Previous posts on installing Wireguard on the Raspberry Pi dealt with Rapsberry Pi model 2 (version 1.2) and up. I did say that it was possible to install the virtual network server on the Raspberry Pi Zero and older models of the Raspberry Pi by compiling the source. However Daniel T. Wagner wrote yesterday with good news. The Raspbian
testing repository contains WireGuard package which is compatible with the ARMv6, ARMv7 and ARMv8 architecture. Therefore that version is compatible with all Raspberry Pi models as far as I know.
This revised version of the post incorporates helpful comments and corrections received in a private email from Aravind Reddy earlier today. Many thanks to Daniel and Aravid for reaching out and sharing their knowledge.
Table of Contents
- Prerequisites to Installing WireGuard on Raspberry Pi OS
- Installing WireGuard
- About the Raspbian
I will describe how I installed the WireGuard virtual network server on a Raspberry Pi model B © 2011.9 running Raspberry Pi OS Lite. The latest "official supported operating system" released by the Raspberry Pi Foundation found on the Raspberry Pi OS (previously called Raspbian) download page,
Raspberry Pi OS (32-bit) Lite Minimal image based on Debian Buster Version: May 2020 Release date: 2020-05-27 Kernel version: 4.19
was on the SD card. There are three versions of the OS, the
Lite version is typically chosen if the Raspberry Pi is used as a server, while one of the "desktop" versions with a graphical user interface (GUI) should be obtained if the Pi is to be used as a full-fledged desktop computer with connected keyboard and monitor. Even if a GUI version is installed, it will be probably be necessary to open a terminal to install WireGuard.
I changed the hostname to
oldpi with the
raspi-config utility and then, as always before installing a major package, the system was updated and upgraded after confirming that the kernel version was indeed 4.19.
Now would be a good time to read War and Peace or binge watch Games of Throne. Don't worry, if you don't complete either task, you will manage to finish it in the next two steps, especially if using old single core SoC. Exactly which packages will be upgraded and the disk space freed or used will depend on how long it has been since the last upgrade was done. Interestingly, the
raspberrypi-kernel was among those packages that were upgraded. As a consequence, the kernel was upgraded to version 5.4.51.
The next step is to install the only prerequisite, the kernel header files.
Note that the version of the headers will depend on the version of the operating system kernel, which may be later than what is shown above by the time this note is read.
That is it for the prerequisites.
Because I thought that the WireGuard was not available in the Raspberry Pi OS repositories, I installed the package from the Debian repository and unfortunately that package is not compatible with the ARMv6 processor. In the past I resorted to compiling the source code for those Raspberry Pi models that use that architecture. But Daniel Wagner found that the WireGuard package available in the Raspbian Testing repository is compatible with the older architecture, so there is no need to go through the complicated and lengthy compilation process.
Testing needs to be added to the list of repositories and it should be given a lower priority so that most installed packages are not upgraded (more on that at the end).
Now the WireGuard package in the testing repository can be installed.
It is now possible to verify that the Wireguard utilities have been installed.
Before creating an empty interface configuration file and bringing up the interface, it may be necessary to reboot.
Verification shows that the WireGuard module was loaded and the network interface is created and that the server is up and waiting for incoming UDP packets on port 40213.
However, it is rather pointless to bring up the interface because it will not do anything without proper configuration. Taking the interface down and stopping the server is just as easy, but note how the WireGuard module remains loaded.
At this point it will be necessary to configure Wireguard in order to do anything useful. There is no point in repeating the instructions here, just go back to the older post starting with section 3. Enabling Remote Access to the Local Network. Hopefully, everything will work.
Back in May, when I installed WireGuard on Raspberry Pi OS, I did not find the package in the main
Buster repository even after upgrading to the 5.4 kernel (see Concluding Remarks). As shown above, the
Testing repository, does contain a version of the package compatible with the ARMv6, ARMv7 and ARMv8 architectures which takes care of all Raspberry Pi models. Here is the list of repositories used after adding
As can be seen,
Testing is the external repository with the lowest. Nevertheless, it contains 10 upgrades for packages.
I have not tested any of these upgrades or anything else to do with the new kernel really. Hopefully nothing major is broken. If you do not want these packages and others to be installed on the next
apt upgrade command, lower the
testing repository priority.
Any value less than 100 should work. After saving the file,
apt reports that no packages will be upgraded.
Perhaps a cautious approach would be warranted in some circumstances, meaning that it may be preferable to wait until WireGuard makes it to the stable release of the operating system. That should not take too long since the presence of WireGuard in the
testing repository should mean that it will be incorporated into the next stable release of Raspberry Pi OS. At that point, if it's not include in the image file (as is currently the case with Armbian and Ubuntu), then it will be possible to install the WireGuard packages with a simple sudo apt install wireguard. However, experience shows that even stable releases of a new version of the operating system can break things, so if I were to add WireGuard again on any Raspberry Pi, I would just go ahead and follow Daniel T. Wagner's instructions; but on a fresh install of Raspberry Pi OS to a new SD card, after setting aside my original SD card as a safe back up.