Re: WireGuard for FreeBSD

[Chris H]

On Fri, 25 May 2018 12:05:40 +0200 "Jan Bramkamp"  said


On 25.05.18 09:29, Bernhard Fröhlich wrote:
> On Fri, May 25, 2018 at 12:24 AM, Chris H  wrote:
>> On Thu, 24 May 2018 22:16:42 +0200 "Bernhard Froehlich" 
>> said
>>
>>> Am 24.05.2018 21:06 schrieb Chris H :

 On Thu, 24 May 2018 19:39:22 +0200 "Jason A. Donenfeld"
 
 said >
> Hi Chris, > > > > On Thu, May 24, 2018 at 3:38 PM, Chris H
>  wrote: > > > I should have no trouble
> introducing
> Wireguard to the ports system today.
 I'm not a native fluent speaker of FreeBSDese, but my
 understanding is: > > a) Bernhard committed the two new packages to
> ports
 today. > > b) If you update ports with portsnap, you can build them
> locally.
>> c) If you run `pkg install wireguard`, it fails because the build >
> >
 servers haven't gotten to them and won't for several days. > > > >
> Does your
 statement about "introducing WireGuard to the ports system" > > mean
> that
 you intend to rectify (c) immediately, so we don't have to > > wait
> several
 days for the build snapshot scripts to tick in cron? Or > > is it
> mostly
 just related to not realizing (a)? > Sigh... > It was my understanding
> that
 when I stepped up to adopt WireGuard, > and your ack to that. That *I*
> would
 be adding the port. I wasn't able > to produce the port that same, or
> next
 day, as I am already Maintainer > for nearly 150 ports. I have no
> trouble
 with that list, except that > clang/llvm v5, and shortly after v6
> became the
 default versions in $BASE. > Which introduced a few pr(1)'s I needed
> to deal
 with. > Now all the time I have spent researching, and staging to
> build the
 port > have been laid to waste. Apparently you rescinded, and gave it
> to
 Bernhard. > This project doesn't feel like a good match to me. > No
> hard
 feelings, Bernhard. Have fun with the port.
>>> Hi Chris,
>>>
>>> I'm sorry that I was confusing people which was really not my intention. I
>>> have also seen your ACK to create the ports and replied to you in private
>>> to
>>> offer my help. Then I joined in IRC and just wanted to get an idea how far
>>> the FreeBSD support was. I ended up creating two very rough ports which
>>> did
>>> build but not pass poudriere and called it a day. I also did send you and
>>> the
>>> list a mail to avoid duplicate work - and hoped you take it as a base.
>>>
>>> But I did not get any reply on the next day so I kept going and finished
>>> the
>>> ports yesterday with some good help from upstream.
>>>
>>> Sorry for how that developed but I hoped you get in contact with either me
>>> or
>>> upstream which neither happened. We usually do not have the problem that
>>> too
>>> many people want to help out so I did not expect that this will be a
>>> problem
>>> for anyone.
>>
>> Ahem. OK thank you for the kind words, and intentions, Bernhard. Like I
>> said;
>> no hard feelings. If you've already gotten that far. You might as well
>> finish.
>> FWIW while you *did* indeed shoot me, and the list a couple of notes. I was
>> never under the impression you were going to take it so far. Which
>> *ultimately*
>> left everyone concerned believing *you* were going to maintain it.
>> I only mention it, in hopes all of us might use the --verbose switch in the
>> future, in hopes of avoiding this sort of nonsense. :-) :-)
>>
>> Thanks again, Bernhard!
>>
>> --Chris
>>
>> P.S. just in case it wasn't clear; feel free to finish, and submit your
>> work.
>> P.P.S. Just so you (and everyone else) knows; I'm already working on the
>> kernel module. Please keep in touch, should you also be interested, and
> have
>> any work of your own.
> 
> Hi chris,
> 
> to be crystal clear about that. My motivation is not to be maintainer

> of any specific
> port or anything like that but only to have technology available on
> FreeBSD that I
> personally need and/or want.
> 
> Usually for more complex ports this did lead to team efforts on our porting

> work
> which was also what I did expect to happen for wireguard. Well it
> turned out to be
> easier than thought and upstream was also very helpful so in the end
> that was more
> like a one day of work effort to get the basic ports.
> 
> Nevertheless I would still be very happy to increase the bus factor

