Does anyone managed to have wireguard working on Fedora 29?

[mmo...@disroot.org]

Hello,

I'm able to get wireguard working over debian when using a HVM AppVM. However I'd like to do use wireguard on the fedora template in a PVH template.
This issue that was closed marmarek states that the kernel-latest-(qubes-vm) contains wireguard module out of the box, however I don't find it anywhere.

Dies anyone managed to have wireguard working on a PVH fedora template?

Thanks!

[dhorf-hfre...@hashmail.org]

> This issue (https://github.com/QubesOS/qubes-issues/issues/3591) that

> was closed marmarek states that the kernel-latest-(qubes-vm) contains
> wireguard module out of the box, however I don't find it anywhere.

to install the kernel-latest pkg (which includes wireguard.ko):

dom0$ sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing kernel-latest-qubes-vm

pay attention to what version is being installed.
right now thats a 5.1.17 for me.
set that as kernel for your WG gateway vm via qvm-prefs or gui.

TA-DAH!

[mmo...@disroot.org]

Thanks.
However the latest kernel package is not being installed:

[xx@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing kernel-latest-qubes-vm
Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time...
Last metadata expiration check: 0:03:24 ago on Sun Jul 28 13:44:41 2019.
Package kernel-latest-qubes-vm-1000:5.1.15-1.pvops.qubes.x86_64 is already installed.
Package kernel-latest-qubes-vm-1000:5.1.2-1.pvops.qubes.x86_64 is already installed.
Package kernel-latest-qubes-vm-1000:5.1.9-1.pvops.qubes.x86_64 is already installed.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
kernel-latest-qubes-vm x86_64 1000:5.2.3-1.pvops.qubes qubes-dom0-current-testing
80 M
Removing:
kernel-latest-qubes-vm x86_64 1000:5.1.2-1.pvops.qubes @System 513 M

Transaction Summary
================================================================================
Install 1 Package
Remove 1 Package

Total size: 80 M
DNF will only download packages for the transaction.
Downloading Packages:
[SKIPPED] kernel-latest-qubes-vm-5.2.3-1.pvops.qubes.x86_64.rpm: Already downloaded
Complete!
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Qubes OS Repository for Dom0 52 MB/s | 54 kB 00:00
Package kernel-latest-qubes-vm-1000:5.1.2-1.pvops.qubes.x86_64 is already installed, skipping.
Package kernel-latest-qubes-vm-1000:5.1.9-1.pvops.qubes.x86_64 is already installed, skipping.
Package kernel-latest-qubes-vm-1000:5.1.15-1.pvops.qubes.x86_64 is already installed, skipping.
Dependencies resolved.
====================================================================================================
==========================================================================
Package Arch Version Repository Size
====================================================================================================
==========================================================================
Skipping packages with conflicts:
(add '--best --allowerasing' to command line to force their upgrade):
kernel-latest-qubes-vm x86_64 1000:5.2.3-1.pvops.qubes qubes-dom0-cached 80 M

Transaction Summary
====================================================================================================
==========================================================================
Skip 1 Package

Nothing to do.
Complete!


Any ideas how I can solve this?

Thank you!

July 28, 2019 12:46 PM, dhorf-hfre...@hashmail.org wrote:

This issue (https://github.com/QubesOS/qubes-issues/issues/3591) that

was closed marmarek states that the kernel-latest-(qubes-vm) contains
wireguard module out of the box, however I don't find it anywhere.

to install the kernel-latest pkg (which includes wireguard.ko):

[dhorf-hfre...@hashmail.org]

On Sun, Jul 28, 2019 at 12:15:42PM +0000, mmo...@disroot.org wrote:

> [xx@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing kernel-latest-qubes-vm

...

> Skipping packages with conflicts:
> (add '--best --allowerasing' to command line to force their upgrade):
> kernel-latest-qubes-vm x86_64 1000:5.2.3-1.pvops.qubes qubes-dom0-cached 80 M

...

> Any ideas how I can solve this?

both the suggested "--best --allowerasing" or an "--action=update"
should work.
(and yes, the 5.2.3 is the most recent now, it got added to the repo
about 20 minutes after my mail saying 5.1.17...)

hth.

[mmo...@disroot.org]

Thanks the package is now successfully installed!

Now I changed the kernel of my sys-firewall to point to the new kernel - 5.2.3-1 and tried to start the AppVM.
However the sys-firewall is started fine but qrexec fails and throws an error that it cannot communicate with the sys-firewall so I'm no longer able to run any command in the VM.

Is there anything missing apart from changing the kernel with the qvm-prefs?

Thanks a lot for the help!

