Hello Team Balena!
Our devices include a Wireguard VPN configuration. In previous BalenaOS releases (e.g. 2.50.1), we’ve used a kernel module container to build the necessary module using the out-of-tree
wireguard-linux-compat repository and insert it, which has worked great.
However, new OS releases for the Intel NUC include kernel versions > 5.10 – and since 5.6, Wireguard has been available in-tree. Great news for Wireguard – but unfortunately, it also means we can no longer use
wireguard-linux-compat, as the module refuses to build on kernel versions that have in-tree support!
It’s also unfortunately not possible to build the in-tree Wireguard module using the same process, as it depends on some of the crypto APIs that are not included in the host OS kernel. The upshot of all this is that we’re not currently able to upgrade to newer host versions, and I’ve ran out of ideas about how to proceed.
Is there any likelihood that we might see the Wireguard module available in the standard host OS build sometime soon? Failing that, are there any other ideas in the community about how we might be able to proceed?