23.7.12 >> 24.1 RC1 Wireguard kernel mode netmap support

Started by GuruLee, January 21, 2024, 02:28:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 21, 2024, 02:28:20 PM
I'm being advised by Zenarmor to upgrade for the wireguard kernel mode netmap support, so I can effectively protect my wireguard interface.

Has anyone upgraded to 24.1 RC1 to test this and how stable is it?


Sent from my SM-N986U using Tapatalk

Protectli FW4C
Cybersecurity Practitioner, trail-runner, Mtb'er, self-hosted enthusiast, and audiophile.
January 27, 2024, 02:04:31 AM #1
I was waiting for this implementation too,

If I will have time over this weekend I will test it out.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
January 31, 2024, 12:04:23 PM #2
I upgraded last night to 24.1 and no known issues so far. [emoji106]
I can now see Wireguard Internet egress traffic in Zenarmor, so I'm happy [emoji4] [emoji360][emoji482]

Sent from my SM-N986U using Tapatalk

Protectli FW4C
Cybersecurity Practitioner, trail-runner, Mtb'er, self-hosted enthusiast, and audiophile.
January 31, 2024, 12:38:02 PM #3
It's still being worked on so I'd label it "experimental" for now. Use it with a grain of salt.


Cheers,
Franco
January 31, 2024, 01:37:36 PM #4
Thanks GuruLee,

I was not unable to upgrade over the weekend.

@franco
By your definition of "experimental" you mean its experimental till all the bugs will not be catched out? If yes do you know about some potential issues? Just curious here.

Regards,
S.

Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
January 31, 2024, 02:50:17 PM #5
It's still being worked on by Zenarmor/Klara for FreeBSD inclusion and there have been some reports of lockups in internal testing.


Cheers,
Franco
February 02, 2024, 07:09:04 PM #6
Quote from: franco on January 31, 2024, 12:38:02 PM
It's still being worked on so I'd label it "experimental" for now. Use it with a grain of salt.


Cheers,
Franco
So therefore we should exercise caution if we're on the fence with purchasing Zenarmor subscription for wireguard support [emoji6][emoji848][emoji1696]

Sent from my SM-N986U using Tapatalk

Protectli FW4C
Cybersecurity Practitioner, trail-runner, Mtb'er, self-hosted enthusiast, and audiophile.
February 02, 2024, 11:27:13 PM #7
Quote from: GuruLee on January 31, 2024, 12:04:23 PM
I upgraded last night to 24.1 and no known issues so far. [emoji106]
I can now see Wireguard Internet egress traffic in Zenarmor, so I'm happy [emoji4] [emoji360][emoji482]

Sent from my SM-N986U using Tapatalk

I also upgraded to 24.1_1 and so far my 2 different Wireguard tunnels are working smoothly without any problems. (2 instances, with 1 peer per instance, the peers being different servers on unrelated networks.)
February 03, 2024, 05:07:48 PM #8
So I did today the upgrade to Major 24.1,

The Very experimental netmap driver on WG works very well in my opinion at least on 1st look.
I can see all statistic, connections and all related to WG from prespective of ZENARMOR. Performance looks good as well. I will keep an eye on this if from long run perspective it will not do some goofiness.

Franco many thanks to you and your team to taking the time and implementing this.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
Print
Go Up Pages1
User actions