Tiny Core Linux
General TC => Programming & Scripting - Unofficial => Topic started by: GNUser on May 15, 2020, 09:12:54 AM
-
I need wireguard for my wireless router, which is powered by TCL10 32-bit.
In case it's helpful to anyone, here's how I created the wireguard kernel module:
$ tce-load -i compiletc perl5 bash ncursesw-dev bc glibc_apps elfutils-dev git
$ cd $HOME/Downloads
$ git clone https://git.zx2c4.com/wireguard-linux-compat
$ wget http://tinycorelinux.net/10.x/x86/release/src/kernel/linux-4.19.10-patched.txz
$ wget http://tinycorelinux.net/10.x/x86/release/src/kernel/config-4.19.10-tinycore
$ tar -xvf linux-4.19.10-patched.txz
$ cd linux-4.19.10
$ cp $HOME/Downloads/config-4.19.10-tinycore .config
$ $HOME/Downloads/wireguard-linux-compat/kernel-tree-scripts/jury-rig.sh $HOME/Downloads/linux-4.19.10
$ make oldconfig
-> when asked about CONFIG_WIREGUARD choose M, when asked about CONFIG_WIREGUARD_DEBUG choose as you like (I went with y)
$ make prepare scripts
$ make M=net/wireguard modules
Now $HOME/Downloads/linux-4.19.10/net/wireguard/wireguard.ko exists and can be copied to my router as /lib/modules/4.19.10-tinycore/kernel/net/wireguard/wireguard.ko
To use it, just run depmod then load the module. Note that the ipv6 module is required. So, assuming wireguard.ko has already been copied over to the router, these are the final commands to run in the router:
$ tce-load -wi ipv6-4.19.10-tinycore
$ sudo modprobe ipv6
$ sudo depmod
$ sudo modprobe wireguardDone! Now the wireguard kernel module is loaded and ready to go.
Note that in order to do anything useful with the module, you need wireguard-tools (wg and wg-quick), which can be found at https://www.wireguard.com/compilation and are trivial to compile.
I found out the hard way that wg-quick requires resolvconf or openresolv (neither of which is available in the TCL repository) and a newer version of iproute2 (for some newfangled options to the ip command) than what's available in the repository, but it was pretty easy to compile openresolv and iproute2.
-
I'm going to submit wireguard.tcz, openresolv.tcz and updated iproute2.tcz extensions for TCL10 32bit so that other users of this TCL version don't have to redo any of the above. All they'll need to do is this:
$ tce-load -wi wireguard
P.S. The extensions were submitted :)
-
I also submitted the extensions for TCL11 64-bit.
-
juanito: I separated wireguard.tcz into two separate extensions as you suggested (wireguard-tools.tcz and wireguard-KERNEL.tcz). I submitted the extensions for both TCL11 64-bit and TCL10 32-bit.
Fellow users: wireguard-tools.tcz is now the main extension that pulls in everything you need. So, assuming your (client) config file is /etc/wireguard/wg0.conf, this is how to create a VPN tunnel on TCL:
$ tce-load -wi wireguard-tools
$ sudo wg-quick up wg0
P.S. Interface name is based on the conf file (so wg0.conf creates an interface called wg0). If you prefer the interface to be named tun0, simply name the config file tun0.conf. Also, the config file can be in any location. If you use a location other than the default /etc/wireguard directory, you have to specify full path to the config file. For example:
$ sudo wg-quick up /opt/goodies/wg0.conf
-
Hi GNUser
... If you prefer the interface to be named tun0, simply name the config file tun0.conf. ...
Just a heads up, if you run:
ifconfig -aone of the interface names returned is called tunl0. I don't really know what its purpose is, just wanted to point it out.
-
Thanks for the heads-up, Rich. I have tunl0, too, even when no vpn interface exists. I'm not sure what tunl0's purpose is, but it doesn't seem to have anything to do with vpn.
The reason I mention tun0 is that the venerable openvpn creates tun0 by default. Because I used openvpn for a long time, all my firewall/networking scripts assume the vpn interface is named tun0. By having wireguard name its interface tun0, wireguard has been for me a drop-in replacement for openvpn :)
P.S. In my limited experience, I've found that a vpn connection created with wireguard is more stable than one created with openvpn. I used to have a script in my router that would kill openvpn and restart it every six hours, since after six hours there would sometimes be dropped connections. With wireguard, my router connected to vpn provider 10 days ago and the connection has been solid for 240 hours and counting!
-
Posted - thanks for your contribution :)
-
You're welcome. It's my pleasure to contribute to such a fine project :)
-
Hi GNUser
Thanks for the heads-up, Rich. I have tunl0, too, even when no vpn interface exists. I'm not sure what tunl0's purpose is, but it doesn't seem to have anything to do with vpn. ...
I mention it on the off chance someone decides to name their interface tunl0 and it results in a conflict.
-
juanito - When you have time, please also post the extensions for TCL10 32-bit. My local mirror is restless until it is in sync with the official repository ;)
-
I didn't see any wireguard extensions for 32-bit?
-
Hmmm. Maybe it got lost in transit. I just re-submitted it.
-
small tip after wasting some of my time with this: you really only need wg.
wg-quick doesn't support most scenarios...
the only thing you lose is the automatically added ip address and route, but that's only 2 lines of shell script ;)
-
Very true. wg is the main tool. wg-quick is just a simple shell script that automates the steps required for typical/basic usage.
-
Any chance we could get the wireguard tczs for arm (rpi in my case)?
-
I'm trying to follow the original topic's instructions, but it seems several extensions and the kernel config are missing for the arm6 release:
ncursesw-dev
elfutils-dev
and the kernel config at http://tinycorelinux.net/11.x/armv6/releases/RPi/src/
Is it possible to compile wireguard for tinycore arm6?
-
Hi ramblurr
Welcome to the forum.
... the kernel config are missing for the arm6 ...
Courtesy of Paul_123:
sudo modprobe configs
zcat /proc/config.gz > <path to kernel source>/.config
... ncursesw-dev ...
The static libraries listed here and the shared objects in ncurses.tcz.list all have a w suffix:
http://tinycorelinux.net/11.x/armv6/tcz/ncurses-dev.tcz.list
http://tinycorelinux.net/11.x/armv6/tcz/ncurses.tcz.list
-
AFAIK, Wireguard did not make it into the official kernel until 5.9.y (Maybe not until 5.10.y). And has not been officially backported. I realize there are wireguard supported backports, but I'm not willing to deal with those.
If someone wants to take on creating the kernel modules and utils, we would gladly accept the contribution.
-
ncursesw-dev
elfutils-dev
The piCore equivalents are ncurses-dev and libelf-dev