[dhorf-hfre...@hashmail.org]

On Sun, Jul 28, 2019 at 12:34:25PM +0000, mmo...@disroot.org wrote:
> Thanks the package is now successfully installed!

good! (but actualy not required now that i think about it)

> Now I changed the kernel of my sys-firewall to point to the new kernel
> - 5.2.3-1 and tried to start the AppVM.
> However the sys-firewall is started fine but qrexec fails and throws
> an error that it cannot communicate with the sys-firewall so I'm no
> longer able to run any command in the VM.

i can confirm 5.2.3 doesnt really want to start, and i didnt see
any obvious reason for it in the console log.

> Is there anything missing apart from changing the kernel with the qvm-prefs?

no, thats all there is to it, but it needs to be a working kernel.
its in the not-enabled-by-default testing-repo for a reason.

try using the 5.1.15-1 you already have installed.

[mmo...@disroot.org]

The 5.1.15-1 was deleted with the --action=upgrade
Is there a way to reinstall the package again?

[mmo...@disroot.org]

It worked with the 5.1.15-1 !

Many thanks!

[Jon deps]

On 7/28/19 2:29 PM, mmoris-DG3qeF7...@public.gmane.org wrote:
> It worked with the 5.1.15-1 !
>
> Many thanks!
>

> July 28, 2019 3:19 PM, mmoris-DG3qeF7...@public.gmane.org wrote:
>
>> The 5.1.15-1 was deleted with the --action=upgrade
>> Is there a way to reinstall the package again?
>>

>> July 28, 2019 2:49 PM, dhorf-hfref.4a288f10-...@public.gmane.org wrote:

>>
>>> On Sun, Jul 28, 2019 at 12:34:25PM +0000, mmoris-DG3qeF7...@public.gmane.org wrote:
>>>
>>>> Thanks the package is now successfully installed!
>>>
>>> good! (but actualy not required now that i think about it)
>>>
>>>> Now I changed the kernel of my sys-firewall to point to the new kernel
>>>> - 5.2.3-1 and tried to start the AppVM.
>>>> However the sys-firewall is started fine but qrexec fails and throws
>>>> an error that it cannot communicate with the sys-firewall so I'm no
>>>> longer able to run any command in the VM.
>>>
>>> i can confirm 5.2.3 doesnt really want to start, and i didnt see
>>> any obvious reason for it in the console log.
>>>
>>>> Is there anything missing apart from changing the kernel with the qvm-prefs?
>>>
>>> no, thats all there is to it, but it needs to be a working kernel.
>>> its in the not-enabled-by-default testing-repo for a reason.
>>>
>>> try using the 5.1.15-1 you already have installed.
>

1) don't "top post"

2) in dom0 do uname -a does it say kernel 4.19 , if so you don't
need "the wg package"

3) do a little search for "tasket vpn qubes github" and try his
script per instructions

then report back

[dhorf-hfre...@hashmail.org]

mildly confused, cant resist to ask...

On Sun, Jul 28, 2019 at 05:59:05PM +0000, Jon deps wrote:

> 2) in dom0 do uname -a does it say kernel 4.19 , if so you don't need
> "the wg package"

whats "the wg package" there?
and why would it depend on the dom0 kernel?

afaict only the kernel-latest packages contain wireguard.ko
and that only since about 5.1.6 for official builds...

and wireguard makes a lot more sense in appvms than in dom0?

[mmo...@disroot.org]

>1) don't "top post"
>

>2) in dom0 do uname -a does it say kernel 4.19 , if so you don't
> need "the wg package"
>

>3) do a little search for "tasket vpn qubes github" and try his
> script per instructions
>
> then report back

I'm using kernel 4.19.43-1 so where can I find the wg module?

The search for tasket vpn qubes github results is wg being used with debian as a PVH AppVM, I guess you overlooked the initial part on the thread where I said that I want this to work in fedora and not in debian on PVH.

[Jon deps]

Hello,

I'm able to get wireguard working over debian when using a HVM AppVM.
However I'd like to do use wireguard on the fedora template in a PVH
template.

This issue (https://github.com/QubesOS/qubes-issues/issues/3591) that
was closed marmarek states that the kernel-latest-(qubes-vm) contains
wireguard module out of the box, however I don't find it anywhere.

Dies anyone managed to have wireguard working on a PVH fedora template?

--------

On 7/29/19 8:01 PM, mmoris-DG3qeF7...@public.gmane.org wrote:

>
> I'm using kernel 4.19.43-1 so where can I find the wg module?
>
> The search for tasket vpn qubes github results is wg being used with debian as a PVH AppVM, I guess you overlooked the initial part on the thread where I said that I want this to work in fedora and not in debian on PVH.
>

yes, sorry my about that post, anyway....




the 4.19 Fedora kernel doesn't include the wg module, like the deb-9
one seems to ?


if not then this sort of thing doesn't work ?
https://www.wireguard.com/install/


not sure why you having to use 'testing' in dom0 I am not, though, yes,
I used deb-9 for the template for the sys-vpn-wg

are you using Arch templates ?



just curious any particular reason for the PVH and Fedora ?