Re: DMKS failed after Kernel Upgrade to 4.4.0-161-generic on Ubuntu 16.04 LTS
Hey Markus, It shoud be fixed now! Just updated the ppa package en it shoud work. Greetz, Egbert On Fri, 2019-09-06 at 17:00 +0200, Markus Grundmann wrote: > No! No! Jason! You do not have to apologize. I think we have to > thank > you for WireGuard! > > -Markus > > Am 2019-09-06 16:06, schrieb Jason A. Donenfeld: > > > Sorry for the hassle. I'm not happy about the situation either, but > > it > > is what it is. Ubuntu isn't the best distro to deal with > > unfortunately. > > > > I'll poke Egbert again to see if he can hurry up. signature.asc Description: This is a digitally signed message part ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Problems with kernel 4.15 on Ubuntu Bionic & Xenial
Hey Jason, I just got 2 reports with problems on ubuntu with 4.15 kernel. When their are loading in the kernel module it wil crash on: wireguard: Unknown symbol poly1305_blocks_avx (err 0) wireguard: Unknown symbol poly1305_emit_avx (err 0) wireguard: Unknown symbol poly1305_blocks_avx512 (err 0) wireguard: Unknown symbol chacha20_avx512vl (err 0) wireguard: Unknown symbol chacha20_avx2 (err 0) Ref: https://gist.github.com/EggieCode/64d4cd4177abc42f6d347ec7b19f931b I just install a fresh ubuntu xenial with kernel 4.15 and it works just fine. Any clue what problem kan be? Greetz, Egbert signature.asc Description: This is a digitally signed message part ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: decoupling version dependencies from metapackage in debian/ubuntu?
On Fri, 2018-01-19 at 14:21 +0100, Jason A. Donenfeld wrote: > Hey Egbert, Daniel, > > Someone in #wireguard is getting weird errors about version > dependencies between packages. I started looking into it and noticed > the strong coupling between the metapackage version and the other two > packages' versions. > > The users' issue seems mostly like an Ubuntu problem: they build > _all, > _amd64, and _x86 immediately, but delay the other architectures until > later. So, the user in #wireguard was using an aarch64 board, which > pulled in the newer _all package, but that package was unable to > subsequently satisfy its architecture-specific dependencies, since > they hadn't been built yet. Annoying Launchpad bug; news at 11. This sucks and most strangest about it that it states that it starts in 17 hours. https://launchpad.net/~wireguard/+archive/ubuntu/wireguard/+build/14252 241 Even with a simple test on my personal PPA is states that I starts in 20 hours. > > But regardless of Launchpad particularities, I was wondering what the > motivation is for coupling versions together. Since the Netlink > changes, there should be compatibility between the tools and the > module. Does that mean it's not useful for the metapackage to do > strong coupling? Or is there some other factor this is accounting for > that I don't know about. > If you want the merge the 2 packages it can be a bit tricky. First of you need to remove the old packages wireguard-dkms and wireguard-tools by the next upgrade and sure not the overwire any config and not to create conflicts with the old dpkg package. Second thing is that not everybody installs dkms and tools package, for example in a lxd containers I only install wireguard-tools to init a wireguard interface. Besides that packages like virtualbox have a extra package for dkms if what that, it does not depend on the dkms package. Maybe for now remove the metapackage in the PPA? Greetz, Egbert ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: WireGuard in systemd-networkd
