fedops blog

Privacy in Computing

Mon 16 December 2019

Quick Tip - Updating Wireguard with the Kernel

Posted by fedops in Privacy   

Update 2021: wireguard has been integrated into the kernel for a good while now. There is no need to do anything special if you are using a distro that ships it as part of their kernel build.

Wireguard

Wireguard frankly is the hottest thing around in the land of VPNs right now. As opposed to most of the other solutions it is: extremely straightforward to set up, scales easily, works across all major platforms, and consists of the bare minimum of moving parts. Clearly a winner.

It is, however, not currently integrated into the kernel. Rather it is implemented as a DKMS module. One upshot of that is that a bit of care must be taken when upgrading the kernel, as a new kernel also requires a newly-built DKMS module to go along with it.

Wireguard Installation

If you are running Fedora I recommend you do the following:

  • enable Jason Donenfeld's COPR repository for wireguard through sudo dnf copr enable jdoss/wireguard
  • install both the wireguard DKMS module as well as the utilities through sudo dnf install wireguard-dkms wireguard-tools

By using this repo you will always get the current version of the module and, critically, the package also builds the DKMS module which correlates to your kernel.

Kernel Upgrades

Armed with this setup, when the time comes for a kernel upgrade, do the following:

  • run the upgrade as usual through sudo dnf upgrade installing whatever packages in addition to the kernel might be there
  • reboot to start into the new kernel
  • finally, do dnf remove wireguard-dkms wireguard-tools to remove the modules for the old kernel, followed by dnf install wireguard-dkms and wireguard-tools to install and build the module for your currently running (upgraded) kernel.

This way you are ensuring you always have the correct module for the latest kernel without having to do any manual work.

Once the wireguard VPN will become part of the mainline kernel - probably with release 5.6 - this will be unnecessary. But for now, this is a really convenient way to avail yourself of the best VPN technology currently out there. Thanks, Jason!

Tags os  privacy  security  wireguard  quicktip