Re: DMKS failed after Kernel Upgrade to 4.4.0-161-generic on Ubuntu 16.04 LTS

2019-09-06 Thread Egbert Verhage 
Hey Markus, 

It shoud be fixed now! Just updated the ppa package en it shoud work.

Greetz,
Egbert

On Fri, 2019-09-06 at 17:00 +0200, Markus Grundmann wrote:
> No! No! Jason! You do not have to apologize. I think we have to
> thank 
> you for WireGuard!
> 
> -Markus
> 
> Am 2019-09-06 16:06, schrieb Jason A. Donenfeld:
> 
> > Sorry for the hassle. I'm not happy about the situation either, but
> > it
> > is what it is. Ubuntu isn't the best distro to deal with
> > unfortunately.
> > 
> > I'll poke Egbert again to see if he can hurry up.


signature.asc
Description: This is a digitally signed message part
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Problems with kernel 4.15 on Ubuntu Bionic & Xenial

2018-11-18 Thread Egbert Verhage 
Hey Jason,

I just got 2 reports with problems on ubuntu with 4.15 kernel.

When their are loading in the kernel module it wil crash on: 

wireguard: Unknown symbol poly1305_blocks_avx (err 0)
wireguard: Unknown symbol poly1305_emit_avx (err 0)
wireguard: Unknown symbol poly1305_blocks_avx512 (err 0)
wireguard: Unknown symbol chacha20_avx512vl (err 0)
wireguard: Unknown symbol chacha20_avx2 (err 0)

Ref: https://gist.github.com/EggieCode/64d4cd4177abc42f6d347ec7b19f931b

I just install a fresh ubuntu xenial with kernel 4.15 and it works just
fine.

Any clue what problem kan be?

Greetz,
Egbert


signature.asc
Description: This is a digitally signed message part
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: decoupling version dependencies from metapackage in debian/ubuntu?

2018-01-19 Thread Egbert Verhage 
On Fri, 2018-01-19 at 14:21 +0100, Jason A. Donenfeld wrote:
> Hey Egbert, Daniel,
> 
> Someone in #wireguard is getting weird errors about version
> dependencies between packages. I started looking into it and noticed
> the strong coupling between the metapackage version and the other two
> packages' versions.
> 
> The users' issue seems mostly like an Ubuntu problem: they build
> _all,
> _amd64, and _x86 immediately, but delay the other architectures until
> later. So, the user in #wireguard was using an aarch64 board, which
> pulled in the newer _all package, but that package was unable to
> subsequently satisfy its architecture-specific dependencies, since
> they hadn't been built yet. Annoying Launchpad bug; news at 11.

This sucks and most strangest about it that it states that it starts in
17 hours.
https://launchpad.net/~wireguard/+archive/ubuntu/wireguard/+build/14252
241

Even with a simple test on my personal PPA is states that I starts in
20 hours. 

> 
> But regardless of Launchpad particularities, I was wondering what the
> motivation is for coupling versions together. Since the Netlink
> changes, there should be compatibility between the tools and the
> module. Does that mean it's not useful for the metapackage to do
> strong coupling? Or is there some other factor this is accounting for
> that I don't know about.
> 

If you want the merge the 2 packages it can be a bit tricky.
First of you need to remove the old packages wireguard-dkms and
wireguard-tools by the next upgrade and sure not the overwire any
config and not to create conflicts with the old dpkg package.

Second thing is that not everybody installs dkms and tools package, for
example in a lxd containers I only install wireguard-tools to init a
wireguard interface.

Besides that packages like virtualbox have a extra package for dkms if
what that, it does not depend on the dkms package.

Maybe for now remove the metapackage in the PPA?

Greetz,
Egbert
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: WireGuard in systemd-networkd

2018-01-12 Thread Egbert Verhage 
Hey dkg,

I wanted to do the same thing with the meta package, so I have included
your patch in the ubuntu ppa repo.

I have pushed the packages to the PPA, so will be up in 10min.