> and team up with
> multiple people to maintain wireguard. I think there will be more work
> to be done in the
> near future for wireguard on FreeBSD where a team effort would speed
> up things for
> sure:
> 
> - we need to support FreeNAS and pfsense to get it into their package

> systems
> - documentation is still needed because it differs a bit from upstream
> documentation (Handbook page?)
> - wireguard kernel module (can that work already 

Re: WireGuard for FreeBSD

[Jan Bramkamp]

On 25.05.18 15:11, Bernhard Fröhlich wrote:

On Fri, May 25, 2018 at 12:05 PM, Jan Bramkamp  wrote:



On 25.05.18 09:29, Bernhard Fröhlich wrote:


On Fri, May 25, 2018 at 12:24 AM, Chris H  wrote:


On Thu, 24 May 2018 22:16:42 +0200 "Bernhard Froehlich"

said


Am 24.05.2018 21:06 schrieb Chris H :



On Thu, 24 May 2018 19:39:22 +0200 "Jason A. Donenfeld"

said >


Hi Chris, > > > > On Thu, May 24, 2018 at 3:38 PM, Chris H
 wrote: > > > I should have no trouble
introducing
Wireguard to the ports system today.


I'm not a native fluent speaker of FreeBSDese, but my
understanding is: > > a) Bernhard committed the two new packages to
ports
today. > > b) If you update ports with portsnap, you can build them
locally.


c) If you run `pkg install wireguard`, it fails because the build




servers haven't gotten to them and won't for several days. > > > >
Does your
statement about "introducing WireGuard to the ports system" > >
mean that
you intend to rectify (c) immediately, so we don't have to > > wait
several
days for the build snapshot scripts to tick in cron? Or > > is it
mostly
just related to not realizing (a)? > Sigh... > It was my
understanding that
when I stepped up to adopt WireGuard, > and your ack to that. That
*I* would
be adding the port. I wasn't able > to produce the port that same,
or next
day, as I am already Maintainer > for nearly 150 ports. I have no
trouble
with that list, except that > clang/llvm v5, and shortly after v6
became the
default versions in $BASE. > Which introduced a few pr(1)'s I
needed to deal
with. > Now all the time I have spent researching, and staging to
build the
port > have been laid to waste. Apparently you rescinded, and gave
it to
Bernhard. > This project doesn't feel like a good match to me. > No
hard
feelings, Bernhard. Have fun with the port.


Hi Chris,

I'm sorry that I was confusing people which was really not my intention.
I
have also seen your ACK to create the ports and replied to you in
private
to
offer my help. Then I joined in IRC and just wanted to get an idea how
far
the FreeBSD support was. I ended up creating two very rough ports which
did
build but not pass poudriere and called it a day. I also did send you
and
the
list a mail to avoid duplicate work - and hoped you take it as a base.

But I did not get any reply on the next day so I kept going and finished
the
ports yesterday with some good help from upstream.

Sorry for how that developed but I hoped you get in contact with either
me
or
upstream which neither happened. We usually do not have the problem that
too
many people want to help out so I did not expect that this will be a
problem
for anyone.



Ahem. OK thank you for the kind words, and intentions, Bernhard. Like I
said;
no hard feelings. If you've already gotten that far. You might as well
finish.
FWIW while you *did* indeed shoot me, and the list a couple of notes. I
was
never under the impression you were going to take it so far. Which
*ultimately*
left everyone concerned believing *you* were going to maintain it.
I only mention it, in hopes all of us might use the --verbose switch in
the
future, in hopes of avoiding this sort of nonsense. :-) :-)

Thanks again, Bernhard!

--Chris

P.S. just in case it wasn't clear; feel free to finish, and submit your
work.
P.P.S. Just so you (and everyone else) knows; I'm already working on the
kernel module. Please keep in touch, should you also be interested, and
have
any work of your own.



Hi chris,

to be crystal clear about that. My motivation is not to be maintainer
of any specific
port or anything like that but only to have technology available on
FreeBSD that I
personally need and/or want.

Usually for more complex ports this did lead to team efforts on our
porting work
which was also what I did expect to happen for wireguard. Well it
turned out to be
easier than thought and upstream was also very helpful so in the end
that was more
like a one day of work effort to get the basic ports.

