After importing WireGuard into the Pixel 3a port I tried the WireGuard QML application, but the detection of kernel support is buggy.

src/vpn.py/can_use_kernel_module() detects the kernel support via a sudo command, though the users password is never requested, resulting in failure of the detection altogether.

Manually running its commands on the Pixel 3a allows the WireGuard link device to be created and deleted successfully, so I assume the app needs to request the users password similarly to what ISODrive does: https://github.com/fredldotme/ISODriveUT/blob/master/src/commandrunner.cpp

Hi! I am new... i have this error with Asus M1 pro and Ubuntu touch..
Per Key must be exacly 44 bytes long error with protonvpn wireguard settings from proton account.
email: [email protected]
Regards!

What device do you have?
Fairphone 3+
What is the output of uname -a on the device?
Linux ubuntu-phablet 4.9.218-perf-ubuntutouch+ #1 SMP PREEMPT Mon Jan 31 21:00:58 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux

Where is the kernel repo?
im fairly new no idea

Question : if i download the app from open-store will i still need to get the kernal support it will be automatic completed?

(For testing, I disabled my PIN-password and now kernel module is recognized)

I generated a client-config (with pivpn) on my wireguard server and then tried to add a new profile with the data of this config.
My config contains a preshared key, which is not represented in the app profile config.
I assume that is the reason why it does not work.

The client config file looks like this:

[Interface]
PrivateKey = ***
Address = 10.6.0.2/24
MTU = 1420
DNS = 192.168.42.110, 192.168.42.1

[Peer]
PublicKey = ***
PresharedKey = ***
Endpoint = xyz:51820
AllowedIPs = 0.0.0.0/0, ::0/0

Also, I wonder, if it would be possible to just copy a config to the ~/.local/share/wireguard.davidv.dev/profiles/ folder, to simplify configuration of new profiles.

The initial password dialog says "Your password is required for this action:". But there is no explanation which action is actually refered to.

This could be rephrased to "Your password is required to use the wireguard kernel modules." (I am guessing a bit here. 😇

With the version from the OpenStore the app says that the Xperia X misses the kernel support. But Alfred told me the support is build into the kernel. Also the version build from master of this repo does ask for password and detects the kernel properly as supported.

Please release a new version to allow Xperia X support for everyone. :-)

Hi,
I did not manage to route all my traffic through the wireguard interface... I did some research and found an explanation in the debian manpage, how this should work, https://manpages.debian.org/unstable/wireguard-tools/wg-quick.8.en.html:

It [the configuration file] infers all routes from the list of peers' allowed IPs, and automatically adds them to the system routing table. If one of those routes is the default route (0.0.0.0/0 or ::/0), then it uses ip-rule(8) to handle overriding of the default gateway.

The configuration file will be passed directly to wg(8)'s `setconf' sub-command, with the exception of the following additions to the Interface section, which are handled by this tool:

1. I would have thought, that the routes are being created by the wg setconf command, but that does not seem to happen.
2. Currently I need to set the extra_routes option, to get access to the network behind the tunnel (it creates the needed routes) - but as I understand the documentation, the routes for that are already in the allowed ip prefixes config.
3. Do we need to implement the step manually, which creates an ip rule, if 0.0.0.0/0 is present in ip prefixes?

Hello,

WireGuard has IPv4 and IPv6 support. However, when I try to add an IPv6 address, I get a message that only four ochets are allowed - so only IPv4. Is it possible to add IPv6 support?

The label says "Private key" but the button says "copy pubkey". So is this a private key or a public key? Or am I missing something here?

In the app I would get "connecting..." and the connection name, but connections would still not be working due to some config mistakes. But: The error messages do not always give the correct value that is faulty.
Example:
private key queried but "peer key" given as message

(OK, that is the only one I can find in the code. I hope I did not miss any more. :-). )

What device do you have?
miatoll (Redmi Note 9S/Pro/Pro Max - POCO M2 Pro)

What is the output of uname -a on the device?

Linux ubuntu-phablet 4.14.288-halium+ #1 SMP PREEMPT Sat Jul 30 12:30:33 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux

Where is the kernel repo?

https://gitlab.com/ubports/porting/community-ports/android10/xiaomi-redmi-note-9-pro/kernel-xiaomi-sm6250/-/tree/halium-10.0-release

https://gitlab.com/ubports/porting/community-ports/android10/xiaomi-redmi-note-9-pro/kernel-xiaomi-sm6250/-/tree/halium-10.0-release/net/wireguard

What device do you have?

What is the output of uname -a on the device?
Linux ubuntu-phablet 4.4.153-lineage+ #1 SMP PREEMPT Sat Aug 19 00:05:49 CEST 2023 aarch64 aarch64 aarch64 GNU/Linux

Where is the kernel repo?
I already reported it there as well:
https://gitlab.com/ubports/porting/community-ports/android9/oneplus-5/oneplus-cheeseburger-dumpling/-/issues/4

When opening the app and the popup asking for the password is shown, there is already an log entry saying

[sudo] password for phablet: Sorry, try again.
[sudo] password for phablet:
sudo: 1 incorrect password attempt

This is without pressing OK or doing anything at all.

When disconnecting the VPN, the connection does stay alive until a reboot. It does not get disconnected when turnded off in the app.

Xperia X, devel

Hi @DavidVentura could you please release Wireguard app for focal? That would be great!

The settings text is not suitable for longer translations. It does need some more line wrapping.

What device do you have?
Fairphone 4

What is the output of uname -a on the device?
Linux AloeHumilis 4.19.157-perf+ #1 SMP PREEMPT Tue Feb 28 09:20:04 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux

Where is the kernel repo?
https://gitlab.com/ubports/porting/reference-device-ports/android11/fairphone-4/kernel-fairphone-sm7225

Hi David, it would be great to see this app being moved over to focal.

Some instructions for a starting point are given in the forum.

Hello,
Great work on this app.
Trying to set this up in userspace mode and I have checked evrything numerous times and it just refuses to connect.
I have other android devices and pi's that can connect to my home server vpn yet this just refuses.

I do note that there was a issue #4
This talks about sudo.... is it that I have a sudo password (it basically had it as part of setup, being my issue?)

Hello,

I have the error message mentioned in the title when i'm trying to connect to any VPN, and i don't have a clue what that means.

Hello,

Having to enter manually all the VPN parameters is pretty annoying, the ability to add it with a conf file would be more practical.

hide.me WireGuard VPN needs a special HTTPS request in order to generate public key and preshared key on each connection (https://hide.me/en/knowledgebase/does-hide-me-work-with-any-wireguard-client/). They can be generated by a shell script (https://github.com/eventure/hide.client.linux/blob/master/scripts/hide.me-connect.ash#L25), so it should be possible to connect once #7 is merged, but doing this manually each time is painful on phone.

As the configuration part is done in Python, it should be not too hard to do this request before starting the connection, but need to think how integrate in UI. Would a PR to integrate this provider-specific authentication logic be accepted by this project?

@HelloVolla is looking into providing hide.me VPN to Volla Phone users with Ubuntu Touch, so in case someone is interested to implement this, Volla would be willing to sponsor it financially or by providing hardware.