Native-kernel wireguard support for 21.1 feasible? FreeBSD 13 may have it

Started by TheLinuxGuy, January 19, 2021, 06:34:10 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5 ... 7
User actions
March 15, 2021, 10:07:49 PM #30 Last Edit: March 15, 2021, 10:12:49 PM by Greelan
Fail. I remember reading a mailing list thread some months ago where, after learning that Netgate was working on a port, Donenfeld reached out to ask them to collaborate. The Netgate dev seemed strangely resistant. Can't readily put my hands on the thread again but it was eye-opening

Edit: found it - https://lists.freebsd.org/pipermail/freebsd-net/2020-February/055414.html
March 15, 2021, 10:46:19 PM #31 Last Edit: March 15, 2021, 10:48:24 PM by bubbagump
Quote from: franco on February 25, 2021, 11:39:22 AM
Define "included". The kernel patch doesn't help anyone with the wireguard plugin yet so rushing this is not useful and creates false expectations.

Considering the Netgate cowboy kernel module fiasco, I will gladly take this approach any day of the week.

To say this is scathing is being kind.

https://lists.zx2c4.com/pipermail/wireguard/2021-March/006494.html
March 16, 2021, 09:27:37 AM #32
Quote from: bubbagump on March 15, 2021, 10:46:19 PM
Quote from: franco on February 25, 2021, 11:39:22 AM
Define "included". The kernel patch doesn't help anyone with the wireguard plugin yet so rushing this is not useful and creates false expectations.

Considering the Netgate cowboy kernel module fiasco, I will gladly take this approach any day of the week.

To say this is scathing is being kind.

https://lists.zx2c4.com/pipermail/wireguard/2021-March/006494.html

;D
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
March 16, 2021, 09:53:45 AM #33
Is there any estimate on when OpnSense will have Jason's implementation of WG ? I'm currently fine with OpenVPN, but looking toward WG.
March 16, 2021, 11:18:56 AM #34
Hmmm, as the cowboy wrote in his rant, Netgate will block any secure and reliable kernel implementation of wg.

So it would be HardendBSDs turn to implement that. Maybe we should start a fund-raiser here? I would be happy to do some testing, if necessary...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
March 16, 2021, 01:03:46 PM #35
Quote from: 134 on March 16, 2021, 09:53:45 AM
Is there any estimate on when OpnSense will have Jason's implementation of WG ? I'm currently fine with OpenVPN, but looking toward WG.

OPNSense already has it via the official Go module. It's not kernel based which is slightly (very slightly) slower, but it's secure and MUCH faster than anything else out there. Go Wireguard with reckless abandon now on OPNSense.
March 16, 2021, 01:35:36 PM #36
Wow netgate wireguard implementation reads great.

Quote
There were random sleeps added to "fix" race conditions, validation
functions that just returned true, catastrophic cryptographic
vulnerabilities, whole parts of the protocol unimplemented, kernel
panics, security bypasses, overflows, random printf statements deep in
crypto code, the most spectacular buffer overflows, and the whole litany
of awful things that go wrong when people aren't careful when they write
C. Or, more simply, it seems typical of what happens when code ships
that wasn't meant to. It was essentially an incomplete half-baked
implementation – nothing close to something anybody would want on a
production machine.
March 16, 2021, 01:40:29 PM #37
Things are still developing in real time it seems. One thing that stands out is that Netgate owns this debacle and has a lot of pull (money) in FreeBSD that it can get away with the initial merge. Then it tries the same approach when the WireGuard author works on FreeBSD improvements to get WireGuard out of all the source trees because they say so?

I mean we have this disaster now but we want to still trust the same people to solve the situation by making it worse after it got better? FreeBSD has a structural issue within its ranks that it needs to address. It only hurts the FreeBSD reputation as a whole to let this situation continue into the next couple of years.

For now we will merge whatever upstream work is going into the kernel module no matter if it is removed over there at some point or not. We can always trust in the available userland implementation. ;)


Cheers,
Franco
March 16, 2021, 01:52:03 PM #38
Guys .. you need to read the answer of Jason to what Scott wrote him directly ... somebody bring popcorn please ..

https://lists.zx2c4.com/pipermail/wireguard/2021-March/006499.html
March 16, 2021, 01:57:06 PM #39
Quote from: mimugmail on March 16, 2021, 01:52:03 PM
Guys .. you need to read the answer of Jason to what Scott wrote him directly ... somebody bring popcorn please ..

https://lists.zx2c4.com/pipermail/wireguard/2021-March/006499.html

Bavaria is a little late to this party, see the posts above :-p
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
March 16, 2021, 04:05:04 PM #40
6499 is a different one .. not everyone goes to threads and look at the replies in the archives, and this reply is even more joy to read ;)
March 16, 2021, 04:33:56 PM #41
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
March 16, 2021, 08:15:54 PM #42
...at least the trash is gone from the kernel, hope to see something better soonish

https://lists.zx2c4.com/pipermail/wireguard/2021-March/006504.html
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
March 16, 2021, 09:24:40 PM #43 Last Edit: March 16, 2021, 09:28:42 PM by franco
That means Netgate convinced FreeBSD to do what Scott Long suggested. Oh man, get ready for more shit in the next couple of years. This is just the beginning of the drama.


Cheers,
Franco
March 17, 2021, 06:28:10 AM #44 Last Edit: March 17, 2021, 03:37:31 PM by bimmerdriver
Quote from: franco on March 16, 2021, 09:24:40 PM
That means Netgate convinced FreeBSD to do what Scott Long suggested. Oh man, get ready for more shit in the next couple of years. This is just the beginning of the drama.


Cheers,
Franco
I'm not sure which is worse, that Netgate rammed their broken implementation of Wireguard into FreeBSD a few weeks before a release, expecting it to be part of the release, or that FreeBSD let them. It's amazing.
Print
Go Up Pages 1 2 3 4 5 ... 7
User actions