Nevertheless I would still be very happy to increase the bus factor
and team up with
multiple people to maintain wireguard. I think there will be more work
to be done in the
near future for wireguard on FreeBSD where a team effort would speed
up things for
sure:

- we need to support FreeNAS and pfsense to get it into their package
systems
- documentation is still needed because it differs a bit from upstream
documentation (Handbook page?)
- wireguard kernel module (can that work already be seen somewhere?
upstream will be interested for sure)
- rc script(s)
- the regular maintenance for the port



The wireguard userspace tooling isn't that simple to use reliably. You have
to spawn the wireguard-go process before the config can be loaded and it can
die in the meantime and to you want to terminate it and destroy the tun
interface if the config contains errors. Doing this without 

Re: WireGuard for FreeBSD

[Jan Bramkamp]

On 24.05.18 13:07, Jason A. Donenfeld wrote:

On Thu, May 24, 2018 at 12:43 PM, Jan Bramkamp  wrote:

Did I understand correctly that both these ports are userspace
implementations and have a similar per packet overhead to OpenVPN and fastd?


Indeed they're userspace ports. Maybe down the line this will be
ported to the FreeBSD kernel like we have on Linux.
However, performance wise, even the userspace implementation seems to
have better performance than OpenVPN in my testing.


I tried wireguard-go on OpenBSD and FreeBSD. I want to use WireGuard as 
replacement for OpenVPN point to point tunnels with dynamic routing 
(OSPF, iBGP). Especially this requires the right interface flags for the 
tun interface. So far wireguard-go on *BSD configures the tun interfaces 
as multicast incapable, broadcast interface which confuses the OpenBSD 
OSPF daemon completely and doesn't make any sense for a point to point 
tunnel. I get that wireguard-go tries to fake point to multipoint 
support that way. Is there a better solution than changing the hardwired 
argument ioctl() in tun/tun_*bsd.go?

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

[Jan Bramkamp]

On 25.05.18 09:29, Bernhard Fröhlich wrote:

On Fri, May 25, 2018 at 12:24 AM, Chris H  wrote:

On Thu, 24 May 2018 22:16:42 +0200 "Bernhard Froehlich" 
said


Am 24.05.2018 21:06 schrieb Chris H :


On Thu, 24 May 2018 19:39:22 +0200 "Jason A. Donenfeld"

said >

Hi Chris, > > > > On Thu, May 24, 2018 at 3:38 PM, Chris H
 wrote: > > > I should have no trouble introducing
Wireguard to the ports system today.

I'm not a native fluent speaker of FreeBSDese, but my
understanding is: > > a) Bernhard committed the two new packages to ports
today. > > b) If you update ports with portsnap, you can build them locally.

c) If you run `pkg install wireguard`, it fails because the build > >

servers haven't gotten to them and won't for several days. > > > > Does your
statement about "introducing WireGuard to the ports system" > > mean that
you intend to rectify (c) immediately, so we don't have to > > wait several
days for the build snapshot scripts to tick in cron? Or > > is it mostly
just related to not realizing (a)? > Sigh... > It was my understanding that
when I stepped up to adopt WireGuard, > and your ack to that. That *I* would
be adding the port. I wasn't able > to produce the port that same, or next
day, as I am already Maintainer > for nearly 150 ports. I have no trouble
with that list, except that > clang/llvm v5, and shortly after v6 became the
default versions in $BASE. > Which introduced a few pr(1)'s I needed to deal
with. > Now all the time I have spent researching, and staging to build the
port > have been laid to waste. Apparently you rescinded, and gave it to
Bernhard. > This project doesn't feel like a good match to me. > No hard
feelings, Bernhard. Have fun with the port.

Hi Chris,

I'm sorry that I was confusing people which was really not my intention. I
have also seen your ACK to create the ports and replied to you in private
to
offer my help. Then I joined in IRC and just wanted to get an idea how far
the FreeBSD support was. I ended up creating two very rough ports which
did
build but not pass poudriere and called it a day. I also did send you and
the
list a mail to avoid duplicate work - and hoped you take it as a base.

But I did not get any reply on the next day so I kept going and finished
the
ports yesterday with some good help from upstream.

