Community discussions

 
User avatar
bneijt
just joined
Topic Author
Posts: 3
Joined: Sun May 06, 2018 12:52 pm
Contact:

[Feature request] Wireguard

Sun May 06, 2018 1:40 pm

I would love to run Wireguard on my Mikrotik and decided, with all the news spread across the forum, to combine some posts in a new thread.


Wireguard is a encrypted tunnel technology, started in 2016 but not 1.0 yet. Wireguard will probably replace OpenVPN which is currencly only partially supported by Mikrotik anyway.
It is already being adopted: easily available in Linux, VPN providers like AzireVPN support it and open source routers like Ubiquity and OpenWRT show good performance.

Mikrotik, being Linux based but closed source, will start supporting it in the future and it may end up in v7. V7 may be an april fools joke from 2014, but it may also be in development for more then 3 years making the feature list very unpredictable at this point.

I have not been able to find any post by a Mikrotik employee on the subject yet, but interesting posts by other users are:
viewtopic.php?f=1&t=45934&p=602377&hili ... rd#p602377
viewtopic.php?f=1&t=45934&p=637573&hili ... rd#p637573
 
zaharmd
just joined
Posts: 2
Joined: Wed Oct 26, 2016 4:43 am

Re: [Feature request] Wireguard

Tue May 08, 2018 6:29 pm

+1 for WireGuard in MikroTik
MTCNA, MTCRE
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1759
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: [Feature request] Wireguard

Wed May 09, 2018 11:19 am

+1 from me
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
User avatar
bneijt
just joined
Topic Author
Posts: 3
Joined: Sun May 06, 2018 12:52 pm
Contact:

Re: [Feature request] Wireguard

Tue May 15, 2018 10:21 pm

I did a quick forum review to get a basic timeline we can expect for Wireguard support.

Going by OpenVPN:
In 2004 the first forum request was made for OpenVPN support.
With release 3.0 came the partial implementation there is today, which was around 2007.

The first Wireguard request was around Jun 11, 2017
This would mean that Mikrotik will probably release initial support around 2020
 
xtornado
just joined
Posts: 9
Joined: Sun Mar 07, 2010 8:02 pm

Re: [Feature request] Wireguard

Mon Jul 02, 2018 11:03 am

+1 for wireguard on routeros
 
User avatar
vecernik87
Member Candidate
Member Candidate
Posts: 168
Joined: Fri Nov 10, 2017 8:19 am

Re: [Feature request] Wireguard

Mon Jul 02, 2018 12:44 pm

I cannot imagine adding support before wireguard reach stable realease. Based on other similar requests, i think that mikrotik instantly refuse to implement anything what is alpha/beta stage.
 
R1CH
Long time Member
Long time Member
Posts: 598
Joined: Sun Oct 01, 2006 11:44 pm

Re: [Feature request] Wireguard

Mon Jul 02, 2018 5:35 pm

And please use the reference implementation! I'm getting tired of Mikrotik's re-implementations of software which introduce security bugs and miss important features.
 
andreax
just joined
Posts: 4
Joined: Sat Mar 07, 2015 12:16 pm

Re: [Feature request] Wireguard

Sun Jul 29, 2018 3:48 pm

+1
Waiting for it!
 
User avatar
Jotne
Member
Member
Posts: 326
Joined: Sat Dec 24, 2016 11:17 am

Re: [Feature request] Wireguard

Sun Jul 29, 2018 7:50 pm

I cannot imagine adding support before wireguard reach stable realease.
Agree that MT should not implement it before its stable, but coming with a request now is a good thing.
This will allow MT to test it and make sure it works fine when its stable and release it from day one.
 
Nefraim
just joined
Posts: 8
Joined: Fri Apr 13, 2018 10:01 pm

Re: [Feature request] Wireguard

Wed Aug 01, 2018 7:56 am

Since many of you guys were awaiting for a stable build for Wireguard, today we are even closer to that moment.
Yesterday Jason Donenfeld lead developer submited the required patches for including Wireguard into mainline linux kernels.

More info here http://lkml.iu.edu/hypermail/linux/kern ... 06622.html

While it's to late to include into Linux 4.19 which should arrive quite soon, we could see it in the next linux kernel builds.
Guess it's time for Mikrotik developers consider including Wireguard in a future release.
We want WPA3 support but also Wireguard support :roll: .
 
User avatar
vecernik87
Member Candidate
Member Candidate
Posts: 168
Joined: Fri Nov 10, 2017 8:19 am

Re: [Feature request] Wireguard

Wed Aug 01, 2018 8:41 am

Just because it gets into linux kernel does not mean it is stable, nor it is ready for implementation. Let me quote their own website:
WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come. There are experimental snapshots tagged with "0.0.YYYYMMDD", but these should not be considered real releases and they may contain security vulnerabilities (which would not be eligible for CVEs, since this is pre-release snapshot software). If you are packaging WireGuard, you must keep up to date with the snapshots.

