WireGuard for FreeBSD

WireGuard for FreeBSD

[Jason A. Donenfeld]

[cross-posted to the WireGuard mailing list]

Hello FreeBSD Ports List,

I'm the author of WireGuard [1], a secure network tunnel protocol [2]
and a set of implementations of it. It was originally designed for the
Linux kernel, but we're now beginning to have implementations for
other platforms. Recently, parts of the Internet got excited [3] when
we put a Darwin version in Homebrew. The last few days Brian (CC'd)
and I have been working on getting an implementation running on
FreeBSD, and things are coming along pretty smoothly.

I'm not entirely familiar with the ports/pkg adding process, and so I
was hoping to find somebody who is part of the FreeBSD community to
adopt WireGuard and help maintain packages for it. We currently have
packages for many Linux distros [4], but FreeBSD will be the first
open source BSD project. There are two packages to add:

1. wireguard-tools, providing wg(8) and wg-quick(8)
Runtime dependencies: bash, wireguard-go
Buildtime dependencies: gmake, c compiler, libc
Build: gmake -C src/tools WITH_WGQUICK=yes
Install: gmake -C src/tools PREFIX=/usr/local install
URL template: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-VERSION.tar.xz

2. wireguard-go
Runtime dependencies: none
Buildtime dependencies: gmake, go
Build: export GOPATH=$(pwd)/gopath; go get -d; gmake
Install: gmake PREFIX=/usr/local install
URL template: https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-VERSION.tar.xz

For reference, these two packages in Homebrew look like this:
https://github.com/Homebrew/homebrew-core/blob/master/Formula/wireguard-tools.rb
https://github.com/Homebrew/homebrew-core/blob/master/Formula/wireguard-go.rb

And for your horror, I've made a please-dont-pipe-like-that
copy-and-paste install script:
# curl https://xn--4db.cc/0BwTeeYe | sh

That script won't work as-is at the moment, since I haven't yet tagged
tarballs with FreeBSD support, but in the coming days, I'll tag one
that has this latest FreeBSD code in it. (In the meantime, you can run
`# curl https://xn--4db.cc/0BwTeeYe | sh /dev/stdin --master` to get
it from git master.) I was hoping that in the time between now and
then, we might find somebody willing and interested in packaging this
properly.

Does this sound fun to anyone?

Best regards,
Jason


[1] https://www.wireguard.com/
[2] https://www.wireguard.com/papers/wireguard.pdf
[3] http://latacora.singles/2018/05/16/there-will-be.html
[4] https://www.wireguard.com/install/

Re: WireGuard for FreeBSD

[Outback Dingo]

On Mon, May 21, 2018 at 5:35 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> [cross-posted to the WireGuard mailing list]
>
> Hello FreeBSD Ports List,
>
> I'm the author of WireGuard [1], a secure network tunnel protocol [2]
> and a set of implementations of it. It was originally designed for the
> Linux kernel, but we're now beginning to have implementations for
> other platforms. Recently, parts of the Internet got excited [3] when
> we put a Darwin version in Homebrew. The last few days Brian (CC'd)
> and I have been working on getting an implementation running on
> FreeBSD, and things are coming along pretty smoothly.
>
> I'm not entirely familiar with the ports/pkg adding process, and so I
> was hoping to find somebody who is part of the FreeBSD community to
> adopt WireGuard and help maintain packages for it. We currently have
> packages for many Linux distros [4], but FreeBSD will be the first
> open source BSD project. There are two packages to add:
>
> 1. wireguard-tools, providing wg(8) and wg-quick(8)
> Runtime dependencies: bash, wireguard-go
> Buildtime dependencies: gmake, c compiler, libc
> Build: gmake -C src/tools WITH_WGQUICK=yes
> Install: gmake -C src/tools PREFIX=/usr/local install
> URL template: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-VERSION.tar.xz
>
> 2. wireguard-go
> Runtime dependencies: none
> Buildtime dependencies: gmake, go
> Build: export GOPATH=$(pwd)/gopath; go get -d; gmake
> Install: gmake PREFIX=/usr/local install
> URL template: https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-VERSION.tar.xz
>
> For reference, these two packages in Homebrew look like this:
> https://github.com/Homebrew/homebrew-core/blob/master/Formula/wireguard-tools.rb
> https://github.com/Homebrew/homebrew-core/blob/master/Formula/wireguard-go.rb
>
> And for your horror, I've made a please-dont-pipe-like-that
> copy-and-paste install script:
> # curl https://xn--4db.cc/0BwTeeYe | sh
>
> That script won't work as-is at the moment, since I haven't yet tagged
> tarballs with FreeBSD support, but in the coming days, I'll tag one
> that has this latest FreeBSD code in it. (In the meantime, you can run
> `# curl https://xn--4db.cc/0BwTeeYe | sh /dev/stdin --master` to get
> it from git master.) I was hoping that in the time between now and
> then, we might find somebody willing and interested in packaging this
> properly.
>
> Does this sound fun to anyone?

