WireGuard is a popular layer 3 VPN, included in mainline Linux since 5.6.
On standard Ubuntu 20.04 with kernel 5.4, users can install the backport wireguard-dkms. But this is incompatible with kernel >= 5.6, including Jetson Linux r34+ with kernel 5.10+.
On standard Ubuntu 22.04, WireGuard is enabled as a module (CONFIG_WIREGUARD=m ). However, this is not set in the Jetson tegra_prod_defconfig.
This is a regression from r32 (kernel 4.9), where wireguard-linux-compat packages worked out of the box. This leaves Jetson users forced to recompile kernels or rely on unsupported workarounds — directing users to unofficial repositories with unvetted changes which risk introducing backdoors in a security-critical subsystem.
Request:
Please enable CONFIG_WIREGUARD=m in Jetson Linux kernels to match standard Ubuntu 22.04 and other distributions, restoring official, out-of-the-box WireGuard support for Jetson platforms.
Hi,
This is more like a kernel customization. Please refer to developer guide to enable the configs and rebuild kernel:
Kernel Customization — NVIDIA Jetson Linux Developer Guide
Here is an example of kernel customization:
No data from Joystick Logitech-f710 - #10 by DaneLLL
Thanks for the pointer to how to customize the kernel. Are there more steps required to avoid replacing the custom kernel with apt upgrade?
I would respectfully suggest that WireGuard should be part of the standard kernel config. I believe all common Linux distributions including Ubuntu (since 20.04), Debian (since version 10), Alpine, Fedora, Arch Linux, RHEL, etc. are providing WireGuard support enabled in their kernels or through packaged kernel modules—for almost 5 years now.
It also seems like a common request: there are 16 other threads on this forum and more if you look on Reddit, StackOverflow, etc. Users are familiar with WireGuard support in popular distros and are surprised by its absence in Jetson Linux. Recompiling the kernel is easier said than done; most of the forum threads document the struggles of users, and also underscores the lengths users will go to for this critical feature.
WireGuard is especially valuable for IoT deployments where you often need a secure network connection to infrastructure systems (file shares, databases, etc.) over external cellular networks. It’s a common configuration on Raspberry Pi OS and it would be great to have comparable support on Jetson devices.
Hi,
There is a known issue what custom kernel in Jetpack 6.1(r36.4.0) is upgraded to default kernel in 6.2(r36.4.3). Please apply the solution:
https://elinux.org/Jetson/L4T/r36.4.x_patches#Kernel_Customization
Thank you for highlighting that workaround. Upgrades are an additional obstacle users should be aware of when attempting to using a custom kernel.
Users who rebuild their kernel also need to pay attention to whether their carrier board requires any vendor modifications to the kernel or DTBs. For example, it looks like the Connect Tech users must request patches from tech support.