5.6: how to enable wireguard in "make menuconfig"

5.6: how to enable wireguard in "make menuconfig"

[Reindl Harald]

https://i.imgur.com/jcH9Xno.png
https://www.wireguard.com/compilation/

crypto wise i have in the meantime enabled everything and the same in
"networking options"

but "IP: WireGuard secure network tunnel" still don#t appear anywhere :-(

Re: 5.6: how to enable wireguard in "make menuconfig"

[Randy Dunlap]

On 3/30/20 1:37 AM, Reindl Harald wrote:
> https://i.imgur.com/jcH9Xno.png
> https://www.wireguard.com/compilation/
> 
> crypto wise i have in the meantime enabled everything and the same in
> "networking options"
> 
> but "IP: WireGuard secure network tunnel" still don#t appear anywhere :-(
> 

In menuconfig, go to Device Drivers and then
Network Device support. It should look like this:

  │ │    --- Network device support                                       │ │  
  │ │    [*]   Network core driver support                                │ │  
  │ │    < >     Bonding driver support                                   │ │  
  │ │    < >     Dummy net driver support                                 │ │  
  │ │    < >     WireGuard secure network tunnel


but it requires Networking support and Network Devices and INET (TCP/IP).

-- 
~Randy

Re: 5.6: how to enable wireguard in "make menuconfig"

[Reindl Harald]

Am 30.03.20 um 19:10 schrieb Randy Dunlap:
> On 3/30/20 1:37 AM, Reindl Harald wrote:
>> https://i.imgur.com/jcH9Xno.png
>> https://www.wireguard.com/compilation/
>>
>> crypto wise i have in the meantime enabled everything and the same in
>> "networking options"
>>
>> but "IP: WireGuard secure network tunnel" still don#t appear anywhere :-(
>>
> 
> In menuconfig, go to Device Drivers and then
> Network Device support. It should look like this:
> 
>   │ │    --- Network device support                                       │ │  
>   │ │    [*]   Network core driver support                                │ │  
>   │ │    < >     Bonding driver support                                   │ │  
>   │ │    < >     Dummy net driver support                                 │ │  
>   │ │    < >     WireGuard secure network tunnel
> 
> 
> but it requires Networking support and Network Devices and INET (TCP/IP)

thanks, i figured it out in the meantime

all the howtows with "Address" in [interface] like
https://wiki.archlinux.org/index.php/WireGuard don't work

figured that also out in my nested Vmware ESXi setup (firewall, clients,
wan) within Vmware Workstation :-)

seems to work like a charm with "ExecStart=/usr/sbin/ip route add
172.16.0.0/24 via 10.10.10.1 dev vpn-client" on the lcient side

---------------------------

[Unit]
Description=VPN Server
After=network-up.service

[Service]
Type=oneshot
RemainAfterExit=yes
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=strict
ReadWritePaths=-/run
ReadWritePaths=-/tmp
ReadWritePaths=-/var/tmp

ExecStart=/usr/sbin/ip link add vpn type wireguard
ExecStart=/usr/sbin/ip addr add 10.10.10.1/255.255.255.0 dev vpn
ExecStart=/usr/sbin/ip link set dev vpn up
ExecStart=/usr/bin/wg addconf vpn /etc/wireguard/vpn-server.conf

ExecStop=-/usr/sbin/ip link del vpn

[Install]
WantedBy=multi-user.target

---------------------------

# HOWTO GENERATE KEYS:
# umask 077; wg genkey | tee privatekey | wg pubkey > publickey
# wg genpsk > preshared

[Interface]
ListenPort = 51000
PrivateKey = ******

[Peer]
PublicKey  = +7k1cHdFoo47OfZOsauj0b7gfL/CEIUbgcx4tJK77ls=
AllowedIPs = 10.10.10.2/32

---------------------------