to be honest, while it sounds nice, i for one would prefer to see a
kernel module ported to FreeBSD instead of userland
second to that, building a freebsd port of it is not all that hard,
however that being said, it also needs to be accepted
upstream and committed by a ports maintainer, while i can help with
creating it, i still feel a kernel module is a better fit

>
> Best regards,
> Jason
>
>
> [1] https://www.wireguard.com/
> [2] https://www.wireguard.com/papers/wireguard.pdf
> [3] http://latacora.singles/2018/05/16/there-will-be.html
> [4] https://www.wireguard.com/install/
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: WireGuard for FreeBSD

[Jason A. Donenfeld]

On Tue, May 22, 2018 at 2:33 AM, Outback Dingo <outbackdingo@gmail.com> wrote:
> to be honest, while it sounds nice, i for one would prefer to see a
> kernel module ported to FreeBSD instead of userland
> second to that, building a freebsd port of it is not all that hard,
> however that being said, it also needs to be accepted
> upstream and committed by a ports maintainer, while i can help with
> creating it, i still feel a kernel module is a better fit

I too would prefer this, and maybe at some point down the line I'll
put some real time and effort into porting WireGuard from the Linux
kernel to kFreeBSD. But it's not the case that it's "not that hard";
doing so will be a pretty serious undertaking. That's going to take a
lot of time. Until that day arrives, what you speak of doesn't exist.
What we have instead today is tons of hard work that's gone into
bringing a userspace implementation.

So please, don't derail the current efforts in favor of an effort that
doesn't even exist at the moment.

Re: WireGuard for FreeBSD

[Jason A. Donenfeld]

On Mon, May 21, 2018 at 11:35 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> 2. wireguard-go
> Runtime dependencies: none
> Buildtime dependencies: gmake, go
> Build: export GOPATH=$(pwd)/gopath; go get -d; gmake
> Install: gmake PREFIX=/usr/local install
> URL template: https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-VERSION.tar.xz

This has now been simplified slightly and uses proper vendoring of dependencies:

Runtime dependencies: none
Buildtime dependencies: gmake, go, dep
Build: gmake
Install: gmake PREFIX=/usr/local install
URL template: https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-VERSION.tar.xz

Re: WireGuard for FreeBSD

[Jörg Thalheim]

On 2018-05-22 02:44, Jason A. Donenfeld wrote:
> On Tue, May 22, 2018 at 2:33 AM, Outback Dingo <outbackdingo@gmail.com> wrote:
> I too would prefer this, and maybe at some point down the line I'll
> put some real time and effort into porting WireGuard from the Linux
> kernel to kFreeBSD. But it's not the case that it's "not that hard";
> doing so will be a pretty serious undertaking. That's going to take a
> lot of time. Until that day arrives, what you speak of doesn't exist.
> What we have instead today is tons of hard work that's gone into
> bringing a userspace implementation.
>
> So please, don't derail the current efforts in favor of an effort that
> doesn't even exist at the moment.

Submitting ports here worked for me in the past:

  https://bugs.freebsd.org/bugzilla/query.cgi

They are not picky usually. I am not using FreeBSD these days so.

> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: WireGuard for FreeBSD

[Jason A. Donenfeld]

[-- Attachment #1: Type: text/plain, Size: 1477 bytes --]

On Thu, May 24, 2018, 00:22 Jörg Thalheim <joerg@higgsboson.tk> wrote:

> On 2018-05-22 02:44, Jason A. Donenfeld wrote:
> > On Tue, May 22, 2018 at 2:33 AM, Outback Dingo <outbackdingo@gmail.com>
> wrote:
> > I too would prefer this, and maybe at some point down the line I'll
> > put some real time and effort into porting WireGuard from the Linux
> > kernel to kFreeBSD. But it's not the case that it's "not that hard";
> > doing so will be a pretty serious undertaking. That's going to take a
> > lot of time. Until that day arrives, what you speak of doesn't exist.
> > What we have instead today is tons of hard work that's gone into
> > bringing a userspace implementation.
> >
> > So please, don't derail the current efforts in favor of an effort that
> > doesn't even exist at the moment.
>
> Submitting ports here worked for me in the past:
>
>   https://bugs.freebsd.org/bugzilla/query.cgi
>
> They are not picky usually. I am not using FreeBSD these days so.
>

Looks like things are underway and mostly done now, with the remaining
blocker being me tagging a snapshot, which I plan to do soon.





> > _______________________________________________
> > WireGuard mailing list
> > WireGuard@lists.zx2c4.com
> > https://lists.zx2c4.com/mailman/listinfo/wireguard
>
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>

[-- Attachment #2: Type: text/html, Size: 2789 bytes --]