Sorry for how that developed but I hoped you get in contact with either me
or
upstream which neither happened. We usually do not have the problem that
too
many people want to help out so I did not expect that this will be a
problem
for anyone.


Ahem. OK thank you for the kind words, and intentions, Bernhard. Like I
said;
no hard feelings. If you've already gotten that far. You might as well
finish.
FWIW while you *did* indeed shoot me, and the list a couple of notes. I was
never under the impression you were going to take it so far. Which
*ultimately*
left everyone concerned believing *you* were going to maintain it.
I only mention it, in hopes all of us might use the --verbose switch in the
future, in hopes of avoiding this sort of nonsense. :-) :-)

Thanks again, Bernhard!

--Chris

P.S. just in case it wasn't clear; feel free to finish, and submit your
work.
P.P.S. Just so you (and everyone else) knows; I'm already working on the
kernel module. Please keep in touch, should you also be interested, and have
any work of your own.


Hi chris,

to be crystal clear about that. My motivation is not to be maintainer
of any specific
port or anything like that but only to have technology available on
FreeBSD that I
personally need and/or want.

Usually for more complex ports this did lead to team efforts on our porting work
which was also what I did expect to happen for wireguard. Well it
turned out to be
easier than thought and upstream was also very helpful so in the end
that was more
like a one day of work effort to get the basic ports.

Nevertheless I would still be very happy to increase the bus factor
and team up with
multiple people to maintain wireguard. I think there will be more work
to be done in the
near future for wireguard on FreeBSD where a team effort would speed
up things for
sure:

- we need to support FreeNAS and pfsense to get it into their package systems
- documentation is still needed because it differs a bit from upstream
documentation (Handbook page?)
- wireguard kernel module (can that work already be seen somewhere?
upstream will be interested for sure)
- rc script(s)
- the regular maintenance for the port


The wireguard userspace tooling isn't that simple to use reliably. You 
have to spawn the wireguard-go process before the config can be loaded 
and it can die in the meantime and to you want to terminate it and 
destroy the tun interface if the config contains errors. Doing this 
without ugly hacks isn't possible given the interfaces offered by 
wireguard-go. It would be really nice to be able to terminate 

Re: WireGuard for FreeBSD

[Bernhard Fröhlich]