Here the commit with the meta package patch:
https://github.com/EggieCode/wireguard-ppa/commit/1c502977301cfc1695996
ba68fa260576f0f0cad

Thanks dkg for the patch!

Greetz,
Egbert

On Thu, 2018-01-11 at 18:38 -0500, Daniel Kahn Gillmor wrote:
> On Thu 2018-01-11 16:02:30 +0100, Jason A. Donenfeld wrote:
> > On Thu, Jan 11, 2018 at 2:43 PM, Daniel Kahn Gillmor
> >  wrote:
> > > Matthias was suggesting a simply-named meta-package: just
> > > "wireguard",
> > > which would ensure that both wireguard-dkms and wireguard-tools
> > > are
> > > installed.  The advantage there is that you can tell people to
> > > do:
> > > 
> > >apt install wireguard
> > > 
> > > and apt make sure the system has the common setup by default :)
> > 
> > This is a great idea. Let me know if you wind up making this. I've
> > added Egbert to the CC so that he can make an identical change in
> > the
> > Ubuntu PPA.
> 
> I've just uploaded this arrangement to debian, but it needs to clear
> the
> NEW queue, which can take a little while.
> 
> You should be able to follow the NEW queue here:
> 
>https://ftp-master.debian.org/new.html
> 
> Egbert (or any other packager for a debian derivative) can see my
> packaging here, if they're interested:
> 
>https://salsa.debian.org/debian/wireguard
> 
> in particular:
> 
>https://salsa.debian.org/debian/wireguard/commit/cc3cab4b799a64e9c
> 74985da627fc85ba0ee2cc8
> 
> as always, I welcome feedback and suggestions for other improvements.
> 
> Regards,
> 
> --dkg
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Advising in packages to load new module or reboot

2017-08-09 Thread Egbert Verhage 
Hey Jason,

Ow, that it is a common problem.
I think your patch is a nice updated.

So I got some time left and build a patch (pull request) on github
here: https://github.com/EggieCode/wireguard-ppa/pull/24

Let me known what you think.

Greetz,
Egbert

On Wed, 2017-08-09 at 01:16 +0200, Jason A. Donenfeld wrote:
> Hey guys,
> 
> I've noticed that around 60% of emails and IRC messages I get about
> WireGuard issues are due to:
> 
> 1) forgetting to `rmmod wireguard && modprobe wireguard` after
> updating
> 2) installing new kernel headers, removing old kernel headers,
> updating
>wireguard, and then having the module built for the newer kernel
> and
>forgetting to reboot
> 3) not having any headers installed
> 
> I don't really know the best generic solution for (3), since
> different
> distros and distro-derivatives (armbian,raspian,archlinuxarm,etc)
> seem
> to express these dependencies in different ways, or not at all. But I
> do
> have an idea to pretty easily address (1) and (2). I've just added
> the
> below to the Gentoo ebuild:
> 
> + if [[ $(uname -r) != "${KV_FULL}" ]]; then
> + ewarn
> + ewarn "You have just built WireGuard for kernel ${KV_FULL},
> yet the currently running"
> + ewarn "kernel is $(uname -r). If you intend to use this
> WireGuard module on the currently"
> + ewarn "running machine, you will first need to reboot it
> into the kernel ${KV_FULL}, for"
> + ewarn "which this module was built."
> + ewarn
> + elif [[ -f /sys/module/wireguard/version ]] && \
> +  old="$(< /sys/module/wireguard/version)" && \
> +  new="$(modinfo -F version
> "${ROOT}/lib/modules/${KV_FULL}/net/wireguard.ko" 2>/dev/null)" && \
> +  [[ $old != "$new" ]]; then
> + ewarn
> + ewarn "You appear to have just upgraded WireGuard from
> version v$old to v$new."
> + ewarn "However, the old version is still running on your
> system. In order to use the"
> + ewarn "new version, you will need to remove the old module
> and load the new one. As"
> + ewarn "root, you can accomplish this with the following
> commands:"
> + ewarn
> + ewarn "# rmmod wireguard"
> + ewarn "# modprobe wireguard"
> + ewarn
> + ewarn "Do note that doing this will remove current
> WireGuard interfaces, so you may want"
> + ewarn "to gracefully remove them yourself prior."
> + ewarn
> + fi
> 
> There's a bit of Gentoo-specific stuff in there, but the general idea
> is
> that I first check to see if the module is being built for the
> current
> kernel or a different one, and then I check whether an older module
> is
> loaded than the one just built. It might be slightly trickier to
> accomplish this with DKMS, but I think still it's possible.
> 
> Any thoughts on this pattern?
> 
> Jason
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Debian-based configuration for wireguard