They are clearly warning AGAINST implementing their code right now. Also it is agreeable that making own implementation is not really efficient. With this in mind, there is simply nothing, what Mikrotik developers could do right now. I already adviced to wait with the request because for now, it is just waste of everyone's time. (including my own, when I have to repeatedly point out that wireguard is barely in experimental stage)
 
ofer
just joined
Posts: 15
Joined: Wed May 23, 2018 11:45 am

Re: [Feature request] Wireguard

Wed Aug 01, 2018 11:20 am

+1 for Wireguard reference as it's currently being reviewed for kernel inclusion
http://lkml.iu.edu/hypermail/linux/kern ... 06622.html
 
Sob
Forum Guru
Forum Guru
Posts: 3267
Joined: Mon Apr 20, 2009 9:11 pm

Re: [Feature request] Wireguard

Thu Aug 02, 2018 2:34 am

While it's to late to include into Linux 4.19 which should arrive quite soon, we could see it in the next linux kernel builds.
Now the interesting question is when RouterOS gets to use that future kernel with Wireguard. So far it looks like when MikroTik likes a version, they stick with it for quite some time. But there's still a chance that Wireguard will be easily portable to older kernels.
 
chrismfz
just joined
Posts: 13
Joined: Sat Apr 07, 2007 6:27 am
Contact:

Re: [Feature request] Wireguard

Fri Aug 03, 2018 7:48 pm

+1 for Wireguard reference as it's currently being reviewed for kernel inclusion
http://lkml.iu.edu/hypermail/linux/kern ... 06622.html
It's coming....

https://www.phoronix.com/scan.php?page= ... -WireGuard

Linus Torvalds Is Hoping WireGuard Will Be Merged Sooner Rather Than Later

But when we gonna see it in Mikrotik ?
 
R1CH
Long time Member
Long time Member
Posts: 598
Joined: Sun Oct 01, 2006 11:44 pm

Re: [Feature request] Wireguard

Mon Aug 06, 2018 5:44 pm

I've been playing around with Wireguard recently and it's so refreshingly simple and fast, it makes setup of a new VPN link so easy. And the fact it uses modern, fast crypto is great - I would love to see this in RouterOS so I can finally ditch ipsec with its huge complexity and outdated crypto.

And even though it won't be hardware accelerated, chacha20-poly1305 is almost 4x faster than software AES on arm architecture!
 
User avatar
space007
just joined
Posts: 22
Joined: Tue Dec 07, 2010 12:30 pm

Re: [Feature request] Wireguard

Thu Aug 09, 2018 8:07 am

+1

After testing ipsec eoip tunnels with Mikrotik, I was deluded of the hw encryption performance. To not mention the marketing hype and the missing replay regarding this issues put fort on the forum.

Although the RosOs was the thing with 2.x-3.x with features required and needed in the networking in that time which give popularity to this company, sadly that is not the case anymore. Hardly there is any new implementation or revolution.

There is more momentum in other products. Now with x86 getting smaller, other router implementations are getting within reach.

Off topic, I know..

Sent from my Moto G (5) Plus using Tapatalk

 
User avatar
Anumrak
Long time Member
Long time Member
Posts: 683
Joined: Fri Jul 28, 2017 2:53 pm

Re: [Feature request] Wireguard

Fri Aug 10, 2018 12:03 pm

I agree with the implementation of this protocol.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4568
Joined: Mon Jun 08, 2015 12:09 pm

Re: [Feature request] Wireguard

Fri Aug 10, 2018 12:17 pm

While it's to late to include into Linux 4.19 which should arrive quite soon, we could see it in the next linux kernel builds.
Now the interesting question is when RouterOS gets to use that future kernel with Wireguard. So far it looks like when MikroTik likes a version, they stick with it for quite some time. But there's still a chance that Wireguard will be easily portable to older kernels.
For now it looks like the only realistic short-term implementation would be using a user mode daemon just like OpenVPN.
In fact the claims about requirement to have it in the kernel are quite hollow and do not add to the credibility of the developer.
 
florentrivoire
newbie
Posts: 43
Joined: Wed Feb 25, 2015 12:02 pm

Re: [Feature request] Wireguard

Sun Aug 12, 2018 1:33 pm

I would appreciate a lot a Wireguard implementation in RouterOS :)

The advantages that I see for my usage are :
  • it has a simplier VPN configuration
  • it should be faster than OpenVPN (in a single connection setup, where OpenVPN is mono-thread)

Who is online

Users browsing this forum: Google [Bot], SumTingWong and 25 guests