OPNsense Forum
English Forums => Virtual private networks => Topic started by: gstyle on June 01, 2023, 01:59:05 pm
-
Hi,
I have set up a wireguard server on my opnsense.
I would like to monitor the traffic that is going over it.
I added the wireguard interface in Reporting -> NetFlow
However, it does not recognize the traffic.
And unfortunately also Zenarmor does not seem to work on the Wireguard interface.
Any ideas?
-
As far as I am aware, netmap is required for bsd to monitor the interfaces. I had the same problem and posted it on reddit yesterday. Basically, the only way to monitor wireguard is by using the Go Lang userspace implementation and not the kmod - netmap doesn't support the kmod version yet, that is why neither NetFlow, nor zenarmor can monitor it. For more info, check r/zenarmor - don't want to post the link here. After receiving their advice I opened this thread here: https://forum.opnsense.org/index.php?topic=34299.0
-
If I understand right, the main difference between go and kid is performance.
Anything else?
Can the performance difference be quantified?
I have a N5105 box and would need 100MBit....
-
Haven't migrated yet – don't want to be reconfiguring interfaces in the middle of the night in case something goes wrong. I'll do it this weekend. Despite Go being more CPU demanding and reportedly at least 50% less performant, I'm confident it will still fully saturate the 100 Mbit WAN. The WireGuard devs have an IRC channel, which can be found on the official site.
-
I just did the change. Just installed wireguard-go. Wireguard-kmod was removed automatically.
Configuration stayed as it was.
After a quick testing in my LAN, I did not see a speed difference for me.
The wg interface now shows up in Zenarmor.
-
I'm glad it worked out for you. I will be migrating tonight then.