2017-07-11 Thread Egbert Verhage 
Hey dkg,
 

On Mon, 2017-07-10 at 17:20 -0400, Daniel Kahn Gillmor wrote:
> 
> thanks for these pointers, Egbert!
> 
> i have a few questions about the proposed modification for ifupdown:
> 
>  * do we really want this to be a new interface type instead of
>extending the capabilities of some other configuration type?
Was easy for me to recognize the wireguard interface as a config type
in a network/interface config.
And wanted to learn how the package of ifupdown work.
> 
>  * if we can't just extend an existing type, wireguard seems more
>analogous to the "tunnel" type than to the "static" type, which is
>what this seems to have evolved from.
Indeed it is just a copy of the static type and I have not seen the
tunnel type.
> 
>  * it looks to me like configuring a wireguard link this way will
>require an entry in /etc/network/interfaces (or interfaces.d)
> *and* a
>config file in /etc/wireguard/*.conf.  It seems like it would be
>cleaner to have all the configuration in one place, no?
Yes I would be cleaner, but the config of wg can change so I have keep
it separate.
> 
>  * would you consider submitting these changes to ifupdown in the
> debian
>BTS?  Is there a reason that they should remain in your PPA?
Nop, just a proof of concept (My case used with ansible to rollout ~10
machines). 
> 
> fwiw, some of us do also run debian systems without ifupdown these
> days.
> I'm looking forward to systemd-networkd integration personally :)
Me to, I hope in the next ubuntu lts ifupdown has been replaced with
systemd-networkd. Then works _network-online.target_ proper in a
systemd service. (And ofc the wg is in the main stream kernel).

I made the update to ifupdown when wg-quick was not around.
Besides that, the only thing I don't like about wg-quick if you put
0.0.0.0 in the AllowedIPs it automaticly make a default route to the wg
endpoint.

Greetz,
Egbert
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Debian-based configuration for wireguard

2017-07-10 Thread Egbert Verhage 
Hey Baptiste,

Jep, I did that.
See the ifupdown package of my own wireguard ppa:

https://launchpad.net/~eggiecode/+archive/ubuntu/wireguard

And here is the diff:
http://test.egbert.online/diff_ifupdown_ppa.txt


Greetz,
Egbert


On Mon, 2017-07-10 at 04:53 +0200, Jason A. Donenfeld wrote:
> On Sun, Jul 09, 2017 at 11:17:04PM +, jomat+wireguard...@jmt.gr
> wrote:
> > Nice! I also don't like wg-quick too much, but also dislike the
> > pre-/post-/-up/-down directives in my /etc/network/interfaces, so
> > I put this script to /etc/network/if-pre-up.d/ and if-post-down.d
> > which could work for Debian, too:
> > 
> > https://github.com/jomat/aports/blob/master/testing/wireguard/wireg
> > uard.ifupdown
> 
> I think Egbert might have also written an ifupdown thing? Adding him
> to
> the CC in case you guys want to standardize on one Debian way of
> doing
> things?
> 
> Jason
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Repo broken?

2017-05-26 Thread Egbert Verhage 
Hey Steve,

That is because in the beging of the ppa repo we only had support for
kernel >4.1.

