Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: ChirpyTurnip on April 14, 2023, 05:06:37 AM

Title: Wireguard Status + Handshakes - Not sure if this could be done worse?
Post by: ChirpyTurnip on April 14, 2023, 05:06:37 AM
Hi Folks,

Been playing more with WG and I have to say that I don't know why much of it has been implemented in the worst possible way - the only possible explanation is that it's designed by someone who doesn't use the GUI and simply spend their whole life in the CLI. Kudos to them, I'm too dumb to CLI stuff, so I need to do my best in the GUI....but OMG it is a shocker.

Set up a local connection - Give it a name and generate some keys, save
Set up a peer - Give it a name, jump to the CLI, generate a PSK, do some other stuff, save

Now you think you'd want to be able to check the status of this somewhere - like check for Connection X + Peer Y? But oh no!

That would be simple and logical! We know you defined your connections as RAS_Admin, RAS_WWW, Tunnel_1, Tunnel_2, and Tunnel_3, but in the status screen you can *ONLY* reference local connection via the Interface ID, BECAUSE THATS THE HARDEST WAY POSSBLE, so best you know whether you're looking for WG1, WG2, WG3, WG4, or WG5. So go back and look it up, OK - we're looking for WG3. Phew....now let's check the peer status.

Oh yes, you might have given it a name like "Steve_Laptop" but you going to have to find the peer by looking for the PUBLIC KEY identifier because THAT'S THE HARDEST WAY POSSIBLE.

Alternatively, we can also use the status screen - that will give you a nice compact view:

wg1   8EvPut6AL+j/LudefUj65Nv1rk9egA9V99UJyITuGkuH4=   1681440860
wg1   0NSrxaadh8WLXnIeHvq5frGPlqqK7jmCliBzugIq112w=   1681286855
wg1   +yORIHYTEDK8DJ*djd83jdM01KCFa9foRqH1gQGaAE=   0
wg2   /mgdTRoYwoRPdwLlqbGL1HO5yATBL+L3YngzQjdiARI=   0

Gosh. That's informative. Not.

I'm a sparrow's fart away from tossing it in and running back to pfSense - I hate to be there but while I feel the need to shower after using it to get the smell off my hands, at least I don't have the urge to stab myself in the eyeballs with a blunt pencil.

OPNsense has so much potential but if it can't be made user friendly then what's the point? It's not just WG either, this seems to be the general approach to the UX - put the top menu bar as a side bar, high fives all around as we're not different and modern, then to hell with the rest of it! I keep hitting these sorts of usability issues where something simple is just plain hard for no reason other than the fact that someone CHOSE to make it obnoxiously difficult or obscure....

It is making me question my decision to migrate....because everything is unnecessarily painful. Seriously dying on the inside here...took days of effort to move everything over and now that I've over it is still an ongoing source of pain. :'(

Title: Re: Wireguard Status + Handshakes - Not sure if this could be done worse?
Post by: Demusman on April 14, 2023, 12:42:09 PM
You forgot to mention assigning peers.
Why do we have to go back to the tunnel and assign a peer there???
You're not assigning a tunnel to a peer, you assign a peer to a tunnel.
Out the assignment on the peer "screen" and select the tunnel you're assigning it to.
But that makes too much sense for opnsense.
I've said it for a long time now, the interface is a mess.
Title: Re: Wireguard Status + Handshakes - Not sure if this could be done worse?
Post by: BondiBlueBalls on April 14, 2023, 04:06:43 PM
I'll bet you two are wonderful to work with.  ::)

Why is it so difficult to be polite and kind to the people who build the free and open software we use? Don't like something and think you have a good idea? Reign in your entitlement and provide constructive feedback. If you can't manage that, make the changes yourself and create a PR.

This thread is embarrassing.
Title: Re: Wireguard Status + Handshakes - Not sure if this could be done worse?
Post by: Demusman on April 15, 2023, 08:38:02 PM
Quote from: BondiBlueBalls on April 14, 2023, 04:06:43 PM
I'll bet you two are wonderful to work with.  ::)

Why is it so difficult to be polite and kind to the people who build the free and open software we use? Don't like something and think you have a good idea? Reign in your entitlement and provide constructive feedback. If you can't manage that, make the changes yourself and create a PR.

This thread is embarrassing.

Aww, sorry to hurt your precious feelings.
If you weren't so sensitive you'd be able to admit that this thread is 100 accurate.
Title: Re: Wireguard Status + Handshakes - Not sure if this could be done worse?
Post by: Greelan on April 16, 2023, 12:26:11 AM
No, BondiBlueBalls is "100 accurate". By all means make suggestions for improvement or highlight problems (preferably with ideas for solutions) - just don't be a dick about it.
Title: Re: Wireguard Status + Handshakes - Not sure if this could be done worse?
Post by: Demusman on April 16, 2023, 01:18:31 AM
Quote from: Greelan on April 16, 2023, 12:26:11 AM
No, BondiBlueBalls is "100 accurate". By all means make suggestions for improvement or highlight problems (preferably with ideas for solutions) - just don't be a dick about it.

By all means, go ahead and point out what is inaccurate in either of the first two posts.
Title: Re: Wireguard Status + Handshakes - Not sure if this could be done worse?
Post by: tiermutter on April 16, 2023, 01:45:18 AM
I agree setting up WG is kind of confusing when it talks about "allowed IPs" and "keys", always meaning a different thing to set on specific side. Thats a WG problem, not OPNsense.
I also agree, that it would be nice to see peer's name instead of clients public key in status page... that is what OPNsense can manage, but someone need to do it... did you?
And I also agree, that setting up WG is kinda walking though CLI, but I've only seen "nicer" ways to setup clients like scanning QR on something like FritzBox... I don't know how pfsense is dealing with that all, maybe they do better. Than again OPNsense can manage better ways, again someone must do it.......... do it or make suggestions for it, but always respect the work of those working for (maybe) more important things on a great firewall solution.
Title: Re: Wireguard Status + Handshakes - Not sure if this could be done worse?
Post by: Greelan on April 16, 2023, 02:04:57 AM
Quote from: Demusman on April 16, 2023, 01:18:31 AM
By all means, go ahead and point out what is inaccurate in either of the first two posts.
Like in the past, you have missed my point - maybe it's deliberate?
Title: Re: Wireguard Status + Handshakes - Not sure if this could be done worse?
Post by: ChirpyTurnip on April 16, 2023, 06:48:39 AM
I'm not here to set anything on fire, and I've been told I'm a delight to work with because the development I do (almost all in SQL) is always tailored to user requirements and is built in such a way to be as painless as possible. I find that it takes a little more effort to get it simple but that the reduction in support calls I get is totally worth it! I also prepare detailed release notes, and I update a user support wiki as I go - again, a lot of effort, but it makes the user experience so much nicer that they actually look forward to new releases so see what's been cooking in the kitchen!

Perhaps that's why I find the OPNsense UI so chaffing? I totally get that this work is 99% volunteer driven and that it's a thankless task, but if a job is worth doing it's worth doing WELL. I'd love to tell my colleagues to dump pfSense and go OPNsense too, but I know some of them will not make a jump when things are still a little rough around the edges. The irony here of course is that there are rubbish products out there with great GUIs that people love, and there there's a great product like OPNsense and really the GUI is what's holding it back - I found (one way or another) a way to do everything I did in pfSense, and yet it is always 'smoother' and 'easier' in pfSense.

There's nothing wrong with providing some feedback to the effect, and I don't think there's any need to take offense as none was intended. However, in my experience the best feedback is that which is honest and actionable - otherwise it is just a moan. I tried to be clear and specific, and I wish I write some updates and PR them, but I know my limits and this is not my space. That doesn't mean I can't be passionate about UX....and with a bit of polish the WG module can go from "workable" to "awesome"....it's not even a lot of work as it is only UI....and everything you need is already there!

How can we help?

Title: Re: Wireguard Status + Handshakes - Not sure if this could be done worse?
Post by: Greelan on April 16, 2023, 08:14:46 AM
Quote from: ChirpyTurnip on April 16, 2023, 06:48:39 AM
How can we help?
https://github.com/opnsense/plugins/tree/master/net/wireguard
Title: Re: Wireguard Status + Handshakes - Not sure if this could be done worse?
Post by: Demusman on April 16, 2023, 12:32:47 PM
Quote from: Greelan on April 16, 2023, 02:04:57 AM
Quote from: Demusman on April 16, 2023, 01:18:31 AM
By all means, go ahead and point out what is inaccurate in either of the first two posts.
Like in the past, you have missed my point - maybe it's deliberate?

Didn't miss your point at all, but maybe it's aimed in the wrong direction?

When someone points out a problem, especially one that is constantly brought up, and then they get a response of "I'll bet you two are wonderful to work with.  ::)" and "This thread is embarrassing.", Who's being the dick?
There was nothing in the original posts that was out of line or meant with malice. And there was no need to reply like he or she did about it.
As for my response, yes, I give what I get.

And I'll reiterate, it was 100% accurate. Please point out the inaccurate points.
Text only | Text with Images