WireGuard (Android) Configuration issues, etc.

Jordan Johnston johnstonljordan at gmail.com
Sat Dec 2 01:00:23 CET 2017


Hey Jason,

Ahhh. wg-quick indeed requires bash, and from what I gather, there
> isn't bash on your ROM. You should be able to build that easily from
> the AOSP source `mka bash`. This is one of the reasons I first
> launched the Android stuff with the local_manifest.xml hack instead of
> the standalone tools. I'll have to think about a more general purpose
> solution, but for now, I thing the best thing you can do would be to
> just add bash. If you're stuck and need help, I can probably build you
> a statically linked musl aarch64 bash that will work mostly
> everywhere.
>

you got it, sir! Bash does not ship on the Pixel stock rom! (This is
probably true of many Stock Roms).

I'd like to have a stab at building Bash. But I don't have AOSP on my
Archlinux box (I only build the kernel, plus apps in android studio).
So that may be an issue, but I can have a look at how AOSP builds bash (so
far, I can't even find the source code for AOSP/bash online though).

however, I do like your idea; you could save me a step and provide me with
bash, if it's not too much trouble for you. Although, shouldn't bash be
built against bionic libc not musl?

Alternatively, if someone is running an Oreo rom for arm64-v8a and/or the
Pixel ~ they could post a bash binary - that might work for me.


> We might wind up wanting that statically compiled bash for the .zip.
> Based on your findings above, we can adjust this plan accordingly.
> Having the flashable .zip infra seems like a good idea either way.


Shipping a statically compiled version of bash would be the best solution,
for sure. That would cover everybody.

We don't use this list for commercial providers -- they have their own
> private support emails and contact methods -- but I can help you with
> the free non-commericial demo server -- demo.wireguard.com.
>

I never tried connecting to your server, but next time that is what I will
do, first.


> Makes sense. It might make the most sense to just head into #wireguard
> on Freenode too, where we can troubleshoot basic how-to things in real
> time.
>

Will do, but I'll need to sort out bash, first.

Oh, wonderful! Don't hesitate to send patches to this list for that stuff.
>

Yeah, I've found the WireGuard android app repository and downloaded the
sources. So I will take a look and see if I can't make it play nice with
Oreo on boot. If i can get that working okay, I will send patches for sure.

I'll update the demo.wireguard.com scripts in the repo in a bit to
> make them slightly more simple and support v6, like the attached, but
> thought you might benefit from this now.
>
> zx2c4 at thinkpad ~ $ ./client.sh > /etc/wireguard/demo.conf
> zx2c4 at thinkpad ~ $ wg-quick up demo
> [#] ip link add demo type wireguard
> [#] wg setconf demo /dev/fd/63
> [#] ip address add 192.168.4.178/32 dev demo
> [#] ip link set mtu 1420 dev demo
> [#] ip link set demo up
> [#] resolvconf -a tun.demo -m 0 -x
> [#] wg set x fwmark 51820
> [#] ip -4 route add 0.0.0.0/0 dev demo table 51820
> [#] ip -4 rule add not fwmark 51820 table 51820
> [#] ip -4 rule add table main suppress_prefixlength 0
> zx2c4 at thinkpad ~ $ curl -4 zx2c4.com/ip
> 163.172.161.0
> demo.wireguard.com
> curl/7.56.1
>
> Please don't run the script more than once or twice or thrice.
>

Sounds good, Jason. thanks!

I may not get to this until tomorrow, I'll be away from my computer + no
bash on my end yet.

Jordan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20171201/ef9dd611/attachment-0001.html>


More information about the WireGuard mailing list