OPNsense Forum
Archive => 19.7 Legacy Series => Topic started by: Rainmaker on August 26, 2019, 11:46:57 pm
-
I regrettably had to move away from OPNsense to better use WireGuard on my router. At that time, the great work being done on (what was then named) os-wireguard-devel was being hindered by an upstream bug in FreeBSD. This was causing kernel panics and crashes when running WireGuard on UFS systems like OPNsense. That's the best of my recollection, anyway.
In the meantime, I wiped the Dell Optiplex 7010 (i7 3700, 8GB RAM, Intel Pro 1000PT server NIC) that lives at the edge of my network. Basically I 'made' my own router from scratch using Arch Linux, dnscrypt-proxy, WireGuard, Shorewall and so on. This has been working OK but it's a bit 'hacky' and cobbled together.
I was delighted to see that OPNsense now has a stable release os-wireguard, and from limited testing in a VM it seems OK (it's hard to properly test OPNsense between VMs due to my home network setup). Can anyone please confirm that the above bug has been fixed upstream, and that I should be safe (as anyone can be) to reinstall OPNsense on my router and set up WireGuard on there for one of my LAN subnets? I am to keep my network as follows:
WAN (cable modem, DHCP)
LAN1 > ProSafe switch > (trusted, local devices etc)
LAN2 > ProSafe switch > (DMZ, servers and NAS, WiFi, IoT)
wg0 (routing devices from LAN1)
Thanks in advance.
-
Yep, fixed in May 2019:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233955
-
Ah so it was (at least) two issues in the end. Nice to see it so well tended and fixed. Thanks.
-
Plus wireguard people were nice enough to build software workarounds and push scripts to FreeBSD to reproduce the issues. It was one the the main reasons why we kept wireguard development-only in 19.1 and below.
Cheers,
Franco
-
Hi Franco. Yeah I saw the patches from Jason on the bug report. He's a good guy. I've been on the WireGuard mailing list since forever, it's how I spotted the plugin had gone stable on here. Thanks again. :)