Native-kernel wireguard support for 21.1 feasible? FreeBSD 13 may have it

Started by TheLinuxGuy, January 19, 2021, 06:34:10 AM

Previous topic - Next topic
Print
Go Down Pages 1 ... 5 6 7
User actions
March 30, 2021, 07:14:42 PM #90
Keep in mind that's currently considered an experimental drop in replacement.

We will work on the plugin integration first then see what we need to do on the kernel side. Jason published a TODO list:

https://git.zx2c4.com/wireguard-freebsd/tree/TODO.md


Cheers,
Franco
March 30, 2021, 10:21:26 PM #91
please dont break my wireguard plugin install when it changes over to a new way - I rely on it daily. Would be a nightmare to reconfigure all deployed clients.
March 31, 2021, 09:05:23 AM #92
Nothing changed in the way OPNsense WireGuard (go) works. We are looking into reports that the upstream WireGuard tooling has issues in its latest update but too early to tell and several users reported WireGuard works fine on 21.1.4 using go or experimental kmod.


Cheers,
Franco
April 02, 2021, 07:55:32 PM #93
Nice throughput!  :)
Tested with a MacBookPro 2020 M1 using a 2.5G adapter, connected to the OPNsense WAN network.
OPNsense runs on a Proxmox host with an i3-7100 CPU using Virtio ethernet. Mainboard is Supermicro with 2 10G SFP+ (Supermicro card).
April 26, 2021, 02:46:45 AM #94
I'm very curious about the kernel implantation of Wireguard and I have already tried it out and was able to nearly max out my 1gbit connection on a AM4 200GE. I am really loving the performance of Wireguard so far, and even more the kernel version, however the only downside so far I have noticed playing around with Wireguard so far is that you can't use two Wireguard connections on two different Wan interfaces. Currently Wireguard will always use the default gateway no matter what you'll do. I am wondering if it would be possible to implement dual Wan support with the new kernel version?
Intel Xeon 1225v5
Supermicro X11SSM-F
16GB DDR4 ECC UDIMM
Mellanox ConnectX-3
April 26, 2021, 06:01:32 AM #95
Jason told me it should work now
April 27, 2021, 07:17:45 AM #96
Quote from: mimugmail on April 26, 2021, 06:01:32 AM
Jason told me it should work now

This is great to hear. This also means load balancing with two Wireguard connections should be possible then too right? Would love to try this out at some point.
Intel Xeon 1225v5
Supermicro X11SSM-F
16GB DDR4 ECC UDIMM
Mellanox ConnectX-3
April 27, 2021, 09:13:21 AM #97
Just install the kmod package and reboot, then it should be fine.
April 27, 2021, 06:55:05 PM #98 Last Edit: April 27, 2021, 07:08:32 PM by frankw
Hi all,

I have to say this worked beautifully for me, I tried this out using 3 WireGuard connections in a Gateway Group on a 1Gbps up/down line. Was not able to get over around 400MBps down before and CPU was maxed out, now it is peaking around 900Mbps. CPU still fluctuates, but it seems like the speed is much better :D

https://ibb.co/Sy6pnXz
https://ibb.co/Vm9pXkJ
https://ibb.co/cNf0Ryq

Be careful what speedtest binary you are using, I was originally trying alpine linux package and the results were nonsensical around 150Mbps, these results are using Ookla 1.0.0.2 (5ae238b). Thanks to all who put in their hard work on this.
April 27, 2021, 07:11:42 PM #99
Glad to hear it working great for you. I also find it worth using a known good speedtest server.

I usually try and use http://ovh.net as I know all their test locations are 10gbit connections, if speedtest.net is looking to give odd/varying results.
Adventuring through internet pipes
My Blog
April 30, 2021, 02:38:40 PM #100
Quote from: FingerlessGloves on April 27, 2021, 07:11:42 PM
Glad to hear it working great for you. I also find it worth using a known good speedtest server.
I saw you have a script for PIA, curious if you were able to get port forwarding working using the new kernel mod with PIA, and if so how? :)
April 30, 2021, 02:51:45 PM #101
Quote from: frankw on April 30, 2021, 02:38:40 PM
Quote from: FingerlessGloves on April 27, 2021, 07:11:42 PM
Glad to hear it working great for you. I also find it worth using a known good speedtest server.
I saw you have a script for PIA, curious if you were able to get port forwarding working using the new kernel mod with PIA, and if so how? :)

Port forwarding works and its mentioned at the bottom of my Scripts README  :)
Adventuring through internet pipes
My Blog
April 30, 2021, 07:30:25 PM #102
Quote from: FingerlessGloves on April 30, 2021, 02:51:45 PM
Port forwarding works and its mentioned at the bottom of my Scripts README  :)
Ok thanks for confirming, I have been unable to get it working, if you wouldn't mind sharing your rules I would appreciate it.
June 20, 2021, 02:44:32 PM #103
Quote from: FingerlessGloves on April 27, 2021, 07:11:42 PM
Glad to hear it working great for you. I also find it worth using a known good speedtest server.

I usually try and use http://ovh.net as I know all their test locations are 10gbit connections, if speedtest.net is looking to give odd/varying results.

"ovh.net" does not even open for me in the browser, is that a public speedtest service by the way?
June 20, 2021, 06:17:56 PM #104
Quote from: Ricardo on June 20, 2021, 02:44:32 PM
Quote from: FingerlessGloves on April 27, 2021, 07:11:42 PM
Glad to hear it working great for you. I also find it worth using a known good speedtest server.

I usually try and use http://ovh.net as I know all their test locations are 10gbit connections, if speedtest.net is looking to give odd/varying results.

"ovh.net" does not even open for me in the browser, is that a public speedtest service by the way?

I get https by redirect, but it's unsecure as only ssl 1.0 and 1.1 are supported. Not worth the hassle....
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
Print
Go Up Pages 1 ... 5 6 7
User actions