WireGuard

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3, 4  Next
Author Message
KittyChampion
DD-WRT Novice


Joined: 19 Sep 2017
Posts: 23

PostPosted: Tue Nov 28, 2017 19:43    Post subject: WireGuard Reply with quote
Quote:
WireGuard, a Revolutionary VPN Project, Adds Support for Android ROMs

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

https://www.wireguard.com/

https://www.xda-developers.com/wireguard-vpn-project-support-android-roms/

https://forum.xda-developers.com/android/development/wireguard-rom-integration-t3711635

Quote:
Quote:
Have you been in contact with devs behind DD-WRT, AsusWRT-Merlin, Tomato, etc. to help them integrate it into their router firmwares? I'm interested in the improved security, but it won't be easier than OpenVPN for a lot of people until it's baked into their router.


As far as router firmware goes, in addition to the ordinary Linux distros, it's also integrated into OpenWRT/LEDE and EdgeOS. I haven't talked to the DD, Merlin, and Tomato people yet though. That's a good suggestion.


I just found about this on xda. What do you guys think?
Sponsor
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4354
Location: Germany

PostPosted: Tue Nov 28, 2017 19:57    Post subject: Reply with quote
Sounds good, but not widely supported, as you can see by their comparison, IPSec has great performance. IPSec support is all over the place. Android,iOS,Android natively support IPSec. Not sure how easy it is to auto generate the config for this new vpn solution.

Once I have time again, I'll work on IPSec again, last time I tested the integrated IPSec (in my builds) it just needed a few clicks to set it all up including client setup.

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
KittyChampion
DD-WRT Novice


Joined: 19 Sep 2017
Posts: 23

PostPosted: Tue Nov 28, 2017 20:45    Post subject: Reply with quote
Hi, Kong.

Which comparison are you referring to?

Edit: Ignore above question. I thought there is a comparison chart which shows IPSec having a greater performance than WireGuard. But you meant having a great performance, closer to WireGuard but significantly better than OpenVPN.



Thanks for the response.


Last edited by KittyChampion on Tue Nov 28, 2017 20:52; edited 1 time in total
d0ug
DD-WRT Guru


Joined: 31 Jul 2015
Posts: 774

PostPosted: Tue Nov 28, 2017 20:51    Post subject: Reply with quote
Never heard of them, I would definitely want to make sure that code were well audited before sticking it into the kernel of any device.
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 693

PostPosted: Tue Nov 28, 2017 20:51    Post subject: Reply with quote
<Kong> wrote:


Once I have time again, I'll work on IPSec again, last time I tested the integrated IPSec (in my builds) it just needed a few clicks to set it all up including client setup.


Some instructions on how to get it running would be good! As far as I understand you first enable freeradius and generate certificates. Not entirely clear if it's enough to then just enable IPSec server and transfer certificates to the clients. Not clear what to put in the ip/net field under "clients".

_________________
AC-68U rev. C1 on Build 41586
AC-68U rev. A1 on Build 41328
AC-68U rev. A1 on Build 41218
KittyChampion
DD-WRT Novice


Joined: 19 Sep 2017
Posts: 23

PostPosted: Tue Nov 28, 2017 20:59    Post subject: Reply with quote
d0ug wrote:
Never heard of them, I would definitely want to make sure that code were well audited before sticking it into the kernel of any device.


Quote:
WireGuard has been designed with ease-of-implementation and simplicity in mind. It is meant to be easily implemented in very few lines of code, and easily auditable for security vulnerabilities. Compared to behemoths like *Swan/IPsec or OpenVPN/OpenSSL, in which auditing the gigantic codebases is an overwhelming task even for large teams of security experts, WireGuard is meant to be comprehensively reviewable by single individuals.




I agree though.
diesel2k
DD-WRT User


Joined: 28 Dec 2009
Posts: 59

PostPosted: Wed Nov 29, 2017 10:56    Post subject: Reply with quote
<Kong> wrote:
Sounds good, but not widely supported, as you can see by their comparison, IPSec has great performance. IPSec support is all over the place. Android,iOS,Android natively support IPSec. Not sure how easy it is to auto generate the config for this new vpn solution.

Once I have time again, I'll work on IPSec again, last time I tested the integrated IPSec (in my builds) it just needed a few clicks to set it all up including client setup.


I would love a guide for this. I think some "easy" to setup IPSEC vpn is a huge miss in dd-wrt. Everyone on ios/mac os cannot use PPTP anymore.

_________________
Internet Router: Edgerouter ER-X v.1.10
Acces Point: R7000 v. Latest Kong
jwh7
DD-WRT Guru


Joined: 25 Oct 2013
Posts: 2371
Location: Indy

PostPosted: Wed Nov 29, 2017 13:11    Post subject: Reply with quote
d0ug wrote:
Never heard of them, I would definitely want to make sure that code were well audited before sticking it into the kernel of any device.
This isn't brand new; only the Android integration aspect (is now easy). The XDA article stated that Greg Kroah-Hartman (maintainer of various Linux kernel subsystems, for those that don't know) was involved in a code review with "a few" others:
Greg wrote:
...few of us did a "code walkthrough" of the wireguard kernel codebase, displaying it on a large screen and walking through the various functionality "here's the receive path, here's the transmit path, here's the cookie handling, etc." which was really informative and highly recommended. I could only stick around for 4 hours, but I saw the main portions, and the other participants finished out the rest a few hours later.

