starred/kvm
1
0
Fork 0
mirror of https://github.com/jetkvm/kvm.git synced 2026-03-02 22:58:00 -05:00
Code Issues 252 Projects Packages Wiki Activity

Feature Request: Add WireGuard Support #44

New issue
Open
opened 2026-02-20 08:19:37 -05:00 by deekerman · 24 comments
deekerman commented 2026-02-20 08:19:37 -05:00
Owner
Copy link

Originally created by @Gummibaer on GitHub (Jan 12, 2025).

Description
Would it be possible to implement support for WireGuard in JetKVM?

WireGuard is a modern, lightweight, and highly efficient VPN solution that could greatly enhance JetKVM's networking capabilities. Its simplicity and speed make it an excellent choice for secure communication and managing network connections.

Originally created by @Gummibaer on GitHub (Jan 12, 2025). Description Would it be possible to implement support for WireGuard in JetKVM? WireGuard is a modern, lightweight, and highly efficient VPN solution that could greatly enhance JetKVM's networking capabilities. Its simplicity and speed make it an excellent choice for secure communication and managing network connections.
deekerman commented 2026-02-20 08:19:38 -05:00
Author
Owner
Copy link

@adrianmeraz commented on GitHub (Jan 12, 2025):

Wouldn't the Tailscale feaure serve this purpose? It's based on Wireguard, and has more functionality.

@adrianmeraz commented on GitHub (Jan 12, 2025): Wouldn't the Tailscale feaure serve this purpose? It's based on Wireguard, and has more functionality.
deekerman commented 2026-02-20 08:19:38 -05:00
Author
Owner
Copy link

@Gummibaer commented on GitHub (Jan 12, 2025):

Thank you for your response!

While the Tailscale feature is indeed based on WireGuard and provides additional functionality, there are several key advantages to having native WireGuard support directly in JetKVM:

  1. Eliminates the Need for External Services

    • Tailscale relies on an external service for coordination, even in private deployments. Native WireGuard support would allow users to create fully self-contained VPN setups without depending on third-party service providers.
    • This is particularly important for users who prioritize self-hosted solutions for privacy, security, or compliance reasons.

  2. Lightweight and Direct Integration

    • WireGuard itself is extremely lightweight and efficient. Direct integration into JetKVM would provide a minimal and streamlined VPN solution that is tightly coupled with the platform, reducing overhead and complexity.

  3. Flexibility for Advanced Configurations

    • A native WireGuard implementation would enable users to configure and manage their VPN connections directly within JetKVM, without the additional layers or abstractions that Tailscale introduces.
    • This is especially useful for advanced networking scenarios where full control over the VPN setup is required.

Tailscale is an excellent solution for certain use cases, but having the option for native WireGuard support would offer greater flexibility and control for users who prefer or require a direct, self-contained approach to VPN management.

@Gummibaer commented on GitHub (Jan 12, 2025): Thank you for your response! While the Tailscale feature is indeed based on WireGuard and provides additional functionality, there are several key advantages to having native WireGuard support directly in JetKVM: 1. **Eliminates the Need for External Services** - Tailscale relies on an external service for coordination, even in private deployments. Native WireGuard support would allow users to create fully self-contained VPN setups without depending on third-party service providers. - This is particularly important for users who prioritize self-hosted solutions for privacy, security, or compliance reasons. 2. **Lightweight and Direct Integration** - WireGuard itself is extremely lightweight and efficient. Direct integration into JetKVM would provide a minimal and streamlined VPN solution that is tightly coupled with the platform, reducing overhead and complexity. 3. **Flexibility for Advanced Configurations** - A native WireGuard implementation would enable users to configure and manage their VPN connections directly within JetKVM, without the additional layers or abstractions that Tailscale introduces. - This is especially useful for advanced networking scenarios where full control over the VPN setup is required. Tailscale is an excellent solution for certain use cases, but having the option for native WireGuard support would offer greater flexibility and control for users who prefer or require a direct, self-contained approach to VPN management.
deekerman commented 2026-02-20 08:19:38 -05:00
Author
Owner
Copy link

@lbayerlein commented on GitHub (Jan 12, 2025):

+1

@lbayerlein commented on GitHub (Jan 12, 2025): +1
deekerman commented 2026-02-20 08:19:38 -05:00
Author
Owner
Copy link

@Nobeernogman commented on GitHub (Jan 12, 2025):

+1

@Nobeernogman commented on GitHub (Jan 12, 2025): +1
deekerman commented 2026-02-20 08:19:38 -05:00
Author
Owner
Copy link

@geerlingguy commented on GitHub (Jan 12, 2025):

Just cross-linking the Tailscale issue for completeness: https://github.com/jetkvm/kvm/issues/44

@geerlingguy commented on GitHub (Jan 12, 2025): Just cross-linking the Tailscale issue for completeness: https://github.com/jetkvm/kvm/issues/44
deekerman commented 2026-02-20 08:19:38 -05:00
Author
Owner
Copy link

@adrianmeraz commented on GitHub (Jan 13, 2025):

Alright, I'm convinced. Having the option of native Wireguard sounds useful in the cases you've described.

