In trying to use wireguard under gentoo for the first time, I was warned that the NET_UDP_TUNNEL option was not in effect. Even as someone who knows their way around the Kconfig system, fulfilling this option was not trivial because the option is not under one's direct control. Instead, it was necessary to read the "depends on" declaration carefully in order to determine the correct course of action.
The more user-friendly approach might be to warn of the absence of NET_FOU instead. While such may not be strictly correct, it is an option that can be directly located and toggled by the user. It would also have the ebuild accord with your upstream documentation, which - as I later discovered - directly suggests that the "IP: Foo (IP protocols) over UDP" option be enabled in menuconfig.
Maybe it is because this bug is a bit old now - but the way I see it we could simply strip NET_UDP_TUNNEL (and maybe CRYPTO_ALGAPI as well) from the ebuild.
CONFIG_WIREGUARD should select the symbols NET_UDP_TUNNEL and NET_UDP_TUNNEL automatically.
I mean it should automatically select NET_UDP_TUNNEL and CRYPTO_ALGAPI according to Kconfig.
(In reply to Robin Hallabro-Kokko from comment #1)
> Maybe it is because this bug is a bit old now - but the way I see it we
> could simply strip NET_UDP_TUNNEL (and maybe CRYPTO_ALGAPI as well) from the
> CONFIG_WIREGUARD should select the symbols NET_UDP_TUNNEL and NET_UDP_TUNNEL
Indeed, it is more convenient to use >=5.6 but some people might prefer to use a longterm kernel. The 5.4 series will be supported through to the end of 2025. Also, we now have net-vpn/wireguard-modules, so it is valid that the checks continue to be defined there. I think that my request still makes sense but it would obviously need to applied to wireguard-modules at this point.