On Fri, May 25, 2018 at 12:24 AM, Chris H  wrote:
> On Thu, 24 May 2018 22:16:42 +0200 "Bernhard Froehlich" 
> said
>
>> Am 24.05.2018 21:06 schrieb Chris H :
>> >
>> > On Thu, 24 May 2018 19:39:22 +0200 "Jason A. Donenfeld"
>> > 
>> > said >
>> > > Hi Chris, > > > > On Thu, May 24, 2018 at 3:38 PM, Chris H
>> > >  wrote: > > > I should have no trouble 
>> > > introducing
>> > > Wireguard to the ports system today.
>> > > > > > I'm not a native fluent speaker of FreeBSDese, but my
>> > > > > > understanding is: > > a) Bernhard committed the two new packages 
>> > > > > > to ports
>> > > > > > today. > > b) If you update ports with portsnap, you can build 
>> > > > > > them locally.
>> > > > > > > > c) If you run `pkg install wireguard`, it fails because the 
>> > > > > > > > build > >
>> > > > > > servers haven't gotten to them and won't for several days. > > > > 
>> > > > > > Does your
>> > > > > > statement about "introducing WireGuard to the ports system" > > 
>> > > > > > mean that
>> > > > > > you intend to rectify (c) immediately, so we don't have to > > 
>> > > > > > wait several
>> > > > > > days for the build snapshot scripts to tick in cron? Or > > is it 
>> > > > > > mostly
>> > > > > > just related to not realizing (a)? > Sigh... > It was my 
>> > > > > > understanding that
>> > > > > > when I stepped up to adopt WireGuard, > and your ack to that. That 
>> > > > > > *I* would
>> > > > > > be adding the port. I wasn't able > to produce the port that same, 
>> > > > > > or next
>> > > > > > day, as I am already Maintainer > for nearly 150 ports. I have no 
>> > > > > > trouble
>> > > > > > with that list, except that > clang/llvm v5, and shortly after v6 
>> > > > > > became the
>> > > > > > default versions in $BASE. > Which introduced a few pr(1)'s I 
>> > > > > > needed to deal
>> > > > > > with. > Now all the time I have spent researching, and staging to 
>> > > > > > build the
>> > > > > > port > have been laid to waste. Apparently you rescinded, and gave 
>> > > > > > it to
>> > > > > > Bernhard. > This project doesn't feel like a good match to me. > 
>> > > > > > No hard
>> > > > > > feelings, Bernhard. Have fun with the port.
>> Hi Chris,
>>
>> I'm sorry that I was confusing people which was really not my intention. I
>> have also seen your ACK to create the ports and replied to you in private
>> to
>> offer my help. Then I joined in IRC and just wanted to get an idea how far
>> the FreeBSD support was. I ended up creating two very rough ports which
>> did
>> build but not pass poudriere and called it a day. I also did send you and
>> the
>> list a mail to avoid duplicate work - and hoped you take it as a base.
>>
>> But I did not get any reply on the next day so I kept going and finished
>> the
>> ports yesterday with some good help from upstream.
>>
>> Sorry for how that developed but I hoped you get in contact with either me
>> or
>> upstream which neither happened. We usually do not have the problem that
>> too
>> many people want to help out so I did not expect that this will be a
>> problem
>> for anyone.
>
> Ahem. OK thank you for the kind words, and intentions, Bernhard. Like I
> said;
> no hard feelings. If you've already gotten that far. You might as well
> finish.
> FWIW while you *did* indeed shoot me, and the list a couple of notes. I was
> never under the impression you were going to take it so far. Which
> *ultimately*
> left everyone concerned believing *you* were going to maintain it.
> I only mention it, in hopes all of us might use the --verbose switch in the
> future, in hopes of avoiding this sort of nonsense. :-) :-)
>
> Thanks again, Bernhard!
>
> --Chris
>
> P.S. just in case it wasn't clear; feel free to finish, and submit your
> work.
> P.P.S. Just so you (and everyone else) knows; I'm already working on the
> kernel module. Please keep in touch, should you also be interested, and have
> any work of your own.

Hi chris,

to be crystal clear about that. My motivation is not to be maintainer
of any specific
port or anything like that but only to have technology available on
FreeBSD that I
personally need and/or want.

Usually for more complex ports this did lead to team efforts on our porting work
which was also what I did expect to happen for wireguard. Well it
turned out to be
easier than thought and upstream was also very helpful so in the end
that was more
like a one day of work effort to get the basic ports.

Nevertheless I would still be very happy to increase the bus factor
and team up with
multiple people to maintain wireguard. I think there will be more work
to be done in the
near future for wireguard on FreeBSD where a team effort would speed
up things for
sure:

- we need to support FreeNAS and pfsense to get it into their package systems
- documentation is still needed because it differs a bit from upstream
documentation (Handbook page?)
- 

Re: WireGuard for FreeBSD

[Bernhard Fröhlich]

On Thu, May 24, 2018 at 9:06 PM, Chris H  wrote:
> On Thu, 24 May 2018 19:39:22 +0200 "Jason A. Donenfeld" 
> said
>
>> Hi Chris,
>>
>> On Thu, May 24, 2018 at 3:38 PM, Chris H  wrote:
>> > I should have no trouble introducing Wireguard to the ports system
>> > today.
>>
>> I'm not a native fluent speaker of FreeBSDese, but my understanding is:
>> a) Bernhard committed the two new packages to ports today.
>> b) If you update ports with portsnap, you can build them locally.
>> c) If you run `pkg install wireguard`, it fails because the build
>> servers haven't gotten to them and won't for several days.
>>
>> Does your statement about "introducing WireGuard to the ports system"
>> mean that you intend to rectify (c) immediately, so we don't have to
>> wait several days for the build snapshot scripts to tick in cron? Or
>> is it mostly just related to not realizing (a)?
>
> Sigh...
> It was my understanding that when I stepped up to adopt WireGuard,
> and your ack to that. That *I* would be adding the port. I wasn't able
> to produce the port that same, or next day, as I am already Maintainer
> for nearly 150 ports. I have no trouble with that list, except that
> clang/llvm v5, and shortly after v6 became the default versions in $BASE.
> Which introduced a few pr(1)'s I needed to deal with.
> Now all the time I have spent researching, and staging to build the port
> have been laid to waste. Apparently you rescinded, and gave it to Bernhard.
> This project doesn't feel like a good match to me.
> No hard feelings, Bernhard. Have fun with the port.

