Posted: Fri May 05, 2023 12:15 Post subject: WireGuard in the kernel or userspace? Which kernels/builds?
I have some older travel routers that I'm looking to breathe some life into with WireGuard. I know that performance won't be great on slower processors, but for my purposes, getting 10 Mbps is fine. However I've read that WireGuard running in userspace is much slower (and probably not worth it), so I don't want to experiment with new, untested builds on some of these devices, and risk bricking them if I know in advance that they don't have WireGuard in the kernel.
From extensive reading and searching trying to answer this on my own, I know that WireGuard is in the Linux kernel as of 5.6, and that it can be added to older kernels through backporting.
My questions:
Is WireGuard implemented in the kernel despite even latest DD-WRT builds running Linux kernels below 5.0 (from what I see on new build reports)? If so, was WireGuard backported to specific Linux kernels and DD-WRT builds (and which ones)?
I should have phrased that better: I'm asking which specific kernels/builds (edited post to reflect this) have WireGuard in the kernel. I'm assuming it's kernel version dependent (I know different DD-WRT builds use different kernels depending on the hardware).
The hardware is the TP-Link TL-WR703N (Atheros AR9331).
WireGuard documentation is a sticky in this forum.
So just scroll up
Yes, one of the first things I read. The most relevant line is:
Quote:
WireGuard is usually available on routers with 8 MB Flash RAM or more (there are a few exceptions) and using at least Kernel 3.10 (so not on K2.6 builds).
Some Small target (4 MB flash using Kernel 3.10) also got WireGuard: https://svn.dd-wrt.com/changeset/51596
The WR703N seems to be one of the "small target" exceptions, though the changelog on the same page specifically says "Some Small target (4 MB flash) might get WireGuard" (emphasis mine, hence the uncertainty), which is why I've been trying to figure this out. The changeset number for the "small target" builds is 51596, so I'm assuming (perhaps wrongly) that those changes would be in build number higher than that. So if I want WireGuard on the WR703N, I won't get it with anything less than builds r51617 or higher?
More generally (i.e. for all hardware), it's not clear what build brought in WireGuard (in the kernel). If you search the database for compatible hardware, the latest build that always comes up (on hardware I've searched on) is v3.0 44715 (dated 11/03/2020). That build does list WireGuard in the notes. I'll note that the WireGuard page stickied in this forum starts its changelog with changeset 47259 (August 2021), only referencing a killswitch feature change. So when was WireGuard (in the kernel) actually added to DD-WRT?
I'm really trying to make sense of all this. Hopefully I've made clear that the documentation isn't itself particularly clear.
Please ignore the router database, there is nothing that can be done about this and completely out of our control.
First added does not matter, especially TL-WR703N it was February 8. Old builds not recommended, or supported.
Documentation is for new builds anyway also there are so many supported models but few can be recommended.
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Tue May 09, 2023 9:17 Post subject:
I always had a believe, WG is made to work on kernel space...and there is where its advantage comes from..no idea how its gonna be efficient if, its placed in user space, its the first time i hear about such a question... like that.. kernel space or user space ? _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
@kentchristopher can you confirm that WireGuard is indeed working on your router?
Latest and recommended build is 52459
Sorry for the late reply. I either missed or didn't get notifications of replies.
I haven't found WireGuard options in the GUI, and I even just upgraded to the latest build for the TL-WR703n (54517 dated 12/15/2023) to confirm. There's no Tunnels tab at all (where I've found WireGuard settings on other routers with DD-WRT), nor anything under Services -> VPN (only option is PPTP server and client - no OpenVPN).
It does appear to be in the kernel though, as the 'wg' command is responsive in telnet. Not ideal, but it's there. I haven't tested it.
On the bright side, the latest build seems to run without issues so far - at least for the purpose as a travel router (using "Station" radio mode; still getting used to the new radio mode names).
For reference, this build's kernel info:
Code:
Linux 3.10.108-d11 #147818 Fri Dec 15 06:45:32 +06 2023 mips.
Clear browser cache, reset and try again? _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Sat Dec 16, 2023 21:17 Post subject:
kentchristopher wrote:
egc wrote:
@kentchristopher can you confirm that WireGuard is indeed working on your router?
Latest and recommended build is 52459
Sorry for the late reply. I either missed or didn't get notifications of replies.
I haven't found WireGuard options in the GUI, and I even just upgraded to the latest build for the TL-WR703n (54517 dated 12/15/2023) to confirm. There's no Tunnels tab at all (where I've found WireGuard settings on other routers with DD-WRT), nor anything under Services -> VPN (only option is PPTP server and client - no OpenVPN).
It does appear to be in the kernel though, as the 'wg' command is responsive in telnet. Not ideal, but it's there. I haven't tested it.
On the bright side, the latest build seems to run without issues so far - at least for the purpose as a travel router (using "Station" radio mode; still getting used to the new radio mode names).
For reference, this build's kernel info:
Code:
Linux 3.10.108-d11 #147818 Fri Dec 15 06:45:32 +06 2023 mips.