Wireguard For VPN Backend

Osama Luhishi

unread,

May 5, 2019, 12:33:09 PM5/5/19

to OpenWISP

Hi,

Are there any plans to implement Wireguard as a VPN Backend? I haven't see anything on the Road map and I was curious.

Would love to help out if this something that might be taken on.

Thanks!

edoard...@gmail.com

unread,

May 6, 2019, 6:08:03 AM5/6/19

to OpenWISP

Hello

it may be a long time before someone decides to get it done it but if you are interested in

implementing it yourself it should not be too difficult to get something usable.

The conversion from NetJSON to the configuration syntax for whatever software is implemented

in a Python module called netjsonconfig, you can find the documentation here [2], but you

can also create your own backend as a plugin. Here [0] you can find more information on how

to make your own backend and make it available to netjsonconfig. As an example the

OpenVPN backend is provided by netjsonconfig but it could be extracted or superseded

by a another implementation from some other contributor.

I implemented a backend for the AirOS firmware [1] not so long ago and published it

as a plugin that you can use with netjsonconfig, you could use it as an example

to look at the structure and how the conversion process is divided into picking out

the right values, putting them into nested dictionaries and then outputting the

configuration text.

Also it would be very useful if you could look at the documentation on how to

create your own backend and provide some feedback as I guess I am the only

user of this feature and I wrote the docs a long time ago.

As a recap, yep totally doable, the effort is in figuring out an intermediate

data structure (could be just nested dictionaries) to hold the values you are

interested in and then making sure you respect the syntax of the configuration

file that wireguard expects.

If you are further interested in implementing this I can provide guidance

in writing the backend from scratch but I have seriously no idea of what

wireguard is expecting as a configuration file and if the syntax is easy to

respect.

Best of luck

[0]: http://netjsonconfig.openwisp.org/en/stable/backends/create_your_backend.html

[1]: https://github.com/edoput/netjsonconfig-airos

[2]: http://netjsonconfig.openwisp.org/en/latest/

Federico Capoano

unread,

May 6, 2019, 11:26:06 AM5/6/19

to OpenWISP

Welcome Osama,

Wireguard is very interesting, some time ago I tried to research about it but couldn't find what I look for when using a VPN in OpenWISP.

Does wireguard support a "server" mode in which one server receives all the connections?

How does wireguard handles ip address of the clients? Does it have to be defined manually, or can it be handled via DHCP? OpenVPN for example, has an internal DHCP server or it can use an existing DHCP server to assign the ip to the VPN clients.

As Edoardo wrote, it's all about knowing what kind of configuration we have to generate so we can write the schema and the converters.

Thanks for participating.

Federico

--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Radu Rambet

unread,

Jun 15, 2019, 10:21:18 AM6/15/19

to OpenWISP

Both points good:

I'm struggling to get any reasonable performance out of OpenVPN on MIPS hardware (cheap TpLinks or Chinese 10 USD things ) and wireguard may be an answer .

I did not replicate my functional model ( that use OpenVPN and it works perfect ) as I have to switch from PfSense to OPNSense .

What I want to say is that OpnSense supports wireguard trough a plugin so it's a starting point ( one end ) and YES someone could do it . If I manage to move to OPNSense then I will look into it .

It's just a matter of config but first I have to test that speed is really there . It seems that wireguard is x3 times faster on MiPS single core router and that is important as OLSR also eats CPU time and those devices are beautiful but slow.

Federico Capoano

unread,

May 10, 2021, 9:07:54 PM5/10/21

to OpenWISP

To anyone interested in Wireguard (and VXLAN over Wireguard), we're working on it:

- https://github.com/openwisp/openwisp-controller/pull/419

- https://github.com/openwisp/netjsonconfig/pull/187

- https://github.com/openwisp/ansible-wireguard-openwisp/pull/1

The README of the development branch of OpenWISP Controller explains how to set it up.

Since we're actively working on it feedback is welcome and may help us to catch shortcoming early.
Thanks!

Reply all

Reply to author

Forward