Post by: sam_vde on November 14, 2021, 11:10:28 am
I was wondering what the general state of wireguard is currently? I have a non-critical issue but was just wondering about what I can expect at this moment (I understood wireguard on BSD has some legacy) and/or what the current best practice is around wireguard on opnsense.
Thanks all!
Krgds
Post by: chemlud on November 14, 2021, 11:14:33 am
Post by: Patrick M. Hausen on November 14, 2021, 11:18:28 am
There has never been a debate about or a problem with the golang implementation.
Post by: sot3 on November 19, 2021, 11:34:16 pm
I see os-wireguard under Plugins, and under Packages I have os-wireguard-devel, wireguard-go, and wireguard-tools.
Post by: Greelan on November 20, 2021, 12:32:12 am
pkg install wireguard-kmod
Then reboot and the system will use the kmod rather than go implementation. The plugin interface should still interact with it OK
Note of course the kmod is still under development and so not officially supported by OPNsense devs
Post by: sot3 on November 20, 2021, 05:12:13 pm
Post by: Patrick M. Hausen on November 20, 2021, 05:14:13 pm
Bug, of course, but that was my experience and since the WG widget exists, I can live with that.
Post by: sot3 on November 20, 2021, 07:07:33 pm
Post by: Greelan on November 20, 2021, 09:06:43 pm
Hmmm...thanks. I've done that and rebooted but now wireguard-go always shows red on the Services dashboard. What log should I be looking at?The wireguard-go package would be showing as not running because the wireguard-kmod package is being used instead. If you removed the wireguard-go package from your system then it would no longer be listed.
Glad it is working for you. I have never had much luck when I tried the kmod. On a previous occasion when I tried it I mysteriously lost all DNS resolution on OPNsense. When I tried it yesterday, my IPv6 WAN interface simply refused to come up due to a reported “invalid gateway” on it. There is obviously something about my setup that doesn’t play nice with the kmod, but given the issues created are seemingly unrelated I just can’t figure out what :(
Post by: juere on November 22, 2021, 12:12:37 am
set it up and use it. no issues here for months... (using go implementation)Same here for wireguard-kmod.
No issues for >6 months of production use and much faster than the Wireguard-Go implementation :)
Post by: Greelan on November 27, 2021, 07:09:44 am
. Nice speeds too in my early testing
Post by: sot3 on December 10, 2021, 10:23:44 pm
Post by: Greelan on December 10, 2021, 10:34:09 pm
Post by: chemlud on December 11, 2021, 09:30:40 am
Will the kernel package be included in 22.1? I didn't follow the BSD-Wiregurad drama...
Post by: Greelan on December 11, 2021, 10:45:11 am
Code: [Select]
pkg install wireguard-kmodThen reboot
I suspect it is more likely 22.7. The kmod is still in development and in fact the pace seems to have slowed a bit in recent months: https://git.zx2c4.com/wireguard-freebsd/
The FreeBSD-wireguard saga was more a pfSense-wireguard saga when they tried to go their own way in developing the kmod and botched it. Donenfeld came to the rescue and has been developing it out of tree since
Post by: chemlud on December 11, 2021, 11:41:13 am
Post by: Greelan on December 11, 2021, 11:44:09 am
Post by: chemlud on December 11, 2021, 12:28:19 pm