OPNsense 21.1.6 / Sensei 1.9 Wireguard -kmod compatible ? no filtering, CPU full

Started by Mondmann, May 28, 2021, 08:11:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 28, 2021, 08:11:47 PM Last Edit: May 28, 2021, 08:17:32 PM by Mondmann
Hello guys,
my question:
Is wireguard -kmod supported in OPNsense 21.1.6 with Sensei
1.9 supported.
With enabled wireguard - (wg0/wg1) interface in Sensei 1.9 there is no filtering of traffic.
Furthermore I noticed that the CPU load stays for a long time at full load up to
up to 90% for a long time and only normalizes when the wireguard interface is removed from Sensei.
Did I miss something? or are the hardworking Sunnyvalley guys still working on this?
a solution?

my setting: *Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver

Thanks in advance for a hint

Greetings from Germany
OPNsense 22.7.9*WG-kmod*OpenSSL*OpenVPN* AdGuardHome*i7-7700*32GB*256SSD*ix0-1, igb0-4, em0*OpenVPN+Wireguard WG0, WG1*NetGear ProSafe XS508*AP Netgear WAX610*alles echtes Blech* Sorry, my English is translated via app*
May 28, 2021, 08:42:31 PM #1
Hi,

wireguard-kmod is generally unsupported / experimental at the moment. And, yes, while wiregard-go is based on tun(4) devices packets can be inspected. That is not the case with the kernel module code which is its stripped-down driver counterpart without netmap(4) support.


Cheers,
Franco
May 29, 2021, 12:27:58 AM #2
@franco
thanks for the info...
OPNsense 22.7.9*WG-kmod*OpenSSL*OpenVPN* AdGuardHome*i7-7700*32GB*256SSD*ix0-1, igb0-4, em0*OpenVPN+Wireguard WG0, WG1*NetGear ProSafe XS508*AP Netgear WAX610*alles echtes Blech* Sorry, my English is translated via app*
Print
Go Up Pages1
User actions