Installing wireguard on IPFire?

sandbo · 10 August 2020 04:20

Hi,

I learnt that Wireguard is not (yet) officially supported on IPFire. But I have been using it on my other systems and I will need it if I want to continue trying out IPFire.

I tried to understand how the OS works, but it seems to be quite non-standard (I am not an expert with Linux) that the pakfire package manager does not include tools like git and gcc; I don’t even know how to start compiling wireguard in this case.

Could you provide any instructions on doing so?

ummeegge · 10 August 2020 07:40

Hi sandbo and welcome to IPFire,
you can find git and make in the Pakfire resources as addons, gcc is available in the toolchains for the development environment. In here --> https://wiki.ipfire.org/devel you can find the references.

If you want to build and implement Wireguard by yourself on IPFire, keep in mind that the kernel moduls are signed while compilation and can not easily be integrated, a discussion about that are findable e.g. in here --> How can i use self compiled kernel module .

According to Wireguard, this article --> https://blog.ipfire.org/post/why-not-wireguard from Michael can give you an overview of a potential future handling of Wireguard on IPFire. The community platform offers also threads for this topic, just checkout the search in here.

Some infos from here.

Best,

Erik

sandbo · 10 August 2020 09:17

Thanks a lot Erik, I really appreciate your detailed reply.

At the moment I am rebuilding my workstation, and I am using a virtual router to centralize the network connection among the VMs. I have been using ClearOS ( a CentOS based router distro ) but I have mixed experience with it so far, so I am really looking forward to trying IPFire as another Linux router distro.

With my limited Linux knowledge, I guess I will first stick with ClearOS while experimenting with IPFire. An easier, and probably less efficient solution would be to have Wireguard running off a minimal ubuntu VM under IPFire’s subnet, where it connects the WG 10.0.0.0/24 to 192.168.1.0/24 of IPFire’s. May I know if there could be any security concern with that approach?

My naive understanding is that it would be the same if I am to run Wireguard under IPFire directly (if the routing is done the same way)

pmueller · 10 August 2020 15:06

Hi,

May I know if there could be any security concern with that approach?

based on the information you supplied regarding your network, I am afraid this
question is impossible to answer.

Thanks, and best regards,
Peter Müller