Uberspace
Guide for wireguard
Add a guide for wireguard (go implementation https://git.zx2c4.com/wireguard-go/about/ ) to span mutliple uberpaces as an alternative to ssh tunnels
The project says "YOU SHOULD NOT RUN THIS ON LINUX", but does not provide any reasons, except for there being a presumably faster/better kernel module. Can you please take a look, if there are any more substantial ones?
The original wireguard won't work, because it requires a kernel module. The Go version linked above could work, if you want to give it a try and write a guide!
Looks like I need some permissions to create the interface:
ERROR: (wg0) 2020/01/27 17:17:32 Failed to create TUN device: operation not permitted
I tried BoringTun and got a similar result:
Failed to initialize tunnel: IOCtl("Operation not permitted")
@keith24 thanks for trying this out. I would love to see Wireguard support in Uberspace. Sad to hear that the userspace implementations (Rust & Go) cannot be installed (yet?).
@luto I know this repo is about the Uberspace documentation, but any chance that the Uberspace ops team could have a closer look at the Wireguard installation?
The rust and go implementations need to create TUN devices just like the in-kernel one. We cannot allow users to modify the network configuration. So wireguard won't work on an uberspace for the same reasons all the other VPN solutions won't work. A notable exception being the good, old (and still active!) sshuttle.
If there is a way to run wireguard without a TUN devices, feel free to reopen this issue and submit a guide!
Sorry, folks.
The program onetun can create a wireguard tunnel for a single IP:port in userland. This can be used on Uberspace and with a web backend it can also be used to make the http service available via https.