On snapshot: 0.0.20170409 we got support for 3.16, 3.14, 3.12, 3.10.
And precise has kernel 3.2 (OLD!) and since April 28, 2017 precise is
eol.

Best way to run wireguard on ubuntu is run xenial or a higher release.

Greetz,
Egbert


On Fri, 2017-05-26 at 10:26 -0700, Steve Pagan wrote:
> I cannot download the required packages to my system. I get a 404
> error:
> 
> W: Failed to fetch http://ppa.launchpad.net/wireguard/wireguard/ubunt
> u/dists/precise/main/source/Sources  404  Not Found
> 
> W: Failed to fetch http://ppa.launchpad.net/wireguard/wireguard/ubunt
> u/dists/precise/main/binary-amd64/Packages  404  Not Found
> 
> W: Failed to fetch http://ppa.launchpad.net/wireguard/wireguard/ubunt
> u/dists/precise/main/binary-i386/Packages  404  Not Found
> 
>  
>  World's First Endpoint-Aware Application Delivery Solution
> Steve Pagan 
> Network Engineer - Operations
> 
> Phone: 650-919-8856 | Email: spa...@instartlogic.com 
> Instart Logic | 450 Lambert Ave, Palo Alto, CA 94306
> | instartlogic.com 
> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: wireguard-tools Ubuntu package missing the binaries; Fixed

2017-04-16 Thread Egbert Verhage 
Hey Ryan,

Fixed it. New build (0.0.20170409-wg2~xenial, 0.0.20170409-
wg2~yakkety,) is live on the PPA.

Can you test this for me?

Thanks Jonathon, for that solution.

Greetz,
Egbert


On Sun, 2017-04-16 at 12:24 +0100, Jonathon Fernyhough wrote:
> On 16/04/17 12:06, Ryan Riley wrote:
> > The i386 wireguard-tools package on the PPA for Ubuntu Xenial
> > doesn't
> > actually contain any of the binaries, just documentation.
> 
> It's not just i386 - each of the arm and ppc64 packages are also
> missing
> binaries.
> 
> Debian's packages (and my testing backports based on those) don't
> have
> that issue - might be time to check a diff or do a merge. :)
> 
> Looks like it's down to `make install`ing the tools during install-
> indep
> rather than install-arch.
> 
> 
> Working (Debian use a different flags setup, that's not the important
> bit):
> 
> > override_dh_auto_install-indep:
> > $(MAKE) -C src DESTDIR=../debian/wireguard-dkms
> > DKMSDIR=/usr/src/wireguard-$(DEB_VERSION)/ dkms-install
> > 
> > override_dh_auto_build-arch:
> > $(MAKE) -C src/tools $(WIREGUARD_ARGS)
> > 
> > override_dh_auto_install-arch:
> > $(MAKE) -C src/tools DESTDIR=../../debian/wireguard-tools
> > $(WIREGUARD_ARGS) install
> 
> 
> Non-working:
> 
> > override_dh_auto_install-indep:
> > $(MAKE) -C wireguard-src/src
> > DESTDIR=$(CURDIR)/debian/wireguard-dkms DKMSDIR=/usr/src/wireguard-
> > $(DEB_VERSION_UPSTREAM)/ dkms-install
> > $(MAKE) -C wireguard-src/src/tools
> > DESTDIR=$(CURDIR)/debian/wireguard-tools WITH_SYSTEMDUNITS=yes
> > WITH_WGQUICK=yes WITH_BASHCOMPLETION=yes install
> > 
> > override_dh_auto_build-arch:
> >     $(MAKE) -C wireguard-src/src/tools
> 
> 
> 
> J
> 
> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: wg binary in armhf deb from ppa missing; armbian with Allwinner A20 chip modprobe wg not working

2017-02-19 Thread Egbert Verhage 
Hey Alex,

The Banana PI boards here an Allwinner chip, which not great with the
Linux Kernel. All the kernels are custom builds (most of the time) to
include support for the chips/boards.
From my experience the builds of armbian have the best images (Mind the
I have Banana PI M2, with an Allwinner A31S).

