WireGuard on Raspberry Pi 4

bjlockie · June 8, 2020, 5:19am

OpenVPN is extremely slow on my Raspberry Pi4 so I'm considering trying WireGuard.
It looks like it's going to be harder to configure.
Has anyone tried it?

psherman · June 8, 2020, 5:24am

If you're using OpenWrt on your RPi4, you can follow this guide.

Wireguard is actually easier to setup than OpenWrt, and it is much higher performance.

peternikolow · June 8, 2020, 8:41am

What OpenVPN encryption you're using?

Because almost all x86 CPUs have AES-NI instruction for AES acceleration and OpenSSL can use them if processor support them.

RPi 3 and 4 CPU also support some ARM AES instructions, BUT they're disabled with firmware:
https://www.raspberrypi.org/forums/viewtopic.php?t=207888

About the Cortex-A53 processor Cryptography Extension
The Cortex-A53 processor Cryptography Extension supports the ARMv8 Cryptography
Extensions. The Cryptography Extensions add new A64, A32, and T32 instructions to
Advanced SIMD that accelerate Advanced Encryption Standard (AES) encryption and
decryption, and the Secure Hash Algorithm (SHA) functions SHA-1, SHA-224, and SHA-256.
Note:
The optional Cryptography Extension is not included in the base product. ARM supplies the
Cryptography Extension only under an additional licence to the Cortex-A53 processor and
Advanced SIMD and Floating-point support licences.

This is first. Second is that newest OpenSSL libraries can use ChaCha20-Poly1305 that is much faster on ARM:

WireGuard is using this protocol and this is one of reason why it's faster than OpenVPN on same hardware.

But OpenWRT using old libraries that didn't support this.

krazeh · June 8, 2020, 9:17am

Why do you think that would be the case?

bjlockie · June 8, 2020, 2:15pm

Can I have some IP's go direct and bypass WireGuard?

krazeh · June 8, 2020, 3:10pm

You can, either by writing your own firewall/routing rules or by using something like the Policy Based Routing package.

bjlockie · June 8, 2020, 2:12pm

How can I tell if my ssl libraries support ChaCha20-Poly1305?

mj82 · June 8, 2020, 3:44pm

What internet speed are you getting on RPi4 using OpenVpn?

peternikolow · June 8, 2020, 4:29pm

Yes. Here is on mine Mac with TunnelBlick:

$ ./openvpn-2.3.18-openssl-1.0.2r/openvpn --show-tls
Available TLS Ciphers,
listed in order of preference:

TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
DH-DSS-AES256-GCM-SHA384 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
DH-RSA-AES256-GCM-SHA384 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
DH-RSA-AES256-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-AES256-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-DSS-WITH-AES-256-CBC-SHA
DH-RSA-AES256-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-AES256-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
DH-RSA-CAMELLIA256-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-CAMELLIA256-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDH-RSA-WITH-AES-256-CBC-SHA
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
DH-DSS-AES128-GCM-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
DH-RSA-AES128-GCM-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
DH-RSA-AES128-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-AES128-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-DSS-WITH-AES-128-CBC-SHA
DH-RSA-AES128-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-AES128-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
DH-RSA-CAMELLIA128-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-CAMELLIA128-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDH-RSA-WITH-AES-128-CBC-SHA
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA

Be aware that that whether a cipher suite in this list can actually work
depends on the specific setup of both peers. See the man page entries of
--tls-cipher and --show-tls for more details.

$ ./openvpn-2.3.18-libressl-2.7.1/openvpn --show-tls
Available TLS Ciphers,
listed in order of preference:
TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
GOST2012256-GOST89-GOST89 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
GOST2001-GOST89-GOST89 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
Be aware that that whether a cipher suite in this list can actually work
depends on the specific setup of both peers. See the man page entries of
--tls-cipher and --show-tls for more details.

$ ./openvpn-2.5_git_ccb636c-openssl-1.0.2r/openvpn --show-tls
Available TLS Ciphers, listed in order of preference:

For TLS 1.2 and older (--tls-cipher):

TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA

Be aware that that whether a cipher suite in this list can actually work
depends on the specific setup of both peers. See the man page entries of
--tls-cipher and --show-tls for more details.

