User:Veremit/Wireguard

WireGuard is Article description::a modern, secure VPN that utilities start-of-the-art cryptography. Its goal is to be similar, faster, and easier to configure than other VPN software stacks.

Wireguard is written and maintained by, a Gentoo developer.

Official and potentially more up-to-date installation instructions can be found upstream.

Unmasking
Currently there are no official packaged releases for WireGuard, although the live version was added to the Portage tree. Instruct Portage to allow the live repository installed by appending the following line to which will unmask the file:

Kernel
Attempting to install WireGuard without having a few specific kernel options enabled will cause the merge to fail. A few of the symbols can only be set by setting other options. Perform the necessary work to have the following symbols enabled before moving on to the next section:


 * CONFIG_NET - For basic networking support.
 * CONFIG_INET - For basic IP support.
 * CONFIG_NET_UDP_TUNNEL - For sending and receiving UDP packets.
 * CONFIG_NF_CONNTRACK - For determining the source address when constructing ICMP packets.
 * CONFIG_NETFILTER_XT_MATCH_HASHLIMIT - For ratelimiting when under DoS attacks.
 * CONFIG_IP6_NF_IPTABLES - Only if using CONFIG_IPV6 for ratelimiting when under DoS attacks.
 * CONFIG_CRYPTO_BLKCIPHER - For doing scatter-gather I/O.
 * CONFIG_PADATA - For parallel crypto, only available on multi-core machines.

Emerge
Finally, emerge the package:

Kernel module loading
Be sure to instruct the init system to load the WireGuard kernel modules when the system boots.

OpenRC
Be sure the modules service is set to run in the boot runlevel:

systemd
systemd users will need to create a new file in the directory in order to instruct the module loading service to get the module loaded on boot:

Key generation
It is necessary to generate keys before connecting to any networks. Following the conventional schema home directory layout, create a directory to hold WireGuard's keys:

Next, use the key generation to create a key pair:

External resources

 * http://lkml.iu.edu/hypermail/linux/kernel/1606.3/02833.html - The initial Request for Comments post to the Kernel Mailing List.
 * http://latacora.singles/2018/05/16/there-will-be.html - A blog post complementing WireGuard.