(resend because the mailinglist blocked it)

Hi Chris,

I'm sorry that I was confusing people which was really not my
intention. I have also
seen your ACK to create the ports and replied to you in private to
offer my help. Then
I joined in IRC and just wanted to get an idea how far the FreeBSD
support was. I
ended up creating two very rough ports which did build but not pass
poudriere and
called it a day. I also did send you and the list a mail to avoid
duplicate work - and
hoped you take it as a base.

But I did not get any reply on the next day so I kept going and
finished the ports
yesterday with some good help from upstream.

Sorry for how that developed but I hoped you get in contact with
either me or upstream
which neither happened. We usually do not have the problem that too many people
want to help out so I did not expect that this will be a problem for anyone.

-- 
Bernhard Froehlich
http://www.bluelife.at/
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

[Chris H]

On Thu, 24 May 2018 19:39:22 +0200 "Jason A. Donenfeld"  said


Hi Chris,

On Thu, May 24, 2018 at 3:38 PM, Chris H  wrote:
> I should have no trouble introducing Wireguard to the ports system today.

I'm not a native fluent speaker of FreeBSDese, but my understanding is:
a) Bernhard committed the two new packages to ports today.
b) If you update ports with portsnap, you can build them locally.
c) If you run `pkg install wireguard`, it fails because the build
servers haven't gotten to them and won't for several days.

Does your statement about "introducing WireGuard to the ports system"
mean that you intend to rectify (c) immediately, so we don't have to
wait several days for the build snapshot scripts to tick in cron? Or
is it mostly just related to not realizing (a)?

Sigh...
It was my understanding that when I stepped up to adopt WireGuard,
and your ack to that. That *I* would be adding the port. I wasn't able
to produce the port that same, or next day, as I am already Maintainer
for nearly 150 ports. I have no trouble with that list, except that
clang/llvm v5, and shortly after v6 became the default versions in $BASE.
Which introduced a few pr(1)'s I needed to deal with.
Now all the time I have spent researching, and staging to build the port
have been laid to waste. Apparently you rescinded, and gave it to Bernhard.
This project doesn't feel like a good match to me.
No hard feelings, Bernhard. Have fun with the port.

All the best.

--Chris



Jason



___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

[Chris H]

On Thu, 24 May 2018 09:15:28 +0200 "Bernhard Fröhlich"  said


On Thu, May 24, 2018 at 3:06 AM, Jason A. Donenfeld  wrote:
> We now have a release, so the full instructions for the packages are:
>
> 1. wireguard-tools, providing wg(8) and wg-quick(8)
> Runtime dependencies: bash, wireguard-go
> Buildtime dependencies: gmake, c compiler, libc
> Build: gmake -C src/tools WITH_WGQUICK=yes
> Install: gmake -C src/tools PREFIX=/usr/local install
> URL: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20180524.tar.xz
>
> 2. wireguard-go
> Runtime dependencies: libc
> Buildtime dependencies: gmake, go, dep
> Build: gmake
> Install: gmake PREFIX=/usr/local install
> URL:
> https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-0.0.20180524.tar.xz
>
> I believe decke is already working on a port in his repository.

Ports are already updated on github. I will do some final checks and
expect to commit
the wireguard ports to the official tree today.

I should have no trouble introducing Wireguard to the ports system today.
While I could have submitted it sooner. As the Maintainer of ~130 ports. It
is not entirely unusual to have pr(1)'s to deal with. Especially with the
introduction (updrade) of clang/llvm in $BASE to v.5, and now v.6.
Thanks for your understanding.

--Chris


--
Bernhard Froehlich
http://www.bluelife.at/
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"



___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

[Jason A. Donenfeld]

On Thu, May 24, 2018 at 12:43 PM, Jan Bramkamp  wrote:
> Did I understand correctly that both these ports are userspace
> implementations and have a similar per packet overhead to OpenVPN and fastd?

Indeed they're userspace ports. Maybe down the line this will be
ported to the FreeBSD kernel like we have on Linux.
However, performance wise, even the userspace implementation seems to
have better performance than OpenVPN in my testing.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

[Jan Bramkamp]

On 24.05.18 09:15, Bernhard Fröhlich wrote:

On Thu, May 24, 2018 at 3:06 AM, Jason A. Donenfeld  wrote:

We now have a release, so the full instructions for the packages are:

1. wireguard-tools, providing wg(8) and wg-quick(8)
Runtime dependencies: bash, wireguard-go
Buildtime dependencies: gmake, c compiler, libc
Build: gmake -C src/tools WITH_WGQUICK=yes
Install: gmake -C src/tools PREFIX=/usr/local install
URL: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20180524.tar.xz

2. wireguard-go
Runtime dependencies: libc
Buildtime dependencies: gmake, go, dep
Build: gmake
Install: gmake PREFIX=/usr/local install
URL: 
https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-0.0.20180524.tar.xz

I believe decke is already working on a port in his repository.


Ports are already updated on github. I will do some final checks and
expect to commit
the wireguard ports to the official tree today.


Did I understand correctly that both these ports are userspace 
implementations and have a similar per packet overhead to OpenVPN and fastd?

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

[Bernhard Fröhlich]

On Thu, May 24, 2018 at 3:06 AM, Jason A. Donenfeld  wrote:
> We now have a release, so the full instructions for the packages are:
>
> 1. wireguard-tools, providing wg(8) and wg-quick(8)
> Runtime dependencies: bash, wireguard-go
> Buildtime dependencies: gmake, c compiler, libc
> Build: gmake -C src/tools WITH_WGQUICK=yes
> Install: gmake -C src/tools PREFIX=/usr/local install
> URL: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20180524.tar.xz
>
> 2. wireguard-go
> Runtime dependencies: libc
> Buildtime dependencies: gmake, go, dep
> Build: gmake
> Install: gmake PREFIX=/usr/local install
> URL: 
> https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-0.0.20180524.tar.xz
>
> I believe decke is already working on a port in his repository.

Ports are already updated on github. I will do some final checks and
expect to commit
the wireguard ports to the official tree today.

-- 
Bernhard Froehlich
http://www.bluelife.at/
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

[Jason A. Donenfeld]

We now have a release, so the full instructions for the packages are:

1. wireguard-tools, providing wg(8) and wg-quick(8)
Runtime dependencies: bash, wireguard-go
Buildtime dependencies: gmake, c compiler, libc
Build: gmake -C src/tools WITH_WGQUICK=yes
Install: gmake -C src/tools PREFIX=/usr/local install
URL: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20180524.tar.xz

2. wireguard-go
Runtime dependencies: libc
Buildtime dependencies: gmake, go, dep
Build: gmake
Install: gmake PREFIX=/usr/local install
URL: 
https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-0.0.20180524.tar.xz

I believe decke is already working on a port in his repository.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

[Jason A. Donenfeld]

On Mon, May 21, 2018 at 11:35 PM, Jason A. Donenfeld  wrote:
> 2. wireguard-go
> Runtime dependencies: none
> Buildtime dependencies: gmake, go
> Build: export GOPATH=$(pwd)/gopath; go get -d; gmake
> Install: gmake PREFIX=/usr/local install
> URL template: 
> https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-VERSION.tar.xz

This has now been simplified slightly and uses proper vendoring of dependencies:

Runtime dependencies: none
Buildtime dependencies: gmake, go, dep
Build: gmake
Install: gmake PREFIX=/usr/local install
URL template: 
https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-VERSION.tar.xz
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

[Jason A. Donenfeld]

Hi Bernhard,

Thanks for this. Hopefully this will be good inspiration for Chris'
research in making the official package.

Chris -- one thing to note is that Bernhard used the "-master"
tarballs, which aren't real tarballs and have changing unstable
checksums, so you'll of course want to swap this out with real
tarballs once released.

