me176c-dev / android_device_asus_K013

Android device configuration for ASUS MeMO Pad 7 (ME176C(X))
https://forum.xda-developers.com/memo-pad-7/orig-development/rom-unofficial-lineageos-16-0-asus-memo-t3929600
Other
26 stars 5 forks source link

Add WireGuard support #42

Closed jerbmega closed 6 years ago

jerbmega commented 6 years ago

WireGuard is a fairly new VPN protocol which is faster and more secure than OpenVPN. The VPN I use on a daily basis has WireGuard servers in testing, which work quite well on my desktop- but starting today WireGuard now has official Android support as well, and from the looks of things, it's quite easy to integrate into existing ROMs.

https://forum.xda-developers.com/android/development/wireguard-rom-integration-t3711635

lambdadroid commented 6 years ago

According to the thread, it should be also working (with slightly reduced performance) without any changes to the kernel using a separate user space implementation. Have you tried if it is working? Just curious.

jerbmega commented 6 years ago

Said userspace implementation hasn't been released yet, unfortunately.

lambdadroid commented 6 years ago

Don't worry! The project looks promising, I will check how much effort is required to integrate it into the kernel for the next version.

lambdadroid commented 6 years ago

@jerbear64 I've compiled a test build with WireGuard support included. Could you test if it is working correctly? I don't have any VPN to test with right now. To test it:

Since it's a development build you cannot flash it over your main installation, so make sure you make a backup and a factory reset. I don't recommend you stay on this build after testing, if everything is working I'll release a proper build with WireGuard support within the next 2 weeks.

jerbmega commented 6 years ago

Success! I took the configuration file from my PC and modified it a bit to use the public/private SSH keys for my tablet. After that, I used the Mullvad provided shell script to assign a local IP to the new public key, which I then placed in the configuration file, and imported the configuration in the app. It works just fine.

screenshot_20171209-113957

Keep in mind that the screenshot says "at risk" due to WebRTC being enabled in the Lineage stock browser. It appears Wireguard is immune to WebRTC leaks anyways as the test website grabbed the VPN's IP as the external one, and the VPN's local IP assigned to my tablet as the internal one.