spksrc icon indicating copy to clipboard operation
spksrc copied to clipboard
verified publisher icon SynoCommunity

[Package Request] Wireguard

Open r-chris opened this issue 7 years ago • 7 comments

Name: Wireguard Description: General purpose VPN for running on embedded interfaces and super computers alike Website: https://www.wireguard.com Software documentation: https://www.wireguard.com/quickstart/ Build/Installation documentation: https://www.wireguard.com/install/#compiling-from-source Source code: https://git.zx2c4.com/WireGuard/ License: GPLv2 (https://git.zx2c4.com/WireGuard/about/COPYING)

r-chris avatar Apr 20 '19 03:04 r-chris

Hi there!

We have started on a build here: #3646 but it still needs testing and additional scripts to make the binary more useful.

publicarray avatar Apr 26 '19 05:04 publicarray

Sounds great - I’ll take a look

r-chris avatar Apr 26 '19 06:04 r-chris

@publicarray I'd like to run a Wireguard VPN client on my RT2600ac. Is this in a state that I could try to deploy it there?

pdblood avatar Apr 14 '21 05:04 pdblood

@pdblood The binaries should work, but IMHO it's not production ready. https://seby.io/download/synology-rt2600ac/wireguard_ipq806x-1.2_1.0.20210219-1.spk

You may also look at https://github.com/runfalk/synology-wireguard instead

publicarray avatar Apr 17 '21 10:04 publicarray

The reason I'm uncomfortable recommending to use in production is that I had a kernel crash a long time ago. Using kernel modules can be dangerous. Even the repo I liked to has a large disclaimer for what I assume is a similar reason,

publicarray avatar Apr 17 '21 10:04 publicarray

@publicarray thanks for the Wireguard package and information. To provide a bit more background: I am trying to get Wireguard to run as a VPN client to a remote VPN service like Mullvad from my RT2600ac, but there are certain dependencies in wg-quick that do not work on SRM when used in this scenario.

I was able to build my own .spk package using your wireguard branch, and package some of these dependencies with the .spk package (including bash and openresolv), but now I am hitting an issue that appears to be caused by lack of kernel support for addrtype netfilter module in the SRM kernel:

SynologyRouter> wg-quick up /var/packages/wireguard/target/var/wg0.conf
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /proc/self/fd/63
[#] ip -4 address add XX.XX.XXX.XXX/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] /var/packages/wireguard/target/sbin/resolvconf -a wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
**[#] iptables-restore -n
iptables-restore v1.6.0: Couldn't load match `addrtype':No such file or directory

Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.**
[#] /var/packages/wireguard/target/sbin/resolvconf -d wg0 -f
[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
[#] ip link delete dev wg0

Is this a show-stopper, or might it be possible to build and load the missing addrtype netfilter module, or even rebuild the SRM kernel with this option enabled? Any pointers you can provide would be appreciated.

pdblood avatar May 01 '21 14:05 pdblood

I'm here to vouch for https://github.com/runfalk/synology-wireguard you should certainly pull that project in...

I'm running it already, though I had to do a manual install. greetings.

naringas avatar Dec 07 '22 18:12 naringas