Hey dkg, I wanted to do the same thing with the meta package, so I have included your patch in the ubuntu ppa repo. I have pushed the packages to the PPA, so will be up in 10min. Here the commit with the meta package patch: https://github.com/EggieCode/wireguard-ppa/commit/1c502977301cfc1695996 ba68fa260576f0f0cad Thanks dkg for the patch! Greetz, Egbert On Thu, 2018-01-11 at 18:38 -0500, Daniel Kahn Gillmor wrote: > On Thu 2018-01-11 16:02:30 +0100, Jason A. Donenfeld wrote: > > On Thu, Jan 11, 2018 at 2:43 PM, Daniel Kahn Gillmor > >wrote: > > > Matthias was suggesting a simply-named meta-package: just > > > "wireguard", > > > which would ensure that both wireguard-dkms and wireguard-tools > > > are > > > installed. The advantage there is that you can tell people to > > > do: > > > > > >apt install wireguard > > > > > > and apt make sure the system has the common setup by default :) > > > > This is a great idea. Let me know if you wind up making this. I've > > added Egbert to the CC so that he can make an identical change in > > the > > Ubuntu PPA. > > I've just uploaded this arrangement to debian, but it needs to clear > the > NEW queue, which can take a little while. > > You should be able to follow the NEW queue here: > >https://ftp-master.debian.org/new.html > > Egbert (or any other packager for a debian derivative) can see my > packaging here, if they're interested: > >https://salsa.debian.org/debian/wireguard > > in particular: > >https://salsa.debian.org/debian/wireguard/commit/cc3cab4b799a64e9c > 74985da627fc85ba0ee2cc8 > > as always, I welcome feedback and suggestions for other improvements. > > Regards, > > --dkg ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Advising in packages to load new module or reboot
Hey Jason, Ow, that it is a common problem. I think your patch is a nice updated. So I got some time left and build a patch (pull request) on github here: https://github.com/EggieCode/wireguard-ppa/pull/24 Let me known what you think. Greetz, Egbert On Wed, 2017-08-09 at 01:16 +0200, Jason A. Donenfeld wrote: > Hey guys, > > I've noticed that around 60% of emails and IRC messages I get about > WireGuard issues are due to: > > 1) forgetting to `rmmod wireguard && modprobe wireguard` after > updating > 2) installing new kernel headers, removing old kernel headers, > updating >wireguard, and then having the module built for the newer kernel > and >forgetting to reboot > 3) not having any headers installed > > I don't really know the best generic solution for (3), since > different > distros and distro-derivatives (armbian,raspian,archlinuxarm,etc) > seem > to express these dependencies in different ways, or not at all. But I > do > have an idea to pretty easily address (1) and (2). I've just added > the > below to the Gentoo ebuild: > > + if [[ $(uname -r) != "${KV_FULL}" ]]; then > + ewarn > + ewarn "You have just built WireGuard for kernel ${KV_FULL}, > yet the currently running" > + ewarn "kernel is $(uname -r). If you intend to use this > WireGuard module on the currently" > + ewarn "running machine, you will first need to reboot it > into the kernel ${KV_FULL}, for" > + ewarn "which this module was built." > + ewarn > + elif [[ -f /sys/module/wireguard/version ]] && \ > + old="$(< /sys/module/wireguard/version)" && \ > + new="$(modinfo -F version > "${ROOT}/lib/modules/${KV_FULL}/net/wireguard.ko" 2>/dev/null)" && \ > + [[ $old != "$new" ]]; then > + ewarn > + ewarn "You appear to have just upgraded WireGuard from > version v$old to v$new." > + ewarn "However, the old version is still running on your > system. In order to use the" > + ewarn "new version, you will need to remove the old module > and load the new one. As" > + ewarn "root, you can accomplish this with the following > commands:" > + ewarn > + ewarn "# rmmod wireguard" > + ewarn "# modprobe wireguard" > + ewarn > + ewarn "Do note that doing this will remove current > WireGuard interfaces, so you may want" > + ewarn "to gracefully remove them yourself prior." > + ewarn > + fi > > There's a bit of Gentoo-specific stuff in there, but the general idea > is > that I first check to see if the module is being built for the > current > kernel or a different one, and then I check whether an older module > is > loaded than the one just built. It might be slightly trickier to > accomplish this with DKMS, but I think still it's possible. > > Any thoughts on this pattern? > > Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Debian-based configuration for wireguard
Hey dkg, On Mon, 2017-07-10 at 17:20 -0400, Daniel Kahn Gillmor wrote: > > thanks for these pointers, Egbert! > > i have a few questions about the proposed modification for ifupdown: > > * do we really want this to be a new interface type instead of >extending the capabilities of some other configuration type? Was easy for me to recognize the wireguard interface as a config type in a network/interface config. And wanted to learn how the package of ifupdown work. > > * if we can't just extend an existing type, wireguard seems more >analogous to the "tunnel" type than to the "static" type, which is >what this seems to have evolved from. Indeed it is just a copy of the static type and I have not seen the tunnel type. > > * it looks to me like configuring a wireguard link this way will >require an entry in /etc/network/interfaces (or interfaces.d) > *and* a >config file in /etc/wireguard/*.conf. It seems like it would be >cleaner to have all the configuration in one place, no? Yes I would be cleaner, but the config of wg can change so I have keep it separate. > > * would you consider submitting these changes to ifupdown in the > debian >BTS? Is there a reason that they should remain in your PPA? Nop, just a proof of concept (My case used with ansible to rollout ~10 machines). > > fwiw, some of us do also run debian systems without ifupdown these > days. > I'm looking forward to systemd-networkd integration personally :) Me to, I hope in the next ubuntu lts ifupdown has been replaced with systemd-networkd. Then works _network-online.target_ proper in a systemd service. (And ofc the wg is in the main stream kernel). I made the update to ifupdown when wg-quick was not around. Besides that, the only thing I don't like about wg-quick if you put 0.0.0.0 in the AllowedIPs it automaticly make a default route to the wg endpoint. Greetz, Egbert ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Debian-based configuration for wireguard
Hey Baptiste, Jep, I did that. See the ifupdown package of my own wireguard ppa: https://launchpad.net/~eggiecode/+archive/ubuntu/wireguard And here is the diff: http://test.egbert.online/diff_ifupdown_ppa.txt Greetz, Egbert On Mon, 2017-07-10 at 04:53 +0200, Jason A. Donenfeld wrote: > On Sun, Jul 09, 2017 at 11:17:04PM +, jomat+wireguard...@jmt.gr > wrote: > > Nice! I also don't like wg-quick too much, but also dislike the > > pre-/post-/-up/-down directives in my /etc/network/interfaces, so > > I put this script to /etc/network/if-pre-up.d/ and if-post-down.d > > which could work for Debian, too: > > > > https://github.com/jomat/aports/blob/master/testing/wireguard/wireg > > uard.ifupdown > > I think Egbert might have also written an ifupdown thing? Adding him > to > the CC in case you guys want to standardize on one Debian way of > doing > things? > > Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Repo broken?
Hey Steve, That is because in the beging of the ppa repo we only had support for kernel >4.1. On snapshot: 0.0.20170409 we got support for 3.16, 3.14, 3.12, 3.10. And precise has kernel 3.2 (OLD!) and since April 28, 2017 precise is eol. Best way to run wireguard on ubuntu is run xenial or a higher release. Greetz, Egbert On Fri, 2017-05-26 at 10:26 -0700, Steve Pagan wrote: > I cannot download the required packages to my system. I get a 404 > error: > > W: Failed to fetch http://ppa.launchpad.net/wireguard/wireguard/ubunt > u/dists/precise/main/source/Sources 404 Not Found > > W: Failed to fetch http://ppa.launchpad.net/wireguard/wireguard/ubunt > u/dists/precise/main/binary-amd64/Packages 404 Not Found > > W: Failed to fetch http://ppa.launchpad.net/wireguard/wireguard/ubunt > u/dists/precise/main/binary-i386/Packages 404 Not Found > > > World's First Endpoint-Aware Application Delivery Solution > Steve Pagan > Network Engineer - Operations > > Phone: 650-919-8856 | Email: spa...@instartlogic.com > Instart Logic | 450 Lambert Ave, Palo Alto, CA 94306 > | instartlogic.com > ___ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: wireguard-tools Ubuntu package missing the binaries; Fixed
Hey Ryan, Fixed it. New build (0.0.20170409-wg2~xenial, 0.0.20170409- wg2~yakkety,) is live on the PPA. Can you test this for me? Thanks Jonathon, for that solution. Greetz, Egbert On Sun, 2017-04-16 at 12:24 +0100, Jonathon Fernyhough wrote: > On 16/04/17 12:06, Ryan Riley wrote: > > The i386 wireguard-tools package on the PPA for Ubuntu Xenial > > doesn't > > actually contain any of the binaries, just documentation. > > It's not just i386 - each of the arm and ppc64 packages are also > missing > binaries. > > Debian's packages (and my testing backports based on those) don't > have > that issue - might be time to check a diff or do a merge. :) > > Looks like it's down to `make install`ing the tools during install- > indep > rather than install-arch. > > > Working (Debian use a different flags setup, that's not the important > bit): > > > override_dh_auto_install-indep: > > $(MAKE) -C src DESTDIR=../debian/wireguard-dkms > > DKMSDIR=/usr/src/wireguard-$(DEB_VERSION)/ dkms-install > > > > override_dh_auto_build-arch: > > $(MAKE) -C src/tools $(WIREGUARD_ARGS) > > > > override_dh_auto_install-arch: > > $(MAKE) -C src/tools DESTDIR=../../debian/wireguard-tools > > $(WIREGUARD_ARGS) install > > > Non-working: > > > override_dh_auto_install-indep: > > $(MAKE) -C wireguard-src/src > > DESTDIR=$(CURDIR)/debian/wireguard-dkms DKMSDIR=/usr/src/wireguard- > > $(DEB_VERSION_UPSTREAM)/ dkms-install > > $(MAKE) -C wireguard-src/src/tools > > DESTDIR=$(CURDIR)/debian/wireguard-tools WITH_SYSTEMDUNITS=yes > > WITH_WGQUICK=yes WITH_BASHCOMPLETION=yes install > > > > override_dh_auto_build-arch: > > $(MAKE) -C wireguard-src/src/tools > > > > J > > ___ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: wg binary in armhf deb from ppa missing; armbian with Allwinner A20 chip modprobe wg not working
Hey Alex, The Banana PI boards here an Allwinner chip, which not great with the Linux Kernel. All the kernels are custom builds (most of the time) to include support for the chips/boards. From my experience the builds of armbian have the best images (Mind the I have Banana PI M2, with an Allwinner A31S). I can't help furder with wg on BananaPi board, sorry. Maybe somone else in the mailing can help. For the PPA package I need to figure out how the let him include make install of wg/tools for armhf/arm64. Greetz, Egbert On 2017-02-19 17:29, Alexander Morlang wrote: > Hi, > building on armhf reveals some effects i don’t understand: > On my raspi3 with raspian and kernel > uname -a > Linux raspberrypi 4.4.38-v7+ #938 SMP Thu Dec 15 15:22:21 GMT 2016 armv7l > GNU/Linux > kernelmodule are building just fine an the module loads. i had no time for > testing it, but it builds. > > On Banana Pro with armbian an kernel > uname -a > Linux bananapipro 4.9.7-sunxi #1 SMP Thu Feb 2 01:52:06 CET 2017 armv7l > armv7l armv7l GNU/Linux > it’s building, but the module will not load: > > sudo modprobe wireguard > modprobe: ERROR: could not insert 'wireguard': Exec format error > > modinfo wireguard > filename: /lib/modules/4.9.7-sunxi/extra/wireguard.ko > alias: rtnl-link-wireguard > author: Jason A. Donenfeld <ja...@zx2c4.com> > description:Fast, secure, and modern VPN tunnel > license:GPL v2 > depends:udp_tunnel,ip6_udp_tunnel,x_tables > vermagic: 4.9.7-sunxi SMP mod_unload ARMv7 thumb2 p2v8 > > In dmesg, it shows: > [ 1404.917772] wireguard: loading out-of-tree module taints kernel. > [ 1404.919392] wireguard: unknown relocation: 102 > > Next i will try with bananian and 4.4 kernel. > > Gruß, Alex > >> Am 19.02.2017 um 15:51 schrieb Egbert Verhage <egb...@eggiecode.org>: >> >> Hey Alex, >> >> Ow, I never tested the package on armhf. I will give test it tomorrow on >> my own Banana Pi 2 and Raspberry pi 2. >> >> If you are running the image of lemaker on your banana pi, maybe try >> first to build the package from the git repo. >> >> Greetz, >> Egbert >> >> >> On 2017-02-19 02:14, Alexander Morlang wrote: >>> Hi, >>> used the launchpad ppa in xenial on armhf (Banana Pro). >>> The wireguard-tools packet installed only /usr/share/doc >>> >>> Is this a known problem? >>> >>> I downloaded the >>> https://launchpad.net/~wireguard/+archive/ubuntu/wireguard/+files/wireguard-tools_0.0.20170214-wg1~xenial_armhf.deb >>> and hat a look with dpkg -c , getting the same result of no binary in >>> the packet. >>> >>> regards, Alex >>> ___ >>> WireGuard mailing list >>> WireGuard@lists.zx2c4.com >>> https://lists.zx2c4.com/mailman/listinfo/wireguard >> ___ >> WireGuard mailing list >> WireGuard@lists.zx2c4.com >> https://lists.zx2c4.com/mailman/listinfo/wireguard > ___ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard signature.asc Description: OpenPGP digital signature ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: wg binary in armhf deb from ppa missing
Hey Alex, Ow, I never tested the package on armhf. I will give test it tomorrow on my own Banana Pi 2 and Raspberry pi 2. If you are running the image of lemaker on your banana pi, maybe try first to build the package from the git repo. Greetz, Egbert On 2017-02-19 02:14, Alexander Morlang wrote: > Hi, > used the launchpad ppa in xenial on armhf (Banana Pro). > The wireguard-tools packet installed only /usr/share/doc > > Is this a known problem? > > I downloaded the > https://launchpad.net/~wireguard/+archive/ubuntu/wireguard/+files/wireguard-tools_0.0.20170214-wg1~xenial_armhf.deb > and hat a look with dpkg -c , getting the same result of no binary in > the packet. > > regards, Alex > ___ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Error install via apt-get on ubuntu16.04
Hey Chen, It is solved! Greetz, Egbert On 2017-01-02 12:47, Egbert Verhage wrote: Hey Chen, Looking in to it right now! Is it Ubuntu Xenial or Yakkety? Greetz, Egbert On 2017-01-02 12:44, chen hao wrote: Building only for 4.4.0-57-generic Building initial module for 4.4.0-57-generic Error! The directory /var/lib/dkms/wireguard/0.0.20161218/source/ does not appear to have module source located within it. Build halted. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Error install via apt-get on ubuntu16.04
Hey Chen, Looking in to it right now! Is it Ubuntu Xenial or Yakkety? Greetz, Egbert On 2017-01-02 12:44, chen hao wrote: Building only for 4.4.0-57-generic Building initial module for 4.4.0-57-generic Error! The directory /var/lib/dkms/wireguard/0.0.20161218/source/ does not appear to have module source located within it. Build halted. My uname Linux LA-Ubuntu 4.4.0-57-generic #78-Ubuntu SMP Fri Dec 9 23:50:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux -- chen hao Sent with Airmail ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [WireGuard] Wireguard package, changed naming
Hey ?, First of if you want to change something to the PPA, what is public and advertised on the website, make it public. In de mailing list and to me. I'm fine with the change of ubuntu suffix to wg. ifupdown packages is included to add wireguard network/interfaces. Usefull if you are using a ansible to deploying on multiple machine. I never used bzr, that is the reason why I use git. To setup the repo multiple for distros just use git branches. The code is in git: https://git.launchpad.net/wireguard, and is uses git submodule for the wireguard source. Then you just checkout the lastest snapshot and change the changelog and commit,push that. If you are subscribed to the mailing list of wireguard, then you get an email that there is a new snapshot available. Greetz, Egbert On 2016-11-18 12:31, Anonymous Anonymous wrote: I changed wireguard package naming from ubuntu1 to wg1, hope you not against it. Since only ubuntu official repository packages could be with ubuntu naming. And we don't need libmnl dependency, only libmnl-dev. As for ifupdown, I have no idea what it doing in PPA. Is there some issues with wireguard regarding ifupdown? And, I have no access to bzr, but I don't use since its auto-importing from git, when commits sign broken anyway. I figured what you talked about change maintainer, you was talking about launchpad team, not a PPA. I changed both maintainer and driver to teamname itself. P.S.: I included your email for snapshot tags in my email bot settings. It just send notification when new version (snapshot in our case) out. ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [WireGuard] Hosting Companies with Dishonest CPUID [Was: Re: Seeking Ubuntu PPA Maintainer]
:D. That is great solution, thank you! On 2016-11-16 16:05, Jason A. Donenfeld wrote: https://git.zx2c4.com/WireGuard/commit/?id=34df71964861e7ea5f542bac0225c8b82bb8d9b2 This commit should work around things. ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [WireGuard] Hosting Companies with Dishonest CPUID [Was: Re: Seeking Ubuntu PPA Maintainer]
Hey Jason, The service/hardware is great. But it is a problem with the raid6 module on the host. That uses AVX/AVX2. PCExtreme hasalready blacklisted AVX because all of the virtual machines crashes with it enabled. I'm the only complaining about AVX2 crashing on the machines, so therefore it is not yet blacklisted. Just sended a email to them, waiting on response. Wanted to add the mail, but it is in dutch. I don't know if you can read that. Greetz, Egbert On 2016-11-16 15:14, Jason A. Donenfeld wrote: Hey Egbert, I'm glad that my avx2disabler module worked for you. I believe it would be in your interest to pressure the hosting provider into either reenabling AVX, or fixing their CPUID to report correct information. CPUID is the kernel's only means of judging capabilities, and if the [virtual] hardware lies, it is impossible to make a reliable operating system. Jason On Wed, Nov 16, 2016 at 11:03 AM, Egbert Verhage <egb...@eggiecode.org> wrote: Hey Jason, The kernel module worked for my. ([1020751.674357] AVX2 disabler loaded: 1 -> 0) Going to update the PPA to remove my disable of AVX2. The problem is that the hosting company hides the cpuuid, but from the call with the sysadmin it is a XEON E5-2??? v3. Greetz, Egbert On 2016-11-16 02:31, Jason A. Donenfeld wrote: Hey Egbert, On Wed, Nov 16, 2016 at 1:34 AM, Egbert Verhage <egb...@eggiecode.org> wrote: I mailed/called with one of the sys admins and discussed with him about the problem in the AVX2 extention. I think I'm going to mail/call the hosting company again. It seems like the crux of the issue is that if they disable AVX2 instructions, they need to make this known in the CPUID. Otherwise the operating system will assume it's there when it isn't. Can give you a vps if you want to. Just 3 euro the month. See the attached tarball. Compile the kernel module in there and load it BEFORE WireGuard. You might have to manually unload wireguard for this to work: "rmmod wireguard && insmod ./avx2disabler.ko && modprobe wireguard", for example. It should disable avx2 inside the kernel, solving the issue. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [WireGuard] Seeking Ubuntu PPA Maintainer
Hey Deniel, Thank your for the support. I was search for the git repo of the debian package, thank you for the link. Besides that only difference between ours repo's is that I use a submodule for the wireguard source. Git repo: https://git.launchpad.net/wireguard?h=master Greetz, Egbert On 2016-11-16 07:45, Daniel Kahn Gillmor wrote: Hi Egbert-- On Wed 2016-11-16 09:34:12 +0900, Egbert Verhage wrote: I just copyed the debian folder of the experimental package of the debian repo. I'm the package maintainer in debian. Glad to hear that my packaging work has been useful for you. If you're tracking the debian packaging, you might also be interested in the revision control history of it: git clone https://anonscm.debian.org/git/collab-maint/wireguard.git If you find that there are specific changes to the debian packaging that you find useful when packaging for ubuntu, i'd be happy to hear about them. Also, if you run into packaging difficulties and want someone to brainstorm with, feel free to reach out. Regards, --dkg ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [WireGuard] Seeking Ubuntu PPA Maintainer
On 2016-11-16 01:12, Jason A. Donenfeld wrote: > Hey Egbert, > > Great to see! How much does this deviate from debian's? As far as I > can tell, you should be able to keep things basically the same. I just copyed the debian folder of the experimental package of the debian repo. Left all the copyrights intact and added my name. > This isn't okay. Downstream packages really shouldn't be applying > patches like that. If you revert that, I can list this as the primary > PPA for WireGuard. With that said, let's actually try to fix this > issue for good... Can't agree more, but I wanted to test it and deploy it with ansible, that was the simplest solution. > AVX2 is advertised through CPUID. Is it possible that your VPS passes > through the CPUID from the host while not supporting all instructions? > Or perhaps, rather, fakes a CPUID that isn't the host's, while only > supporting instructions of the host? Very mysterious. What hosting > company is this? Is there a chance I can poke around at this setup? Do > you know if it's KVM or Xen or VMWare or something else? It is hosted at PCexterme, dutch company. Cheap and good service. The use KVM with CloudStack on top of it. I mailed/called with one of the sys admins and discussed with him about the problem in the AVX2 extention. He told me that they disabled AVX already because of the raid 6 system. It crashes the whole KVM host. Can give you a vps if you want to. Just 3 euro the month. > If it turns out that your VPS host just does something horrible, I'll > look for a way to globally disable kernel usage of AVX2, without > having to patch WireGuard like that. If I can found the kernel parmameter for that, I will. > If it's particular to the host, > perhaps we can come up with either a particular kernel module to do > the disabling, or some ungodly hack to /dev/kmem... You are going above my intellect of the kernel at this point. > Are you compiling > your own kernel for this system, or just using stock Ubuntu kernel? No not yet. I was planning on this email to tell your my ppa / kernel problem. > I'm pretty sure, by the way, that we're using the right detection > function within WireGuard, seeing as every other place in the tree > uses the same thing: * lib/raid6/avx2.c * 36: return boot_cpu_has(X86_FEATURE_AVX2) && boot_cpu_has(X86_FEATURE_AVX); I think I'm going to mail/call the hosting company again. > Thanks a bunch for helping out. You to with this great this VPN. > Jason > ___ > WireGuard mailing list > WireGuard@lists.zx2c4.com > http://lists.zx2c4.com/mailman/listinfo/wireguard ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [WireGuard] Seeking Ubuntu PPA Maintainer
On 2016-11-15 21:44, Jason A. Donenfeld wrote: > Hey folks, > > Looks like there are various Ubuntu PPAs for WireGuard floating > around. I'd like to officially endorse one on the install section of > the website. Is anybody interested in being the Ubuntu downstream for > WireGuard? > > Thanks, > Jason > ___ > WireGuard mailing list > WireGuard@lists.zx2c4.com > http://lists.zx2c4.com/mailman/listinfo/wireguard Hey Jason, I'm trying to maintain one now, but it is my first one and trying to keep it up to date. https://launchpad.net/~eggiecode/+archive/ubuntu/wireguard Testing it constantly on 4 of my servers and works it great! Even added a patch for ifupdown to setup WireGuard in /etc/network/interfaces The only downside is that I disabled AVX2 cpu extention in the code, because of kernel panics on VPS's by a hosting company (https://eggiecode.org/wg-kernel-panic.png). Greetz, Egbert Verhage Below example config of wireguard in network/interfaces iface wg0 inet wireguard netmask 255.255.255.0 address 192.168.2.254 wg_config /etc/network/wg0.ini up ip -4 route add 10.20.1.0/24 dev wg0 pre-down ip -4 route del 10.20.1.0/24 dev wg0 up ip -4 route add 10.20.3.0/24 dev wg0 pre-down ip -4 route del 10.20.3.0/24 dev wg0 up ip -4 route add 10.20.2.0/24 dev wg0 pre-down ip -4 route del 10.20.2.0/24 dev wg0 iface wg0 inet6 wireguard netmask 64 address fd4a:2831:fc20:f528:fe::1 up ip -6 route add 2001:41d0:2:5c39::/64 dev wg0 pre-down ip -6 route del 2001:41d0:2:5c39::/64 dev wg0 up ip -6 route add 2a00:f10:700:5f::/60 dev wg0 pre-down ip -6 route del 2a00:f10:700:5f::/60 dev wg0 up ip -6 route add 2001:41d0:d:2a83::/64 dev wg0 pre-down ip -6 route del 2001:41d0:d:2a83::/64 dev wg0 (Forgot to send it to the mailinglist.) ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard