Future support for Wireguard

I currently have a convoluted method of getting Wireguard running on my Container Linux CoreOS nodes using torcx, prebuilt kernel modules and a second reboot.

Does anyone have any existing methods for getting Wireguard onto Fedora CoreOS and once the 5.6 kernel goes stable will Wireguard be supported under Fedora CoreOS as a first class citizen?

Thanks!

hey @seoras - you could try to build and deliver kmods via the kmods-via-containers proof of concept. I thought about doing this myself for wireguard, but considered it to be not worth the effort considering the short timeline before we get to 5.6.

As far as being a first class citizen, I think so?? What extra work would be required in order to make that true?

Thank you for that link, I’ll give that a whirl and see how I get on.

Aside from the kernel module the only other thing to make it a first class citizen would be the wg binary for configuration. There shouldn’t be a need for wg-quick or any systemd services as that could all be done by the end user via existing means.

I would hope that in the future I can simply add the wg0.conf via the typical file methods, then add a unit that would use the wg binary to create the interface, add routes and such.

For WireGuard specifically it just got pulled into the upstream kernel so you won’t have to build it as a kernel module once we get the 5.6 kernel on FCOS.

https://lists.zx2c4.com/pipermail/wireguard/2020-January/004906.html

As for the wg binary. I have Fedora packages built now. https://bodhi.fedoraproject.org/updates/?packages=wireguard-tools

@dustymabe what is the process to get this package to be considered for inclusion in FCOS?

open an issue (https://github.com/coreos/fedora-coreos-tracker/issues) where it can be discussed

Sounds good Dusty. I opened one here: https://github.com/coreos/fedora-coreos-tracker/issues/362

1 Like