Announcement
Collapse
No announcement yet.
WireGuard + Multi-Path TCP Were Merged Tonight Into Linux 5.6
Collapse
X
-
Originally posted by starshipeleven View PostIs staying a KMP an issue?
Presently, in openSUSE 15.1 it is implemented as KMP (DKMS?), but the KDE NetworkManager is not yet up-to-date to support it. So one would have to setup all via CLI.
But in openSUSE 15.2, the newer NetworkManager (with integrated wireguard-setup-support) should be used and therefore I would assume that easy wireguard-management should work, even as KMP.
On the other hand: If wireguard is properly backported to older kernels, the chances might be higher, that wireguard will be implemented in existing / running devices like Firewalls.
The better the implementation and the wider the spread of wireguard, the better for us.
Comment
-
Originally posted by rgloor View PostYou are right.
Presently, in openSUSE 15.1 it is implemented as KMP (DKMS?), but the KDE NetworkManager is not yet up-to-date to support it. So one would have to setup all via CLI.
But in openSUSE 15.2, the newer NetworkManager (with integrated wireguard-setup-support) should be used and therefore I would assume that easy wireguard-management should work, even as KMP.
It should theoretically work when you update NM, but as all things NM, it may fail horribly too, in any case it's NM fault.
On the other hand: If wireguard is properly backported to older kernels, the chances might be higher, that wireguard will be implemented in existing / running devices like Firewalls.
Apart from NXP SoCs where the firmware SDK is an up-to-date OpenWrt so they support this already (see below).
That said, they can use a userspace daemon to do that too (as they do with all other VPNs), and it's still ridicolously faster than stuff like OpenVPN.
It's already used in this way by some VPN vendors https://www.veeam.com/powered-network.html
OPNSense (a FreeBSD-based firewall distro that is less strict than pf-sense) uses this too https://wiki.opnsense.org/manual/how...rd-client.html
And OpenWrt (A Linux router/firewall/wireless/embedded) distro has merged the wireguard patches since a long while and added support for it to its web interface https://danrl.com/blog/2017/luci-proto-wireguard/Last edited by starshipeleven; 29 January 2020, 11:13 AM.
Comment
-
Originally posted by rgloor View PostI just wonder, if it will be possible, to backport wireguard into "older" kernels?
Like 5.3.x. Since that is the one, presumably going into openSUSE 15.2.
(Or if it has to stay as KMP?)
Edit: Typo KMP (Kernel Modul Package), not KML
Comment
-
Originally posted by starshipeleven View Post....
...
..
.
OPNSense (a FreeBSD-based firewall distro that is less strict than pf-sense) uses this too https://wiki.opnsense.org/manual/how...rd-client.html
And OpenWrt (A Linux router/firewall/wireless/embedded) distro has merged the wireguard patches since a long while and added support for it to its web interface https://danrl.com/blog/2017/luci-proto-wireguard/
But hopefully, they soon also upgrade their OS's to support wireguard.
Comment
-
Originally posted by Mario Junior View Post
You can already use on 5.4. Just get the patch and compile: https://github.com/clearlinux-pkgs/linux?files=1
The system in question is my production notebook, heavily used "everywhere", with lots of fine tuning to run fine.
I choose openSUSE LEAP for stability purpose.
And even there I had some hassle to get RemoteDesktop to a virtualized machine (through a VPN connection) working - using Remmina. Because every other update from either Remmina or freeRDP was again breaking my system. Now it runs stable for about 7 months.
It was also a challange, to get all the different NAS' and Fileservers properly running with automount.
I could use a newer than the LEAP 15.1 standard kernel (4.12.x) from the appropriate repository.
Or use openSUSE Tumbleweed. But chances are much higher to run into some hickups.
So I try to stick as close as possible to the standard repositories and don't add other repos when not necessary. (As doing a while to get Remmina/freeRDP working.)
And as starshipeleven mentioned / indicated in #13, openSUSE 15.1 already runs fine wireguard with KMP / DKMS. (Except the missing NetworkManager GUI integration, due to older KDE Plasma Version.)
Comment
-
Originally posted by rgloor View PostYes, but I had more "professional" Firewalls in mind. The likes of ZyXEL ZyWALLs, Fortnet Fortigates, SonicWalls, etc.
For the more "businness-y" products the consensus seems to be that Wireguard isn't significantly faster/lighter than IPSec with AES-NI acceleration (and all their hardware supports that as it's a bigass rack with Intel CPUs inside) and it is also not yet out of beta (which is true, they didn't yet reach a "release" status) therefore they don't care much.
Comment
-
Originally posted by rgloor View Post
Thanks. but No. I am an (advanced) user but not that advanced. Could educate myself to do it, but:
The system in question is my production notebook, heavily used "everywhere", with lots of fine tuning to run fine.
I choose openSUSE LEAP for stability purpose.
And even there I had some hassle to get RemoteDesktop to a virtualized machine (through a VPN connection) working - using Remmina. Because every other update from either Remmina or freeRDP was again breaking my system. Now it runs stable for about 7 months.
It was also a challange, to get all the different NAS' and Fileservers properly running with automount.
I could use a newer than the LEAP 15.1 standard kernel (4.12.x) from the appropriate repository.
Or use openSUSE Tumbleweed. But chances are much higher to run into some hickups.
So I try to stick as close as possible to the standard repositories and don't add other repos when not necessary. (As doing a while to get Remmina/freeRDP working.)
And as starshipeleven mentioned / indicated in #13, openSUSE 15.1 already runs fine wireguard with KMP / DKMS. (Except the missing NetworkManager GUI integration, due to older KDE Plasma Version.)
Comment
-
Originally posted by rgloor View PostI could use a newer than the LEAP 15.1 standard kernel (4.12.x) from the appropriate repository.
Or use openSUSE Tumbleweed. But chances are much higher to run into some hickups.
Then again I don't use Remmina or FreeRDP but commercial applications like TeamViewer and VMWare, I would say that the distro can't fix it if upstream sucks.Last edited by starshipeleven; 29 January 2020, 12:48 PM.
Comment
Comment