@adrianmeraz commented on GitHub (Jan 13, 2025): Alright, I'm convinced. Having the option of native Wireguard sounds useful in the cases you've described.
deekerman commented 2026-02-20 08:19:38 -05:00
Author
Owner
Copy link

@rcludwick commented on GitHub (Jan 14, 2025):

To add another point. Tailscale is good in many cases, but I've been slowly removing use cases for it in my home network. The reality is that there's kinda too much magic in Tailscale for it's own good sometimes and a simpler networking is just well simpler.

@rcludwick commented on GitHub (Jan 14, 2025): To add another point. Tailscale is good in many cases, but I've been slowly removing use cases for it in my home network. The reality is that there's kinda too much magic in Tailscale for it's own good sometimes and a simpler networking is just well simpler.
deekerman commented 2026-02-20 08:19:38 -05:00
Author
Owner
Copy link

@kpma1985 commented on GitHub (Feb 14, 2025):

you can install it urself via ssh

i installed cloudflared on it 🗡

@kpma1985 commented on GitHub (Feb 14, 2025): you can install it urself via ssh i installed cloudflared on it 🗡
deekerman commented 2026-02-20 08:19:38 -05:00
Author
Owner
Copy link

@vedeyn commented on GitHub (Feb 24, 2025):

+1

@vedeyn commented on GitHub (Feb 24, 2025): +1
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@SamuelDudley commented on GitHub (Mar 6, 2025):

+1
Looking to add wireguard to a jetkvm and found this blog post howto guide: https://simonmicro.de/blog/hacking/wireguard-vpn-on-a-jetkvm/

@SamuelDudley commented on GitHub (Mar 6, 2025): +1 Looking to add wireguard to a jetkvm and found this blog post howto guide: https://simonmicro.de/blog/hacking/wireguard-vpn-on-a-jetkvm/
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@simonmicro commented on GitHub (Mar 7, 2025):

Hehehe, I wrote it, because I found this issue - how small the world really is... Problem is with their implementation of the Web-RTC layer. As also linked in that post, the Tailscale plugin suffers from the same issue: The ICE in the browser is maybe aware of how to reach the JetKVM endpoint, but you'll likely run into another issue.

Checking with Web-RTC debug the issue becomes visible... During my tests I used an intermediate server (OPNsense), so I could not reach the JetKVM IPv4 directly, as WireGuard is a P2P solution and I did not setup the WireGuard server as relay. So, I just used good old ssh -L, which is able to tunnel the TCP packets for HTTP, but cannot cover the Web-RTC traffic. So, if you want to use this solution, the JetKVM basically has to connect itself directly with the target system, from which you want to remote-control it, or you have to setup a WireGuard relay so you can reach the JetKVM ip directly...

Alternatively, as Web-RTC was designed with these issues in mind, a TURN server would be required. But we cannot set one on the JetKVM and also this would sort of introduce additional delay (beside someone needing to host it)... Meh. Other solutions, like the PiKVM, have a fallback for that case, which consists of the CPU taking snapshots of the stream and providing them as image directly over HTTP to the browser, hence bypassing the broken Web-RTC connection...

Just my two cents onto this issue...

@simonmicro commented on GitHub (Mar 7, 2025): Hehehe, I wrote it, because I found this issue - how small the world really is... Problem is with their implementation of the Web-RTC layer. As also linked in that post, the [Tailscale plugin suffers from the same issue](https://github.com/tutman96/jetkvm-plugin-tailscale/issues/3): The ICE in the browser is maybe aware of how to reach the JetKVM endpoint, but you'll likely run into another issue. Checking with [Web-RTC debug](chrome://webrtc-internals/) the issue becomes visible... During my tests I used an intermediate server (OPNsense), so I could not reach the JetKVM IPv4 directly, as WireGuard is a **P2P solution** and I did not setup the WireGuard server as relay. So, I just used good old `ssh -L`, which is able to tunnel the TCP packets for HTTP, but cannot cover the Web-RTC traffic. So, if you want to use this solution, the JetKVM basically has to connect itself directly with the target system, from which you want to remote-control it, or you have to setup a WireGuard relay so you can reach the JetKVM ip directly... Alternatively, as Web-RTC was designed with these issues in mind, a TURN server would be required. But we cannot set one on the JetKVM and also this would sort of introduce additional delay (beside someone needing to host it)... Meh. Other solutions, like the PiKVM, have a fallback for that case, which consists of the CPU taking snapshots of the stream and providing them as image directly over HTTP to the browser, hence bypassing the broken Web-RTC connection... Just my two cents onto this issue...
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@DanForever commented on GitHub (May 15, 2025):

Has there been any movement on this?

@DanForever commented on GitHub (May 15, 2025): Has there been any movement on this?
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@IrishTR commented on GitHub (May 21, 2025):

Having native Wireguard would be awesome option to have for this solution, hopefully it gets future traction, thanks!

@IrishTR commented on GitHub (May 21, 2025): Having native Wireguard would be awesome option to have for this solution, hopefully it gets future traction, thanks!
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@gyllen commented on GitHub (Jun 4, 2025):

Plus one on this Wireguard support would be really useful

@gyllen commented on GitHub (Jun 4, 2025): Plus one on this Wireguard support would be really useful
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@purepani commented on GitHub (Sep 28, 2025):

Native wireguard support would help for anyone who doesn't tailscale but uses different mesh VPN service, since many different VPN providers offer wireguard support

@purepani commented on GitHub (Sep 28, 2025): Native wireguard support would help for anyone who doesn't tailscale but uses different mesh VPN service, since many different VPN providers offer wireguard support
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@phonkd commented on GitHub (Oct 24, 2025):

+1

@phonkd commented on GitHub (Oct 24, 2025): +1
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@itsjustnickdev commented on GitHub (Nov 9, 2025):

+1

@itsjustnickdev commented on GitHub (Nov 9, 2025): +1
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@amaksymov commented on GitHub (Nov 18, 2025):

+1

@amaksymov commented on GitHub (Nov 18, 2025): +1
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@DanForever commented on GitHub (Dec 11, 2025):

To be clear, I want wireguard so I can connect it to my local self-hosted vpn

@DanForever commented on GitHub (Dec 11, 2025): To be clear, I want wireguard so I can connect it to my local self-hosted vpn
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@hoh commented on GitHub (Dec 15, 2025):

To be clear, I want wireguard so I can connect it to my local self-hosted vpn

I think many people are looking for doing exactly that.

@hoh commented on GitHub (Dec 15, 2025): > To be clear, I want wireguard so I can connect it to my local self-hosted vpn I think many people are looking for doing exactly that.
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@DonOregano commented on GitHub (Dec 28, 2025):

Would love this! I don't want to sign up for cloud services when I can avoid it, so the built-in cloud thing or tailscale do not appeal to me at all.

@DonOregano commented on GitHub (Dec 28, 2025): Would love this! I don't want to sign up for cloud services when I can avoid it, so the built-in cloud thing or tailscale do not appeal to me at all.
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@bcyran commented on GitHub (Jan 13, 2026):

I created a script automating WireGuard building and installation steps described in already mentioned blog post by @simonmicro: jetkvm-wireguard-setup.

Personally, I did not encounter any Web-RTC issues. My setup involves a VPS acting as a sort of gateway to which all clients, including JetKVM, connect to. I can freely use JetKVM from other clients connected to the VPS.

@bcyran commented on GitHub (Jan 13, 2026): I created a script automating WireGuard building and installation steps described in already mentioned [blog post](https://simonmicro.de/blog/hacking/wireguard-vpn-on-a-jetkvm/) by @simonmicro: [jetkvm-wireguard-setup](https://github.com/bcyran/jetkvm-wireguard-setup). Personally, I did not encounter any Web-RTC issues. My setup involves a VPS acting as a sort of gateway to which all clients, including JetKVM, connect to. I can freely use JetKVM from other clients connected to the VPS.
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@tunip commented on GitHub (Feb 1, 2026):

Shoutout to @bcyran for the automated WireGuard build script. Works like a charm with self-hosted Pangolin. 🙌

@tunip commented on GitHub (Feb 1, 2026): Shoutout to @bcyran for the automated WireGuard build script. Works like a charm with self-hosted Pangolin. 🙌
deekerman commented 2026-02-20 08:19:39 -05:00
Author
Owner
Copy link

@afunworm commented on GitHub (Feb 19, 2026):

+1

@afunworm commented on GitHub (Feb 19, 2026): +1
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
dependabot/npm_and_yarn/ui/vitejs/plugin-react-swc-4.2.3
dependabot/npm_and_yarn/ui/vite-tsconfig-paths-6.1.1
dependabot/npm_and_yarn/ui/framer-motion-12.34.3
dependabot/npm_and_yarn/ui/tailwind-merge-3.5.0
dependabot/npm_and_yarn/ui/multi-d88693a43a
dependabot/go_modules/github.com/pion/webrtc/v4-4.2.9
dependabot/npm_and_yarn/ui/inlang/cli-3.1.6
dependabot/npm_and_yarn/ui/eslint-plugin-react-refresh-0.5.2
dependabot/go_modules/golang.org/x/sys-0.41.0
dependabot/go_modules/golang.org/x/crypto-0.48.0
dependabot/npm_and_yarn/ui/zustand-5.0.11
dependabot/go_modules/github.com/prometheus/procfs-0.20.1
dependabot/npm_and_yarn/ui/inlang/sdk-2.7.0
dependabot/go_modules/github.com/gin-gonic/gin-1.12.0
dependabot/go_modules/golang.org/x/net-0.51.0
dependabot/github_actions/actions/upload-artifact-7
dependabot/npm_and_yarn/ui/npm_and_yarn-e66adb831b
feat/signed-releases
dependabot/go_modules/github.com/prometheus/common-0.67.5
fix/ipv6-readiness
fix/failsafe-tolerance
fix/failscafe-tolerance
debug/native-logs
fix/retry-sleep-mode-check
copilot/add-copilot-instructions-file
chore/es-lint-redux
fix/deploy-cloud-app
release-cloud-app/0.4.9
release-cloud-app/0.4.8
release-cloud-app/0.4.5
release-cloud-app/0.4.4
release-cloud-app/0.4.3
release-cloud-app/0.4.2
release-cloud-app/0.4.1
release-cloud-app/0.4.0
release-cloud-app/0.3.9
release-cloud-app/0.3.8
fix/prevent-video-restart-loop
fix/en-as-default
backports/ota-und-cgo
e2e-tests
release/049
feat/audio-support-metrics
fix/usb-gadget-init-rebind
feat/lldp
feat/usb-reset
feat/audio-support
fix/hdmi-mutex
main
feat/auto-reload-fe
feat/jsonrpc-typings
feat/ocr
chore/show-codec
chore/golangci-lint-additional
refactor/jsonrpc-kbd
misc/0.4.6-with-old-deps
feat/static-ip-ui
cursor/refactor-uselocation-to-prevent-re-renders-f026
cursor/remove-uselocation-from-devices-id-tsx-7751
chore/eslint-prettier-setup
feat/tls-config
feat/metrics-optin
feat/tls
release/0.5.4-dev202602080922
release/0.5.3
release/0.5.3-dev202602061404
release/0.5.3-dev202601281951
release/0.5.2-dev202601071426
release/0.5.2
release/0.5.2-dev202601070105
release/0.5.2-dev202601070032
release/0.5.2-dev202601061215
release/0.5.2-dev202601051816
release/0.5.2-dev202512291946
release/0.5.1-dev202512211114
release/0.5.1
release/0.5.1-dev202512181840
release/0.5.1-dev202512181609
release/0.5.1-dev202512181144
release/0.5.0-dev202512051510
release/0.5.0
0.5.0-dev202511271013
0.5.0-dev202511271020
release/0.5.0-dev202511211223
release/0.5.0-dev20251120
release/0.4.9
release/0.4.8
release/0.4.7
challenge-base
release/0.4.6
release/0.4.5
release/0.4.5-rc2
release/0.4.5-rc1
release/0.4.4
release/0.4.3
release/0.4.2
release/0.4.1
release/0.4.0
release/0.3.9
release/0.3.8
Labels
Clear labels   
component/keyboard-layout

   
component: cloud

   
component: device screen

   
component: extensions

   
component: hid/keyboard

   
component: hid/mouse

   
component: network

   
component: timesync

   
component: ui

   
component: updater

   
component: usb

   
component: usb/hid

   
component: usb/storage

   
component: video

   
component: webrtc

   
component: webserver

   
need-more-details

   
status: working-in-progress

   
wontfix
No labels
component/keyboard-layout
component: cloud
component: device screen
component: extensions
component: hid/keyboard
component: hid/mouse
component: network
component: timesync
component: ui
component: updater
component: usb
component: usb/hid
component: usb/storage
component: video
component: webrtc
component: webserver
need-more-details
status: working-in-progress
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/kvm#44
No description provided.