Wireguard

[northpoint]

Hello,

Just want to ask if anyone here has tested or using wireguard as a VPN?

I have a client that has two physical locations about 20 miles apart and are interested in me setting up a vpn for file access. I have heard good things about it and curious if anyone has it up and running and what your thoughts are?

I do openvpn right now for clients but thinking of making the switch because they say its much better in a lot of areas and easier to setup. This usually involves a Centos7 server with shares to windows 10 clients.

Thank you,

EDIT: spelling mistakes

[TrevorH]

You can find kmod-wireguard packages in ELRepo for 7 and 8. The wireguard-tools package is in EPEL.

[toracat]

There is yet another option for CentOS-7 users. The centosplus kernel, kernel-plus, now has wireguard built-in.

[northpoint]

I apologize for answering late here. Been a busy week with work.

Thank you very much for the replies. I am going to deploy wireguard for a client of mine for access to some files via remote.

I understand that bandwidth usage is much better than Openvpn which I have used on other clients. This is kinda a big plus for my clients as I think Openvpn used only 30% because of 'overhead' or something like that. Anyways, I was wondering originally what are the thoughts on this from those already using it. I also understand setup is a lot easier too.

Thank you,

Northpoint

[toracat]

Please keep us posted. Let us know which option you have used.

[TrevorH]

I just spotted your other post and you will need to update to 7.8 to run wireguard as the kernel module is not available for your ancient release.

Update. Stay updated.

[northpoint]

Ok, I will update when I get this sorted out.

Thank you all for the replies.

[northpoint]

Update:

I am using Nyr's bash script to setup wireguard. He has two really nice scripts - one for Openvpn and then the wireguard one that I am using.

Code: Select all

wget https://git.io/wireguard -O wireguard-install.sh && bash wireguard-install.sh

This sets up wireguard as a module for the kernel and seems to work with the kernel now being used at my clients. I do believe they are on the 3.x kernel for Centos 7.8.

Here is the installed packages:

Code: Select all

Installed:
  kmod-wireguard.x86_64 8:1.0.20200908-1.el7_8.elrepo                      qrencode.x86_64 0:3.4.1-3.el7                     
  wireguard-tools.x86_64 0:1.0.20200513-1.el7                             

Dependency Installed:
  python3.x86_64 0:3.6.8-13.el7                 python3-libs.x86_64 0:3.6.8-13.el7     python3-pip.noarch 0:9.0.3-7.el7_7    
  python3-setuptools.noarch 0:39.2.0-10.el7 

Here is the network interface it setup:

Code: Select all

wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420
        inet XX.X.X.X  netmask 255.255.255.0  destination XX.X.X.X
        inet6 XXXX::XXXX:XXXX:XXXX:XXXX  prefixlen 64  scopeid 0x20<link>
        inet6 XXXX:XXX:XXX:XXX::X prefixlen 64  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Each time you run the script you can choose from several options - Add a User, Remove Installation ect.. Adding a user produces a config file stored in /root for each user. Wireguard has a windows client for setting up the road warrior. Just have to load the config file in it and turn it on.


I have gone as far as I can right now because I have to open up the port and setup port forwarding on the comcast modem. I need to contact the client for their credentials for that.

[gostal]

...
I understand that bandwidth usage is much better than Openvpn which I have used on other clients. ...

This is what is claimed but in my opinion it is debatable. I have tried using a wireguard client on Linux Mint but it's really slow, not good at all compared to OpenVPN despite the apparent simplicity. On windows 7 and 10 clients it's really good though. There have been some updates lately which may have impact on the Linux client side but I have not implemented yet so I don't know. It may be that this issue is not relevant anymore. I have asked my service provider as it may be down to some server missconfiguration but so far no answer.

[northpoint]

...
I understand that bandwidth usage is much better than Openvpn which I have used on other clients. ...

This is what is claimed but in my opinion it is debatable. I have tried using a wireguard client on Linux Mint but it's really slow, not good at all compared to OpenVPN despite the apparent simplicity. On windows 7 and 10 clients it's really good though. There have been some updates lately which may have impact on the Linux client side but I have not implemented yet so I don't know. It may be that this issue is not relevant anymore. I have asked my service provider as it may be down to some server missconfiguration but so far no answer.

Im not sure but I think I read somewhere that running wireguard in user space will not be as fast as running it directly from the kernel. Dont quote me on that though.

I have not had a chance to finish up the install. I am stuck at getting their ISP to open up the ports on the modem. Havent moved on that because work is backing up a bit. Hopefully tomorrow I can talk to their ISP and see if the modem can be put in bridge mode or what ever.

Thanks