I can't help furder with wg on BananaPi board, sorry. Maybe somone else
in the mailing can help.

For the PPA package I need to figure out how the let him include make
install of wg/tools for armhf/arm64.

Greetz,
Egbert


On 2017-02-19 17:29, Alexander Morlang wrote:
> Hi,
> building on armhf reveals some effects i don’t understand:
> On my raspi3 with raspian and kernel
> uname -a
> Linux raspberrypi 4.4.38-v7+ #938 SMP Thu Dec 15 15:22:21 GMT 2016 armv7l 
> GNU/Linux
> kernelmodule are building just fine an the module loads. i had no time for 
> testing it, but it builds.
>
> On Banana Pro with armbian an kernel
> uname -a
> Linux bananapipro 4.9.7-sunxi #1 SMP Thu Feb 2 01:52:06 CET 2017 armv7l 
> armv7l armv7l GNU/Linux
> it’s building, but the module will not load:
>
> sudo modprobe wireguard 
> modprobe: ERROR: could not insert 'wireguard': Exec format error
>
> modinfo wireguard 
> filename:   /lib/modules/4.9.7-sunxi/extra/wireguard.ko
> alias:  rtnl-link-wireguard
> author: Jason A. Donenfeld <ja...@zx2c4.com>
> description:Fast, secure, and modern VPN tunnel
> license:GPL v2
> depends:udp_tunnel,ip6_udp_tunnel,x_tables
> vermagic:   4.9.7-sunxi SMP mod_unload ARMv7 thumb2 p2v8 
>
> In dmesg, it shows:
> [ 1404.917772] wireguard: loading out-of-tree module taints kernel.
> [ 1404.919392] wireguard: unknown relocation: 102
>
> Next i will try with bananian and 4.4 kernel.
>
> Gruß, Alex
>
>> Am 19.02.2017 um 15:51 schrieb Egbert Verhage <egb...@eggiecode.org>:
>>
>> Hey Alex,
>>
>> Ow, I never tested the package on armhf. I will give test it tomorrow on
>> my own Banana Pi 2 and Raspberry pi 2.
>>
>> If you are running the image of lemaker on your banana pi, maybe try
>> first to build the package from the git repo.
>>
>> Greetz,
>> Egbert
>>
>>
>> On 2017-02-19 02:14, Alexander Morlang wrote:
>>> Hi,
>>> used the launchpad ppa in xenial on armhf (Banana Pro). 
>>> The wireguard-tools packet installed only /usr/share/doc
>>>
>>> Is this a known problem?
>>>
>>> I downloaded the
>>> https://launchpad.net/~wireguard/+archive/ubuntu/wireguard/+files/wireguard-tools_0.0.20170214-wg1~xenial_armhf.deb
>>> and hat a look with dpkg -c , getting the same result of no binary in 
>>> the packet.
>>>
>>> regards, Alex
>>> ___
>>> WireGuard mailing list
>>> WireGuard@lists.zx2c4.com
>>> https://lists.zx2c4.com/mailman/listinfo/wireguard
>> ___
>> WireGuard mailing list
>> WireGuard@lists.zx2c4.com
>> https://lists.zx2c4.com/mailman/listinfo/wireguard
> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard



signature.asc
Description: OpenPGP digital signature
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: wg binary in armhf deb from ppa missing

2017-02-19 Thread Egbert Verhage 
Hey Alex,

Ow, I never tested the package on armhf. I will give test it tomorrow on
my own Banana Pi 2 and Raspberry pi 2.

If you are running the image of lemaker on your banana pi, maybe try
first to build the package from the git repo.

Greetz,
Egbert


On 2017-02-19 02:14, Alexander Morlang wrote:
> Hi,
> used the launchpad ppa in xenial on armhf (Banana Pro). 
> The wireguard-tools packet installed only /usr/share/doc
>
> Is this a known problem?
>
> I downloaded the
> https://launchpad.net/~wireguard/+archive/ubuntu/wireguard/+files/wireguard-tools_0.0.20170214-wg1~xenial_armhf.deb
> and hat a look with dpkg -c , getting the same result of no binary in 
> the packet.
>
> regards, Alex
> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Error install via apt-get on ubuntu16.04

2017-01-02 Thread Egbert Verhage 

Hey Chen,

It is solved!

Greetz,
Egbert


On 2017-01-02 12:47, Egbert Verhage wrote:


Hey Chen,

Looking in to it right now!

Is it Ubuntu Xenial or Yakkety?

Greetz,
Egbert


On 2017-01-02 12:44, chen hao wrote:

Building only for 4.4.0-57-generic
Building initial module for 4.4.0-57-generic
Error! The directory /var/lib/dkms/wireguard/0.0.20161218/source/
does not appear to have module source located within it.  Build halted.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Error install via apt-get on ubuntu16.04

2017-01-02 Thread Egbert Verhage 

Hey Chen,

Looking in to it right now!

Is it Ubuntu Xenial or Yakkety?

Greetz,
Egbert


On 2017-01-02 12:44, chen hao wrote:

Building only for 4.4.0-57-generic
Building initial module for 4.4.0-57-generic
Error! The directory /var/lib/dkms/wireguard/0.0.20161218/source/
does not appear to have module source located within it.  Build halted.


My uname
Linux LA-Ubuntu 4.4.0-57-generic #78-Ubuntu SMP Fri Dec 9 23:50:32 UTC 
2016 x86_64 x86_64 x86_64 GNU/Linux


--
chen hao
Sent with Airmail


___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard


___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Wireguard package, changed naming

2016-11-18 Thread Egbert Verhage 

Hey ?,

First of if you want to change something to the PPA, what is public and 
advertised on the website, make it public. In de mailing list and to me.


I'm fine with the change of ubuntu suffix to wg.
ifupdown packages is included to add wireguard network/interfaces. 
Usefull if you are using a ansible to deploying on multiple machine.


I never used bzr, that is the reason why I use git. To setup the repo 
multiple for distros just use git branches.
The code is in git: https://git.launchpad.net/wireguard, and is uses git 
submodule for the wireguard source. Then you just checkout the lastest 
snapshot and change the changelog and commit,push that.


If you are subscribed to the mailing list of wireguard, then you get an 
email that there is a new snapshot available.


Greetz,
Egbert

On 2016-11-18 12:31, Anonymous Anonymous wrote:
I changed wireguard package naming from ubuntu1 to wg1, hope you not 
against it. Since only ubuntu official repository packages could be 
with ubuntu naming.

And we don't need libmnl dependency, only libmnl-dev.
As for ifupdown, I have no idea what it doing in PPA. Is there some 
issues with wireguard regarding ifupdown?
And, I have no access to bzr, but I don't use since its auto-importing 
from git, when commits sign broken anyway. I figured what you talked 
about change maintainer, you was talking about launchpad team, not a PPA.

 I changed both maintainer and driver to teamname itself.
P.S.: I included your email for snapshot tags in my email bot 
settings. It just send notification when new version (snapshot in our 
case) out.


___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Hosting Companies with Dishonest CPUID [Was: Re: Seeking Ubuntu PPA Maintainer]

2016-11-16 Thread Egbert Verhage 

:D. That is great solution, thank you!


On 2016-11-16 16:05, Jason A. Donenfeld wrote:

https://git.zx2c4.com/WireGuard/commit/?id=34df71964861e7ea5f542bac0225c8b82bb8d9b2

This commit should work around things.


___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Hosting Companies with Dishonest CPUID [Was: Re: Seeking Ubuntu PPA Maintainer]

2016-11-16 Thread Egbert Verhage 

Hey Jason,

The service/hardware is great. But it is a problem with the raid6 module 
on the host.
That uses AVX/AVX2. PCExtreme hasalready blacklisted AVX because all of 
the virtual machines crashes with it enabled.


