Switching to the new in-kernel WireGuard module was easy (on Fedora 31)
One of the quietly exciting bits of recent kernel news for me is
that WireGuard is now built in to
the Linux kernel from kernel 5.6 onward. I've been using a private
WireGuard tunnel on my Fedora machines for
several years now, but it's been through the additional COPR
with an additional DKMS based
kernel module package,
wireguard-dkms. Among other things, this
contributed to my multi-step process fo updating Fedora kernels.
When I first updated to a Fedora 5.6 kernel, I wondered if I was
going to have to manually use DKMS to remove the DKMS installed
WireGuard module in favour of the one from the kernel itself. As
it turned out, I didn't have to do anything; current versions of
the COPR wireguard-dkms package have a
dkms.conf that tells DKMS
not to build the module on 5.6+ kernels. Updating to a 5.6 kernel
got me a warning from DKMS that the WireGuard DKMS couldn't build
on this kernel, but that was actually good news. After a reboot,
my WireGuard tunnel was back up just like normal. As far as I can
tell there is no difference in operation between the DKMS WireGuard
version and the now in-kernel version except that I have one fewer
DKMS module to rebuild on kernel updates.
(The one precaution I took with the COPR wireguard-dkms package was to not install any further updates to it once I'd updated to a 5.6 kernel, because that was the easiest way to keep a WireGuard module in my last 5.5 kernel in case I wanted to fall back.)
After I'd gone through enough 5.6.x Fedora kernel updates to be
sure that I wasn't going back to a 5.5 kernel that would need a
WireGuard DKMS, I removed the WireGuard DKMS package with '
remove wireguard-dkms'. Then I let things sit until today, when
I did two more cleanup steps; I disabled the WireGuard COPR
repository and switched over to the official Fedora package for
WireGuard tools with '
dnf distro-sync wireguard-tools'.
Somewhat to my surprise, this actually installed an updated
version (going from 1.0.20200102 to 1.0.20200319).
(I believe that dnf hadn't previously recognized this as an upgrade because of a difference in RPM epoch number between the two package sources. This may be deliberate so that COPR packages override regular Fedora packages at all times.)
PS: Now that WireGuard is an official part of the Fedora kernel, I feel that I should do something to set up a WireGuard VPN on my work laptop. Unfortunately this really needs a WireGuard VPN server (or touchdown point) of some sort at work. We don't currently have one and the state of the world makes it unlikely we'll deploy one in the near future, even for private sysadmin use.