Please bump version

[keatontaylor]

Snapshot v0.0.20190531-9 provides a new feature enhancement that allows for inner packet fragmentation of packets exiting the wireguard interface bound as UDP packets for the endpoint.

This is extremely valuable for tiered wireguard installations and UDP in UDP payloads with don't fragment bit set that you still want to traverse the tunnel.

Asking for a version bump to get all that fragmentation goodness (when neeeded)

[phillipmcmahon]

I did see a comment somewhere that Lochnair is no longer using ubnt devices. Not sure how true that is or whether this affects this package...

@Lochnair will new packages be released?

[aswild]

If anyone wants to build their own package, I finally published and documented my build scripts: https://github.com/aswild/vyatta-wireguard-build

There's a e300 firmware v2.0.x package in the Github releases, but other Cavium based platforms can be supported by getting the appropriate kernel source tarball and changing the ER_BOARD variable in build.sh

[phillipmcmahon]

Thanks so much for that.

I installed a debian VM with all packages needed and it worked like a charm. This was primarily to test whether I had the right setup.

I am running the 1.10.9 firmware on the ER-6P (e300 platform) and wish to target that. From the firmware download, I pulled the GPL file, extracted the kernel tgz, named it correctly and dropped it in the src folder.

Ran a ./build.sh clean and then a ./build.sh which throws the following error;

/home/phillipmcmahon/vyatta-wireguard-build/src/kernel/scripts/kconfig/Makefile:105: recipe for target 'ubnt_er_e300_defconfig' failed make[1]: *** [ubnt_er_e300_defconfig] Error 1 Makefile:506: recipe for target 'ubnt_er_e300_defconfig' failed make: *** [ubnt_er_e300_defconfig] Error 2

After looking through your build.sh I am unsure where to go next. Any pointers would be appreciated.

[Lochnair]

Hey folks, apologies for my absence.

I've pushed packages for the latest snapshot tonight. As mentioned in the release notes, the v2.0 ones are untested.

It's true that I didn't use my UBNT devices for a while, but I ended up going back to them. And besides, even when I didn't, I still kept the packages updated.

Either way, the current situation is in no way ideal. As anyone who's been around for a while knows - updates of these packages are in no way timely, and it's not unusual that they're lagging behind by a matter of weeks.

QA is non-existent, as @phillipmcmahon and others became painfully aware of when #97 happened, in part due to my lack of devices to test on. Someone did offer to donate a couple of devices for testing purposes in that thread IIRC, but I can't accept them in good conscience as things currently stand.

The config templates are (by nature) still a mess, and I've refused to touch them for a long time because they give me a headache. And so we have multiple outstanding bugs that have never been fixed.

In a way one could argue that this project is on life support, and has been for a good while. That is to say. I've only kept the binaries up-to-date, albeit slowly, leaving everything else alone. Just to be clear, I'm not pulling the plug, nor do I intend to anytime soon.

/rant

[bits01]

@Lochnair we appreciate your work very much. Thank you.

[phillipmcmahon]

@Lochnair agreed. totally appreciate your work here.

[aswild]

Same here @Lochnair, I love that this package exists and appreciate the time put into it.

I can offer some of my time to help develop/update vyatta-wireguard, though I only have an ER-4 with the v2.0 firmware to test on. I can look into learning how to work with the config templates/nodes if there's open bugs to be fixed there. Since EdgeOS is based on Vyatta, could it be possible to install normal Vyatta in a VM for development purposes, or has Ubiquiti made too many changes to Vyatta for that to be worthwhile?

[abulgatz]

Hey @Lochnair thanks for all of your work!

Just to be clear, the v2.0 packages are for the v2 EdgeRouter firmware (latest being 2.0.3), and you haven't tested them?

[Lochnair]

@aswild
I'd appreciate that. Thing is, I'm not sure if it's worth putting any effort into the current templates, because in hindsight, we should never have put any logic into them (except for value validation).

A lot of the pain here comes from the fact that we have logic split over multiple templates. For example route-allowed-ips is touched upon in both interfaces wireguard <wgX> and interfaces wireguard<wgX> peer <pub>.

Ideally I'd like to see everything moved into a script of some sort (Python?), but just how that would be structured I'm not sure. We'd need to constrain ourselves though, because every Perl/Python script we load incurs extra loading time IIRC.

Not sure about the VM, Ubiquiti has changed quite a lot, not sure if we're using anything that doesn't exist on the last Vyatta release.

[Lochnair]

@abulgatz
Correct. I'm not able to test the v2.0 ones until I recover the ER-X.

[abulgatz]

@Lochnair would you be interested in me shipping you a spare ER-X-SFP?

It may have some storage issues, but it runs for a few days between reboots.

[Lochnair]

@abulgatz I'd appreciate that, if the shipping costs are not too high at least. Please send me an email about it (address is on my profile)

[keatontaylor]

@Lochnair I'm also happy to provide testing for the ER-12, maybe we can make a community wiki so that others with the device can post if everything seems to be working normally.

[broizter]

New version available (v0.0.20190913).

[broizter]

New version available again (0.0.20191012).