I'm the only complaining about AVX2 crashing on the machines, so 
therefore it is not yet blacklisted.


Just sended a email to them, waiting on response. Wanted to add the 
mail, but it is in dutch. I don't know if you can read that.


Greetz,
Egbert


On 2016-11-16 15:14, Jason A. Donenfeld wrote:

Hey Egbert,

I'm glad that my avx2disabler module worked for you. I believe it
would be in your interest to pressure the hosting provider into either
reenabling AVX, or fixing their CPUID to report correct information.
CPUID is the kernel's only means of judging capabilities, and if the
[virtual] hardware lies, it is impossible to make a reliable operating
system.

Jason

On Wed, Nov 16, 2016 at 11:03 AM, Egbert Verhage <egb...@eggiecode.org> wrote:

Hey Jason,

The kernel module worked for my. ([1020751.674357] AVX2 disabler loaded:
1 -> 0)
Going to update the PPA to remove my disable of AVX2.

The problem is that the hosting company hides the cpuuid, but from the
call with the sysadmin it is a XEON E5-2??? v3.

Greetz,
Egbert


On 2016-11-16 02:31, Jason A. Donenfeld wrote:

Hey Egbert,

On Wed, Nov 16, 2016 at 1:34 AM, Egbert Verhage <egb...@eggiecode.org> wrote:

I mailed/called with one of the sys admins and discussed with him about the
problem in the AVX2 extention.
I think I'm going to mail/call the hosting company again.

It seems like the crux of the issue is that if they disable AVX2
instructions, they need to make this known in the CPUID. Otherwise the
operating system will assume it's there when it isn't.


Can give you a vps if you want to. Just 3 euro the month.

See the attached tarball. Compile the kernel module in there and load
it BEFORE WireGuard. You might have to manually unload wireguard for
this to work: "rmmod wireguard && insmod ./avx2disabler.ko && modprobe
wireguard", for example. It should disable avx2 inside the kernel,
solving the issue.

Jason


___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Seeking Ubuntu PPA Maintainer

2016-11-16 Thread Egbert Verhage 

Hey Deniel,

Thank your for the support.

I was search for the git repo of the debian package, thank you for the link.
Besides that only difference between ours repo's is that I use a 
submodule for the wireguard source.


Git repo: https://git.launchpad.net/wireguard?h=master

Greetz,
Egbert

On 2016-11-16 07:45, Daniel Kahn Gillmor wrote:

Hi Egbert--

On Wed 2016-11-16 09:34:12 +0900, Egbert Verhage wrote:

I just copyed the debian folder of the experimental package of the
debian repo.

I'm the package maintainer in debian.  Glad to hear that my packaging
work has been useful for you.

If you're tracking the debian packaging, you might also be interested in
the revision control history of it:

 git clone https://anonscm.debian.org/git/collab-maint/wireguard.git

If you find that there are specific changes to the debian packaging that
you find useful when packaging for ubuntu, i'd be happy to hear about
them.  Also, if you run into packaging difficulties and want someone to
brainstorm with, feel free to reach out.