$ ./openvpn-2.5_git_ccb636c-openssl-1.1.1b/openvpn --show-tls
Available TLS Ciphers, listed in order of preference:

For TLS 1.3 and newer (--tls-ciphersuites):

TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256

For TLS 1.2 and older (--tls-cipher):

TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-AES-128-CBC-SHA

Be aware that that whether a cipher suite in this list can actually work
depends on the specific setup of both peers. See the man page entries of
--tls-cipher and --show-tls for more details.

As you can see you need newest versions of OpenVPN but they also need to be linked with newest OpenSSL.

-=-

But OpenSSL need to be recompiled with this settings enabled

github.com

openwrt/openwrt/blob/master/package/libs/openssl/Config.in

if PACKAGE_libopenssl

comment "Build Options"

config OPENSSL_OPTIMIZE_SPEED
	bool
	default y if x86_64 || i386
	prompt "Enable optimization for speed instead of size"
	select OPENSSL_WITH_ASM
	help
		Enabling this option increases code size (around 20%) and
		performance.  The increase in performance and size depends on the
		target CPU. EC and AES seem to benefit the most, with EC speed
		increased by 20%-50% (mipsel & x86).
		AES-GCM is supposed to be 3x faster on x86. YMMV.

config OPENSSL_WITH_ASM
	bool
	default y if !SMALL_FLASH || !arm
	prompt "Compile with optimized assembly code"

This file has been truncated. show original

OPENSSL_WITH_TLS13
OPENSSL_WITH_CHACHA_POLY1305
OPENSSL_PREFER_CHACHA_OVER_GCM

But this is for OpenSSL. There are also settings for mbedTLS or WolfSSL and OpenVPN should be linked against them.

To make things complicated different OpenWRT has used different libraries and some old versions can't support them.

bjlockie · June 8, 2020, 4:31pm

50Mbps (250 with no vpn).
Maybe my isp throttles encrypted connections.

krazeh · June 8, 2020, 4:37pm

The slower speed when using the VPN is much more likely to be related to OpenVPN and encryption speeds than your ISP throttling the connection.

If you can choose between OpenVPN and Wireguard then go with Wireguard, especially on a RPi4 where you don't have access to hardware accelerated AES.

bjlockie · June 8, 2020, 5:29pm

It is.
I installed openvpn on my Ryzen (AMD) desktop and I get 230Mbps.

Unfortunately my VPN provider doesn't support WireGuard yet and it is a pain to switch.
I really want to see what speeds I can get out of the RPi4 with WireGuard so I'll try it.
I'll have to set it up so my IPtv doesn't go through the VPN.

krazeh · June 8, 2020, 5:34pm

I use Wireguard on my RPi4 to connect to a VPS and get 350Mbps. Judging by the CPU usage I reckon it could do at least 500Mbps, if not more.

bjlockie · June 12, 2020, 6:54pm

I don't think WireGuard works with dynamic IPs.
It seems to need a hardcoded allowed IP on the server.

krazeh · June 12, 2020, 7:00pm

Why would you have dynamically changing allowed IPs? The endpoint I can understand and you can use hostnames and DNS to get round that issue, but the allowed IPs should be static.

bjlockie · June 12, 2020, 7:12pm

I thought allowed IPs/hostnames were on the server.
Therefore the need to be static on the client.

krazeh · June 12, 2020, 7:25pm

Are you confusing endpoints with allowed IPs?

bjlockie · June 12, 2020, 8:28pm

Maybe.

endpoints on the client are the hostname/IP of the remote VPN server
Allowed IPs are on the remote VPN server and is the hostname/IP of the clients allowed to connect

Do I have it backwards?

krazeh · June 12, 2020, 8:37pm

Thinking in server/client terms probably isn't helping. As far as wireguard is concerned each node is an equal peer.

Each peer is an endpoint and you can statically set it's details on another peer by an IP or hostname, or it'll provide that info when it connects.

Allowed IPs are required on each peer and determine what traffic is allowed to pass within the tunnel. For a packet to enter the tunnel the destination IP has to match at least one entry in allowed IPs, and to exit the tunnel the source IP has to match.

slh · June 12, 2020, 8:45pm

That actually is an issue with IP6 traffic being routed over wireguard on most consumer contracts, which usually don't have static IPv6 prefixes to choose from, but use dynamic IPv6 prefixes instead (which tend to change after each reconnect).