Wireguard kernel not working like it should

[RamSense]

Anybody else having problems with Wireguard Kernel vs go?

Wireguard road warrior, always vpn running on devices like Iphone etc. So when back at home at wifi, the devices are still using vpn (just laziness and having vpn while leaving wifi). But with the kernel version now with Opnsense OPNsense 23.1-amd64, after some time the device (on wifi with vpn) does not get any data, no browsing, no apps, looks like traffic gets blocked. rebooting the opnsense box fixed it, but again after some time, same bug.
I swiched back to the *go version now, and all is working like it should. I do not know how to find the log or seek errors, that is why i mention it here so others can test and see if they can replicate it.

I'm using wireguard with ipv4 and ipv6

[franco]

Switch back to os-wireguard-go if you have issues.

I do still consider wireguard-kmod an elaborate hit-and-run and that issues remaining will only be gradually improved as new FreeBSD versions are being released...


Cheers,
Franco

[Patrick M. Hausen]

franco, I have no problems with either - go or kmod. What's the official default configuration now for 23.1? When using the kmod, the services widget still lists wireguard-go and flags it red.

Thanks! Perfectly smooth upgrade so far.
Patrick

[franco]

kmod is the default now because users have been pushing for it. It will also be available in FreeBSD 13.2 as far as I understand. But there are hiccups with it for sure as we can see now with 23.1. Minor ones, but disruptive nonetheless.

I made a patch for the service widget... https://github.com/opnsense/plugins/commit/2ed1f987eb97d

# opnsense-patch -c plugins 2ed1f987eb97d


Cheers,
Franco

[kalpik]

Excellent! Came here to talk about the service widget indeed. Will try this patch :)

Edit: And the patch works perfectly! Thanks :)

[Patrick M. Hausen]

Same - works. Thanks.

[franco]

Yay, progress :)

[flushell]

Thanks, patch is working.
Do I have to worry with updates in the future after patching? Like, do I have to do anything with the next update or will all things be handled automatically when this is updated in the main version?

[franco]

Will be included in 23.1.1 so no problem with update.


Cheers,
Franco

[RamSense]

Thanks all for the replies and update/patch. I will test it again when version 23.1.1 is available.

[franco]

What exactly is "it"? I don't expect functional changes for either go or kmod in 23.1.1.

Michael mentioned a netmask issue between go and kmod where kmod is more restrictive and only allows /32 endpoints?


Cheers,
Franco

[RamSense]

I have 2 endpoints configured.
1 ipv4 /32 and 1 ipv6 /128

the "it" is what I can not identify (yet). The kernel version works at start, but after some time stops working. It could be to do with the ipv6 endpoint. The go version keeps on running as it should.

[franco]

Ok, but in this case I have no hopes for 23.1.1 from what we know today. Something will be wrong somewhere, but any other 23.1.x may be more realistic.

I'll try to place this here again for emphasis:

kmod is the default now because users have been pushing for it. It will also be available in FreeBSD 13.2 as far as I understand. But there are hiccups with it for sure as we can see now with 23.1. Minor ones, but disruptive nonetheless.

Cheers,
Franco

[agh1701]

Thank you Franco, The patch worked.

Al

[tiermutter]

@RamSense what's the time we are talking about?
I have also set up my clients using v4 and v6. Normally my Android phone automatically disconnects WG when at home wifi, but for testing purposes I disabled this behaviour and for now I am online with WG on wifi coming home with WG on 5G/LTE for about one hour without any problems.