Regards,

 --dkg


___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Seeking Ubuntu PPA Maintainer

2016-11-15 Thread Egbert Verhage 
On 2016-11-16 01:12, Jason A. Donenfeld wrote:
> Hey Egbert,
>
> Great to see! How much does this deviate from debian's? As far as I
> can tell, you should be able to keep things basically the same.
I just copyed the debian folder of the experimental package of the
debian repo.
Left all the copyrights intact and added my name.
> This isn't okay. Downstream packages really shouldn't be applying
> patches like that. If you revert that, I can list this as the primary
> PPA for WireGuard. With that said, let's actually try to fix this
> issue for good...
Can't agree more, but I wanted to test it and deploy it with ansible,
that was the simplest solution.
> AVX2 is advertised through CPUID. Is it possible that your VPS passes
> through the CPUID from the host while not supporting all instructions?
> Or perhaps, rather, fakes a CPUID that isn't the host's, while only
> supporting instructions of the host? Very mysterious. What hosting
> company is this? Is there a chance I can poke around at this setup? Do
> you know if it's KVM or Xen or VMWare or something else?
It is hosted at PCexterme, dutch company. Cheap and good service. The
use KVM with CloudStack on top of it.
I mailed/called with one of the sys admins and discussed with him about
the problem in the AVX2 extention.
He told me that they disabled AVX already because of the raid 6 system.
It crashes the whole KVM host.

Can give you a vps if you want to. Just 3 euro the month.
> If it turns out that your VPS host just does something horrible, I'll
> look for a way to globally disable kernel usage of AVX2, without
> having to patch WireGuard like that.
If I can found the kernel parmameter for that, I will.
> If it's particular to the host,
> perhaps we can come up with either a particular kernel module to do
> the disabling, or some ungodly hack to /dev/kmem...
You are going above my intellect of the kernel at this point.
>  Are you compiling
> your own kernel for this system, or just using stock Ubuntu kernel?
No not yet. I was planning on this email to tell your my ppa / kernel
problem.
> I'm pretty sure, by the way, that we're using the right detection
> function within WireGuard, seeing as every other place in the tree
> uses the same thing:  
* lib/raid6/avx2.c
* 36: return boot_cpu_has(X86_FEATURE_AVX2) &&
boot_cpu_has(X86_FEATURE_AVX);
I think I'm going to mail/call the hosting company again.
> Thanks a bunch for helping out.
You to with this great this VPN.
> Jason
> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/wireguard

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Seeking Ubuntu PPA Maintainer

2016-11-15 Thread Egbert Verhage 
On 2016-11-15 21:44, Jason A. Donenfeld wrote:
> Hey folks,
>
> Looks like there are various Ubuntu PPAs for WireGuard floating
> around. I'd like to officially endorse one on the install section of
> the website. Is anybody interested in being the Ubuntu downstream for
> WireGuard?
>
> Thanks,
> Jason
> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/wireguard

Hey Jason,

I'm trying to maintain one now, but it is my first one and trying to
keep it up to date.
https://launchpad.net/~eggiecode/+archive/ubuntu/wireguard

Testing it constantly on 4 of my servers and works it great!
Even added a patch for ifupdown to setup WireGuard in
/etc/network/interfaces

The only downside is that I disabled AVX2 cpu extention in the code,
because of kernel panics on VPS's by a hosting company
(https://eggiecode.org/wg-kernel-panic.png).

Greetz,
Egbert Verhage

Below example config of wireguard in network/interfaces

iface wg0 inet wireguard
netmask 255.255.255.0
address 192.168.2.254
wg_config /etc/network/wg0.ini

up ip -4 route add 10.20.1.0/24 dev wg0
pre-down ip -4 route del 10.20.1.0/24 dev wg0
up ip -4 route add 10.20.3.0/24 dev wg0
pre-down ip -4 route del 10.20.3.0/24 dev wg0
up ip -4 route add 10.20.2.0/24 dev wg0
pre-down ip -4 route del 10.20.2.0/24 dev wg0

iface wg0 inet6 wireguard
netmask 64
address fd4a:2831:fc20:f528:fe::1

up ip -6 route add 2001:41d0:2:5c39::/64 dev wg0
pre-down ip -6 route del 2001:41d0:2:5c39::/64 dev wg0
up ip -6 route add 2a00:f10:700:5f::/60 dev wg0
pre-down ip -6 route del 2a00:f10:700:5f::/60 dev wg0
up ip -6 route add 2001:41d0:d:2a83::/64 dev wg0
pre-down ip -6 route del 2001:41d0:d:2a83::/64 dev wg0

(Forgot to send it to the mailinglist.)

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard