Text only | Text with Images

OPNsense Forum

Archive => 24.1, 24.4 Legacy Series => Topic started by: GuruLee on January 21, 2024, 02:28:20 PM

Title: 23.7.12 >> 24.1 RC1 Wireguard kernel mode netmap support
Post by: GuruLee on January 21, 2024, 02:28:20 PM
I'm being advised by Zenarmor to upgrade for the wireguard kernel mode netmap support, so I can effectively protect my wireguard interface.

Has anyone upgraded to 24.1 RC1 to test this and how stable is it?


Sent from my SM-N986U using Tapatalk

Title: Re: 23.7.12 >> 24.1 RC1 Wireguard kernel mode netmap support
Post by: Seimus on January 27, 2024, 02:04:31 AM
I was waiting for this implementation too,

If I will have time over this weekend I will test it out.

Regards,
S.
Title: Re: 23.7.12 >> 24.1 RC1 Wireguard kernel mode netmap support
Post by: GuruLee on January 31, 2024, 12:04:23 PM
I upgraded last night to 24.1 and no known issues so far. [emoji106]
I can now see Wireguard Internet egress traffic in Zenarmor, so I'm happy [emoji4] [emoji360][emoji482]

Sent from my SM-N986U using Tapatalk

Title: Re: 23.7.12 >> 24.1 RC1 Wireguard kernel mode netmap support
Post by: franco on January 31, 2024, 12:38:02 PM
It's still being worked on so I'd label it "experimental" for now. Use it with a grain of salt.


Cheers,
Franco
Title: Re: 23.7.12 >> 24.1 RC1 Wireguard kernel mode netmap support
Post by: Seimus on January 31, 2024, 01:37:36 PM
Thanks GuruLee,

I was not unable to upgrade over the weekend.

@franco
By your definition of "experimental" you mean its experimental till all the bugs will not be catched out? If yes do you know about some potential issues? Just curious here.

Regards,
S.

Title: Re: 23.7.12 >> 24.1 RC1 Wireguard kernel mode netmap support
Post by: franco on January 31, 2024, 02:50:17 PM
It's still being worked on by Zenarmor/Klara for FreeBSD inclusion and there have been some reports of lockups in internal testing.


Cheers,
Franco
Title: Re: 23.7.12 >> 24.1 RC1 Wireguard kernel mode netmap support
Post by: GuruLee on February 02, 2024, 07:09:04 PM
Quote from: franco on January 31, 2024, 12:38:02 PM
It's still being worked on so I'd label it "experimental" for now. Use it with a grain of salt.


Cheers,
Franco
So therefore we should exercise caution if we're on the fence with purchasing Zenarmor subscription for wireguard support [emoji6][emoji848][emoji1696]

Sent from my SM-N986U using Tapatalk

Title: Re: 23.7.12 >> 24.1 RC1 Wireguard kernel mode netmap support
Post by: johnmcallister on February 02, 2024, 11:27:13 PM
Quote from: GuruLee on January 31, 2024, 12:04:23 PM
I upgraded last night to 24.1 and no known issues so far. [emoji106]
I can now see Wireguard Internet egress traffic in Zenarmor, so I'm happy [emoji4] [emoji360][emoji482]

Sent from my SM-N986U using Tapatalk

I also upgraded to 24.1_1 and so far my 2 different Wireguard tunnels are working smoothly without any problems. (2 instances, with 1 peer per instance, the peers being different servers on unrelated networks.)
Title: Re: 23.7.12 >> 24.1 RC1 Wireguard kernel mode netmap support
Post by: Seimus on February 03, 2024, 05:07:48 PM
So I did today the upgrade to Major 24.1,

The Very experimental netmap driver on WG works very well in my opinion at least on 1st look.
I can see all statistic, connections and all related to WG from prespective of ZENARMOR. Performance looks good as well. I will keep an eye on this if from long run perspective it will not do some goofiness.

Franco many thanks to you and your team to taking the time and implementing this.

Regards,
S.
Text only | Text with Images