Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Did I misunderstand wireguard, zenarmor, kmod?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Did I misunderstand wireguard, zenarmor, kmod? (Read 2516 times)
allebone
Sr. Member
Posts: 402
Karma: 34
Did I misunderstand wireguard, zenarmor, kmod?
«
on:
July 31, 2022, 07:13:31 pm »
I switched to kmod a while ago and was happily waiting for zenarmor to ‘catch up’ and eventually be able to support monitoring on the kmod version of wireguards interface. However now I am thinking that will never happen as the kmod version is stripped down and missing stuff that sensei/zenarmor needs to work. Did I imagine that it was possible for the kernel version of wireguard to be supported one day by zenarmor or is that impossible by design and I shoumd be using wireguard go instead?
Logged
mb
Hero Member
Posts: 941
Karma: 99
Re: Did I misunderstand wireguard, zenarmor, kmod?
«
Reply #1 on:
August 01, 2022, 04:54:43 am »
Hi @allebone,
Yes, the problem with wireguard kmod is that it does not have netmap support. For now, the best option would be wireguard go if you want to monitor the wireguard interface with zenarmor.
Having said that, we want to help wireguard kmod have netmap support and for that we're looking into several alternatives to make that happen.
Logged
allebone
Sr. Member
Posts: 402
Karma: 34
Re: Did I misunderstand wireguard, zenarmor, kmod?
«
Reply #2 on:
August 01, 2022, 11:14:43 pm »
I understand. Is the roadmap in years or months for this? Just want to understand if we are 6 months or 6 years away.
Logged
mb
Hero Member
Posts: 941
Karma: 99
Re: Did I misunderstand wireguard, zenarmor, kmod?
«
Reply #3 on:
August 02, 2022, 03:16:55 am »
Hi @allebone, Sorry for making you wait.
The challenge for us here is that netmap is part of the Operating System and is developed and maintained by its own team. Since it's not part of zenarmor codebase, we reach out to the authors and sponsor this kind of development.
This generally takes longer than shipping a zenarmor functionality.
Having said that, the "current plans" are that we'll be sponsoring another round of work, sometime during this year.
I hope this answer is more helpful to you.
Logged
allebone
Sr. Member
Posts: 402
Karma: 34
Re: Did I misunderstand wireguard, zenarmor, kmod?
«
Reply #4 on:
August 02, 2022, 04:08:46 am »
Thank you, very helpful.
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: Did I misunderstand wireguard, zenarmor, kmod?
«
Reply #5 on:
August 02, 2022, 10:11:15 am »
Small historic context here:
The WireGuard version done by pfSense actually had iflib/netmap support but failed spectacularly with regard to implementational security. The kmod version rewrite omitted the iflib (and therefore netmap support) in part for complexity reasons and in part for not wanting to deal with it by the authors to race to the finish line.
So that's where we are now.
Cheers,
Franco
Logged
mb
Hero Member
Posts: 941
Karma: 99
Re: Did I misunderstand wireguard, zenarmor, kmod?
«
Reply #6 on:
August 03, 2022, 07:09:23 am »
Thanks @franco, very much helpful. I'll be reaching out to you about this.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Did I misunderstand wireguard, zenarmor, kmod?
