ROM MIPS device (https://wiki.openwrt.org/toh/unbranded/a5-v11). |
Signed-off-by: Dan Lüdtke <mail@danrl.com>
|
|
||
| function proto.is_installed(self) | ||
| return nixio.fs.access("/lib/netifd/proto/wireguard.sh") | ||
| end |
There was a problem hiding this comment.
File wireguard.sh is provided by package wireguard-tools which requires kmod-wireguard. Both are included in meta package wireguard.
Related PR: openwrt/packages#3514
There was a problem hiding this comment.
Merged openwrt/packages#3514. Please squash the commits in this PR.
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It runs over UDP. Signed-off-by: Dan Lüdtke mail@danrl.com
…into luci-proto-wireguard
The original data model definition assumed data from a quad-core CPU, which caused errors with single- and dual-core processors. Adjust the data model to work with also them. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It runs over UDP. Signed-off-by: Dan Lüdtke mail@danrl.com
Signed-off-by: Dan Lüdtke <mail@danrl.com>
…into luci-proto-wireguard
| translate("Required. Base64-encoded private key for this interface.") | ||
| ) | ||
| private_key.password = true | ||
| private_key.datatype = "and(minlength(44),maxlength(44))" |
There was a problem hiding this comment.
Please use rangelength(44, 44) here
| translate("Public Key"), | ||
| translate("Required. Public key of peer.") | ||
| ) | ||
| public_key.datatype = "and(minlength(44),maxlength(44))" |
There was a problem hiding this comment.
Please use rangelength(44, 44)
| translate("Required. IP addresses and prefixes that this peer is allowed " .. | ||
| "to use inside the tunnel. Routes will be added accordingly.") | ||
| ) | ||
| allowed_ips.datatype = "or(ip6addr, ip4addr)" |
There was a problem hiding this comment.
You can use ipaddr here which accepts both IPv4 and IPv6 addresses
|
@jow- thank you for taking the time to review my PR. I committed the changes as requested. |
|
What will happen next? Who is responsible for the next step in the merging process? |
|
merged, thanks |
This certainly does look innovative and promising, but how does it compare to SoftEther, which makes similar performance claims? |
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
more useful than IPSec, while avoiding the massive headache. It intends to
be considerably more performant than OpenVPN. WireGuard is designed as a
general purpose VPN for running on embedded interfaces and super computers
alike, fit for many different circumstances.
It runs over UDP.
Signed-off-by: Dan Lüdtke mail@danrl.com