Jason
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

[Jason A. Donenfeld]

On Tue, May 22, 2018 at 2:33 AM, Outback Dingo  wrote:
> to be honest, while it sounds nice, i for one would prefer to see a
> kernel module ported to FreeBSD instead of userland
> second to that, building a freebsd port of it is not all that hard,
> however that being said, it also needs to be accepted
> upstream and committed by a ports maintainer, while i can help with
> creating it, i still feel a kernel module is a better fit

I too would prefer this, and maybe at some point down the line I'll
put some real time and effort into porting WireGuard from the Linux
kernel to kFreeBSD. But it's not the case that it's "not that hard";
doing so will be a pretty serious undertaking. That's going to take a
lot of time. Until that day arrives, what you speak of doesn't exist.
What we have instead today is tons of hard work that's gone into
bringing a userspace implementation.

So please, don't derail the current efforts in favor of an effort that
doesn't even exist at the moment.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

[Jason A. Donenfeld]

Hi Chris,

Wonderful! Feel free to poke me on IRC -- I'm zx2c4 in #wireguard on
Freenode -- if you need any pointers in real time.

Some odds and ends that might help: to have a tarball of the latest
git master, you can use these links:

https://git.zx2c4.com/WireGuard/snapshot/WireGuard-master.tar.xz
https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-master.tar.xz

In a few days these will be released:

https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.201805XX.tar.xz
https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-0.0.201805XX.tar.xz

If you want to try setting up a quick tunnel using `wg-quick(8)`, you
can use the demo server -- for testing purposes only; please don't use
this for anything real -- via this simple script:

https://git.zx2c4.com/WireGuard/plain/contrib/examples/ncat-client-server/client-quick.sh

After it's up, you can try pinging 192.168.4.1 or visiting that in your browser.

Looking forward,
Jason
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: WireGuard for FreeBSD

[Chris H]

On Mon, 21 May 2018 23:35:45 +0200 "Jason A. Donenfeld"  said


[cross-posted to the WireGuard mailing list]

Hello FreeBSD Ports List,

I'm the author of WireGuard [1], a secure network tunnel protocol [2]
and a set of implementations of it. It was originally designed for the
Linux kernel, but we're now beginning to have implementations for
other platforms. Recently, parts of the Internet got excited [3] when
we put a Darwin version in Homebrew. The last few days Brian (CC'd)
and I have been working on getting an implementation running on
FreeBSD, and things are coming along pretty smoothly.

I'm not entirely familiar with the ports/pkg adding process, and so I
was hoping to find somebody who is part of the FreeBSD community to
adopt WireGuard and help maintain packages for it.

I'm in!
I'll start the necessary research now.
Any additional pointers, and such you think may be helpful are
greatly appreciated.

Thanks, Jason!

--Chris

We currently have
packages for many Linux distros [4], but FreeBSD will be the first
open source BSD project. There are two packages to add:

1. wireguard-tools, providing wg(8) and wg-quick(8)
Runtime dependencies: bash, wireguard-go
Buildtime dependencies: gmake, c compiler, libc
Build: gmake -C src/tools WITH_WGQUICK=yes
Install: gmake -C src/tools PREFIX=/usr/local install
URL template:
https://git.zx2c4.com/WireGuard/snapshot/WireGuard-VERSION.tar.xz

2. wireguard-go
Runtime dependencies: none
Buildtime dependencies: gmake, go
Build: export GOPATH=$(pwd)/gopath; go get -d; gmake
Install: gmake PREFIX=/usr/local install
URL template:
https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-VERSION.tar.xz

For reference, these two packages in Homebrew look like this:
https://github.com/Homebrew/homebrew-core/blob/master/Formula/wireguard-tools.rb
https://github.com/Homebrew/homebrew-core/blob/master/Formula/wireguard-go.rb

And for your horror, I've made a please-dont-pipe-like-that
copy-and-paste install script:
# curl https://xn--4db.cc/0BwTeeYe | sh

That script won't work as-is at the moment, since I haven't yet tagged
tarballs with FreeBSD support, but in the coming days, I'll tag one
that has this latest FreeBSD code in it. (In the meantime, you can run
`# curl https://xn--4db.cc/0BwTeeYe | sh /dev/stdin --master` to get
it from git master.) I was hoping that in the time between now and
then, we might find somebody willing and interested in packaging this
properly.

Does this sound fun to anyone?

Best regards,
Jason


[1] https://www.wireguard.com/
[2] https://www.wireguard.com/papers/wireguard.pdf
[3] http://latacora.singles/2018/05/16/there-will-be.html
[4] https://www.wireguard.com/install/
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"



___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"