Now I'm trying out a "commercial" vpn who is offering wireguard nodes, to see how well that works out. So far it's just so much simpler to configure and run than any OpenVPN client so on that point alone it's worth it.

Also, "The WireGuard protocol...has been formally verified in the symbolic model using Tamarin" with details here:
https://www.wireguard.com/formal-verification/

_________________
# NAT/SFE/CTF: limited speed w/ DD # Repeater issues # DD-WRT info: FAQ, Builds, Types, Modes, Changes, Demo #
x64 OPNsense 19.7.7|FT2019.3: EA6900v1.1@1GHz, F7D8302|DD 41596: WNDR4500v2, WNDR4000@533, R6300v1,
E2500, E1500@353, WRT54*@250: GLv1.1 nsg, GSv6 µ, RT-N66U@663
|OEM: WGR614v10@400 -> WNR1000v3 mod
kooper2013
DD-WRT User


Joined: 10 Jan 2013
Posts: 60
Location: DE

PostPosted: Fri Jan 19, 2018 23:24    Post subject: WireGuard Reply with quote
WireGuard is coming in since
http://svn.dd-wrt.com/changeset/34416

Version of WG then was 0.0.20171221. Now BS is on it. LEDE is supporting it already.

I hope WG isn't too good to be true.

Currently only (?) Mullvad seems to support it yet officially.

_________________
3xBuffalo WLI-H4-D1300
1xBuffalo WZR-D1800H
1xBuffalo WHR-HP-G300N
1xBuffalo WHR-1166D (stock f/w)
1xASUS RT-AC87U
1xTP710
aventus
DD-WRT User


Joined: 02 May 2014
Posts: 60

PostPosted: Sat Jan 20, 2018 10:01    Post subject: Reply with quote
@kooper2013

Mullvad and azirevpn
kooper2013
DD-WRT User


Joined: 10 Jan 2013
Posts: 60
Location: DE

PostPosted: Sat Jan 20, 2018 12:22    Post subject: Reply with quote
aventus wrote:
@kooper2013

Mullvad and azirevpn


Thanks. Very interesting, AzireVPN has been somehow below my radar.

AND WireGuard currently is free at AzireVPN:

Quote:
WireGuard with AzireVPN is currently free for everyone

Everything has been running smoothly so far, and we are now interested in testing our WireGuard infrastructure at larger scale. We have therefore decided to open up our WireGuard servers for free. Simply sign up to connect to all of our WireGuard endpoint locations!


Cheers.

_________________
3xBuffalo WLI-H4-D1300
1xBuffalo WZR-D1800H
1xBuffalo WHR-HP-G300N
1xBuffalo WHR-1166D (stock f/w)
1xASUS RT-AC87U
1xTP710
labo
DD-WRT Guru


Joined: 30 Jan 2015
Posts: 673
Location: Texas, USA

PostPosted: Sun Jan 21, 2018 0:52    Post subject: Reply with quote
Cant't wait... Pretty impressive benchmark:
_________________
1 X R7800: Main gateway( r39855M kongat (05/25/19)
1 X RAX120 WAP Bridge
1 X RAX75 WAP Bridge
1 X R7800 Mesh
2 X R9000 Mesh
1 X R8000: Repeater bridge
1 X R8500: Client bridge (RB doesn't work on R8500)
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 693

PostPosted: Wed Jan 31, 2018 14:51    Post subject: Reply with quote
Anyone tried it? Have viewed some of BS changes in the SVN and WireGuard seems to replace "eoip-networking" which I've never tried. WireGuard seems promising. If it works well I'll replace a couple of OpenVPN bridges with it when available.
_________________
AC-68U rev. C1 on Build 41586
AC-68U rev. A1 on Build 41328
AC-68U rev. A1 on Build 41218
aventus
DD-WRT User


Joined: 02 May 2014
Posts: 60

PostPosted: Fri Feb 02, 2018 16:34    Post subject: Reply with quote
Any news on wireguard with ddwrt?
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 693

PostPosted: Mon Feb 05, 2018 10:56    Post subject: Reply with quote
Upgraded one of my routers to Kong newest build (34790). Noticed that the tab named eoip-tunnel is now called “tunnel”. This under the “Setup” tab.
There are two alternative tunnels selectable. Suspect the first alternative is WireGuard.
Have no information on how to setup though.
When I setup a second router with a recent build and have time to spare I’ll look into it further.

_________________
AC-68U rev. C1 on Build 41586
AC-68U rev. A1 on Build 41328
AC-68U rev. A1 on Build 41218
Goto page 1, 2, 3, 4  Next Display posts from previous:    Page 1 of 4
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum