[CentOS-devel] Wireguard and c8S headache - ?

Thu Jul 21 19:50:55 UTC 2022
Phil Perry <pperry at elrepo.org>

On 21/07/2022 14:37, Josh Boyer wrote:
> On Thu, Jul 21, 2022 at 9:25 AM Phil Perry <pperry at elrepo.org> wrote:
>> It is a shame that RH/Stream are unable to support the WireGuard CI.
>> In addition to Oracle, you could also use RHEL or Alma or Rocky or any
>> other supported distro/kernel.
> In this case, I think CentOS Stream is actually catching things as we
> expect.  The next RHEL release (and therefore Alma, Rocky, or any
> other rebuild) will have the same issues if the changes aren't made
> before then.  There's a bug reported for this and the resolution was
> that the out of tree Wireguard module for EL8 needs to stop defining a
> particular function in a header.

The issue is that the C8S kernel will not run on the WireGuard CI [1], 
so WireGuard are unable/unwilling to address these issues upstream as 
part of their continuous development (as they do for every other kernel 
they backport to), _before_ they become an issue. If the C8S kernel ran 
on the WireGuard CI, these issues would get fixed at source and you 
would never see these filed bugs or mailing list threads.

WireGuard filed numerous bugs [2,3] with patches with Red Hat to get the 
Stream kernel running on the their CI, which Red Hat eventually declined 
to accept (and I totally get the reasons why), so WireGuard eventually 
gave up and dropped support for CentOS Stream.

The next best solution (other than getting Stream running on WireGuard's 
CI) would be for the kmod SIG (or some other 3rd party provider) to fix 
the code and ship kmods for Stream, but obviously that takes time and 
users are potentially left with a broken VPN each time a new kernel 
update is pushed. But it looks like upstream have lost interest in 
supporting Stream which is a shame.

[1] https://lists.zx2c4.com/pipermail/wireguard/2022-June/007664.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1905962
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1839419

> As a potential option, CentOS Stream 9/RHEL 9 has Wireguard included
> and does not have this issue to my knowledge.
> josh
>> On 21/07/2022 11:12, Jean-Marc Liger wrote:
>>> Hi L,
>>> You could otherwise use Oracle UEK kernel :
>>> https://blogs.oracle.com/linux/post/how-to-setup-wireguard-on-oracle-linux
>>> Regards,
>>> Jean-Marc
>>> Le 21/07/2022 à 07:41, lejeczek via CentOS-devel a écrit :
>>>> Hi guys.
>>>> I asked wireguad's devel and the author explained the troublesome case
>>>> of wireguard & c8S - without me going into depth of that - do you guys
>>>> know how to get Wireguard work in 8 Stream?
>>>> With "official" way with copr from "jdoss/wireguard-tools" module
>>>> remains broken for last two kernel versions.
>>>> many thanks, L.