Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

2016-12-16 Thread Jason A. Donenfeld 
Hey Dan,

I just submitted a pull request to bump the package and add this
conditional: https://github.com/openwrt/packages/pull/3664

Jason
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

2016-12-14 Thread Jason A. Donenfeld 
On Wed, Dec 14, 2016 at 8:48 PM, Dan Lüdtke  wrote:
>
>> Not sure why the dependency is
>> hard coded like this; it shouldn't be.
>
> Even if it wasn't hardcoded, it would be introduced by +kmod-udptunnel6 
> anyway.
>
> Remove both manually if you really need to throw away IP and want to compile 
> legacyIP only. It should work with both, @IP6 and kmod-udptunnel6 removed.

kmod-udptunnel6 is only required if IPv6 is turned on.

At least in menuconfig, it's easy to describe conditional dependencies
like this one. Can the OpenWRT makefile thinger do it too? Baptiste?
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

2016-12-14 Thread Dan Lüdtke 

> Not sure why the dependency is
> hard coded like this; it shouldn't be.

Even if it wasn't hardcoded, it would be introduced by +kmod-udptunnel6 anyway.

Remove both manually if you really need to throw away IP and want to compile 
legacyIP only. It should work with both, @IP6 and kmod-udptunnel6 removed. 
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

2016-12-12 Thread Michal Kowalski 
Hi,

Is possible to add/modify version to support IPv4 only ? I would like to 
disable IPv6 and compile LEDE but than wireguard disappear. It is because of 
flash size 4MB.

Thanks,
Michal 





___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

2016-11-16 Thread Jason A. Donenfeld 
Live on wireguard.io/install/ now:

> commit 6bd5f8cde97456e37415eab80c19d9e8241f7639
> Author: Jason A. Donenfeld 
> Date:   Wed Nov 16 18:44:17 2016 +0100
>
> Add openwrt docs
>
> diff --git a/docs/install.md b/docs/install.md
> index 0946182..98579e9 100644
> --- a/docs/install.md
> +++ b/docs/install.md
> @@ -46,11 +46,11 @@ As WireGuard nears closer to release time, distribution 
> support will be much wid
>  boot.extraModulePackages = [ cfg.boot.kernelPackages.wireguard ];
>  environment.systemPackages = [ pkgs.wireguard ];
>
> - OpenWRT [trunk  [module  
> tools](https://github.com/openwrt/packages/blob/master/net/wireguard/Makefile)]
> + OpenWRT  LEDE [trunk  [module  
> tools](https://github.com/openwrt/packages/blob/master/net/wireguard/Makefile)]
>
>  # opkg install kmod-wireguard wireguard-tools
>
> -Note that the OpenWRT package does not yet enable multi-core crypto, but 
> their developers are working on it.
> +Further installation and configuration instructions may be found on the 
> [wiki](https://wiki.lede-project.org/docs/user-guide/tunneling_interface_protocols).
>
>    Mac OS X [homebrew  
> [tools](http://braumeister.org/formula/wireguard-tools)]
>
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

2016-11-16 Thread Dan Lüdtke 

> The config value has to be the same to correlate them. In that case,
> you should show an example with multiple peers, so that it's clear
> what's happening.

It says "Peer configurations are managed via one or more wireguard_ 
sections." to introduce the example. However, won't hurt to add another peer 
for clarification.

Consider it done :)

DUMP:

Create a WireGuard tunnel interface named ''foo'' that connects to one peer 
(VPN server at vpn.example.com) and allows another peer (e.g. road warrior) to 
connect.
Peer configurations are managed via one or more ''wireguard_'' sections.


config interface 'foo'
option proto 'wireguard'
option private_key 'qLvQnx5CpXPDo6oplzdIvXLNqkbgpXip3Yv4ouHWZ0Q='
option preshared_key 'M1IbkkDVwXsQbFbURiMXiVe/iUCjC5TKHCmemVs+oLQ='

config wireguard_foo
option public_key '9mD+mTiOp7SGIkB4t3ZfWAcfp5iA/WwQRdVypKKwrjY='
option route_allowed_ips '1'
list allowed_ips 'fd00:13:37::/48'
option endpoint_host 'vpn.example.com'
option persistent_keepalive '25'

config wireguard_foo
option public_key '4mLeSytW6/y4UcOT6rNorw1Ae9nXSxhXUjxsdzMWkUA='
list allowed_ips 'fd00:13:37:::23'


To use static addresses on a WireGuard interface, create a static address 
configuration on top of the interface.


config interface 'bar'
option proto 'static'
option ifname 'foo'
option ip6addr 'fd00:13:37::2/64'

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

2016-11-16 Thread Dan Lüdtke 

> On 16 Nov 2016, at 17:56, Jason A. Donenfeld  wrote:
> 
> config wireguard_foo
> 
> -->
> 
> config wireguard_peer1

Unfortunately, not. All peers for iface 'foo' will be named wireguard_foo. UCI 
sections are iterable if they have the same name.

wireguard_peer1 could belong to any wg interface. We would need a further 
option to relate it to the corresponding interface. It would be more 
complicated.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

2016-11-16 Thread Jason A. Donenfeld 
Oh, I see, that's not actually a correct suggestion.

The config value has to be the same to correlate them. In that case,
you should show an example with multiple peers, so that it's clear
what's happening.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

2016-11-16 Thread Jason A. Donenfeld 
config wireguard_foo

-->

config wireguard_peer1
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

2016-11-16 Thread Dan Lüdtke 

> If somebody has time, it would be good to include one or two examples at
> the end of the page (otherwise I'll do it at some point).

This one OK?

https://wiki.lede-project.org/docs/user-guide/tunneling_interface_protocols#static_addressing_of_a_gre_tunnel

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

2016-11-16 Thread Kalin KOZHUHAROV 
On Wed, Nov 16, 2016 at 5:15 PM, Baptiste Jonglez
 wrote:
> On Tue, Nov 15, 2016 at 05:01:14PM +0100, Dan Lüdtke wrote:
>> thanks for the various feedback, guys! Here is the next round:
>>
>> https://github.com/openwrt/packages/pull/3514
>
> This one is now merged, thanks for the work Dan!
>

Hmm, something is iffy... I updated my buildroot (./scripts/feeds
update -a) and got the new versions, but it fails to build...

Here is the relevant log (from `make -j1 V=s`) :
...
make[3]: Leaving directory '/srv/OpenWRT/openwrt/package/libs/libmnl'
make[3]: Entering directory
'/srv/OpenWRT/openwrt/package/network/utils/resolveip'
rm -rf 
/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/root-ar71xx/tmp-resolveip
mkdir -p 
/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/root-ar71xx/stamp
/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/root-ar71xx/tmp-resolveip
install -d -m0755
/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/root-ar71xx/tmp-resolveip/usr/bin
install -m0755 
/srv/OpenWRT/openwrt/build_dir/target-mips_34kc_musl-1.1.15/resolveip/resolveip
/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/root-ar71xx/tmp-resolveip/usr/bin/
SHELL= flock /srv/OpenWRT/openwrt/tmp/.root-copy.flock -c 'cp -fpR
/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/root-ar71xx/tmp-resolveip/.
/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/root-ar71xx/'
rm -rf 
/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/root-ar71xx/tmp-resolveip
touch 
/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/root-ar71xx/stamp/.resolveip_installed
if [ -f 
/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/pkginfo/resolveip.default.install.clean
]; then rm -f 
/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/pkginfo/resolveip.default.install
/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/pkginfo/resolveip.default.install.clean;
fi; echo "resolveip" >>
/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/pkginfo/resolveip.default.install
make[3]: Leaving directory
'/srv/OpenWRT/openwrt/package/network/utils/resolveip'
make[3]: Entering directory '/srv/OpenWRT/openwrt/feeds/packages/net/wireguard'
mkdir -p /srv/OpenWRT/openwrt/bin/ar71xx/packages
/srv/OpenWRT/openwrt/build_dir/target-mips_34kc_musl-1.1.15/WireGuard-experimental-0.0.20161110/ipkg-ar71xx/wireguard-tools/CONTROL
/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/pkginfo
install -d -m0755
/srv/OpenWRT/openwrt/build_dir/target-mips_34kc_musl-1.1.15/WireGuard-experimental-0.0.20161110/ipkg-ar71xx/wireguard-tools/usr/bin/
install -m0755 
/srv/OpenWRT/openwrt/build_dir/target-mips_34kc_musl-1.1.15/WireGuard-experimental-0.0.20161110/src/tools/wg
/srv/OpenWRT/openwrt/build_dir/target-mips_34kc_musl-1.1.15/WireGuard-experimental-0.0.20161110/ipkg-ar71xx/wireguard-tools/usr/bin/
install -m0755 ./files/wireguard.sh
/srv/OpenWRT/openwrt/build_dir/target-mips_34kc_musl-1.1.15/WireGuard-experimental-0.0.20161110/ipkg-ar71xx/wireguard-tools/lib/netifd/proto/
install: target
'/srv/OpenWRT/openwrt/build_dir/target-mips_34kc_musl-1.1.15/WireGuard-experimental-0.0.20161110/ipkg-ar71xx/wireguard-tools/lib/netifd/proto/'
is not a directory: No such file or directory
Makefile:106: recipe for target
'/srv/OpenWRT/openwrt/bin/ar71xx/packages/packages/wireguard-tools_0.0.20161110-2_ar71xx.ipk'
failed
make[3]: *** 
[/srv/OpenWRT/openwrt/bin/ar71xx/packages/packages/wireguard-tools_0.0.20161110-2_ar71xx.ipk]
Error 1
make[3]: Leaving directory '/srv/OpenWRT/openwrt/feeds/packages/net/wireguard'
package/Makefile:196: recipe for target
'package/feeds/packages/wireguard/compile' failed
make[2]: *** [package/feeds/packages/wireguard/compile] Error 2
make[2]: Leaving directory '/srv/OpenWRT/openwrt'
package/Makefile:193: recipe for target
'/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/stamp/.package_compile'
failed
make[1]: *** 
[/srv/OpenWRT/openwrt/staging_dir/target-mips_34kc_musl-1.1.15/stamp/.package_compile]
Error 2
make[1]: Leaving directory '/srv/OpenWRT/openwrt'
/srv/OpenWRT/openwrt/include/toplevel.mk:192: recipe for target 'world' failed
make: *** [world] Error 2

$ ll 
/srv/OpenWRT/openwrt/build_dir/target-mips_34kc_musl-1.1.15/WireGuard-experimental-0.0.20161110/ipkg-ar71xx/wireguard-tools/
total 8
4 drwxr-xr-x 2 kalin users 4096 Nov 16 17:26 CONTROL
4 drwxr-xr-x 3 kalin users 4096 Nov 16 17:26 usr

Hmm, "No such file or directory" ? Somewhere mkdir -p is needed?


It used to work 4 days ago, I successfully built/tested/still running:
kmod-wireguard 4.4.14+0.0.20161105-1
wireguard-tools 0.0.20161105-1

I'll try a clean recompile of everything now...

Kalin.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

2016-11-15 Thread Dan Lüdtke 
Hi,

thanks for the various feedback, guys! Here is the next round:

https://github.com/openwrt/packages/pull/3514
and
https://github.com/openwrt/luci/pull/852

Cheers,

Dan

> On 13 Nov 2016, at 23:52, Dan Lüdtke  wrote:
> 
> Hi again,
> 
> here is the pull request for LuCi:
> https://github.com/openwrt/luci/pull/848
> 
> Please support this pull request as well.
> 
> Thanks for all the beta testers and also to Jason and Baptiste for their help.
> 
> It was a great pleasure supporting this project.
> 
> Cheers,
> 
> Dan
> 
> 
>> On 13 Nov 2016, at 23:35, Dan Lüdtke  wrote:
>> 
>> Hi all,
>> 
>> first step of OpenWRT/LEDE integration is making sure the helper script for 
>> configuring the interface is installed. The corresponding pull request can 
>> be found here:
>> https://github.com/openwrt/packages/pull/3512
>> 
>> Please support this pull request.
>> Once it is accepted, the GUI (luci) will follow.
>> 
>> Thanks,
>> 
>> Dan
>> ___
>> WireGuard mailing list
>> WireGuard@lists.zx2c4.com
>> http://lists.zx2c4.com/mailman/listinfo/wireguard
> 
> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/wireguard

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

2016-11-13 Thread Dan Lüdtke 
Hi again,

here is the pull request for LuCi:
https://github.com/openwrt/luci/pull/848

Please support this pull request as well.

Thanks for all the beta testers and also to Jason and Baptiste for their help.

It was a great pleasure supporting this project.

Cheers,

Dan


> On 13 Nov 2016, at 23:35, Dan Lüdtke  wrote:
> 
> Hi all,
> 
> first step of OpenWRT/LEDE integration is making sure the helper script for 
> configuring the interface is installed. The corresponding pull request can be 
> found here:
> https://github.com/openwrt/packages/pull/3512
> 
> Please support this pull request.
> Once it is accepted, the GUI (luci) will follow.
> 
> Thanks,
> 
> Dan
> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/wireguard

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard