OPNsense Forum

English Forums => Sensei => Topic started by: Mondmann on May 28, 2021, 08:11:47 pm

Title: OPNsense 21.1.6 / Sensei 1.9 Wireguard -kmod compatible ? no filtering, CPU full
Post by: Mondmann on May 28, 2021, 08:11:47 pm
Hello guys,
my question:
Is wireguard -kmod supported in OPNsense 21.1.6 with Sensei
1.9 supported.
With enabled wireguard - (wg0/wg1) interface in Sensei 1.9 there is no filtering of traffic.
Furthermore I noticed that the CPU load stays for a long time at full load up to
up to 90% for a long time and only normalizes when the wireguard interface is removed from Sensei.
Did I miss something? or are the hardworking Sunnyvalley guys still working on this?
a solution?

my setting: *Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver

Thanks in advance for a hint

Greetings from Germany
Title: Re: OPNsense 21.1.6 / Sensei 1.9 Wireguard -kmod compatible ? no filtering, CPU full
Post by: franco on May 28, 2021, 08:42:31 pm
Hi,

wireguard-kmod is generally unsupported / experimental at the moment. And, yes, while wiregard-go is based on tun(4) devices packets can be inspected. That is not the case with the kernel module code which is its stripped-down driver counterpart without netmap(4) support.


Cheers,
Franco
Title: Re: OPNsense 21.1.6 / Sensei 1.9 Wireguard -kmod compatible ? no filtering, CPU full
Post by: Mondmann on May 29, 2021, 12:27:58 am
@franco
thanks for the info...