Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard VPN traffic monitoring
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard VPN traffic monitoring (Read 1826 times)
gstyle
Newbie
Posts: 24
Karma: 0
Wireguard VPN traffic monitoring
«
on:
June 01, 2023, 01:59:05 pm »
Hi,
I have set up a wireguard server on my opnsense.
I would like to monitor the traffic that is going over it.
I added the wireguard interface in Reporting -> NetFlow
However, it does not recognize the traffic.
And unfortunately also Zenarmor does not seem to work on the Wireguard interface.
Any ideas?
Logged
khs
Newbie
Posts: 6
Karma: 0
Re: Wireguard VPN traffic monitoring
«
Reply #1 on:
June 01, 2023, 09:09:47 pm »
As far as I am aware, netmap is required for bsd to monitor the interfaces. I had the same problem and posted it on reddit yesterday. Basically, the only way to monitor wireguard is by using the Go Lang userspace implementation and not the kmod - netmap doesn't support the kmod version yet, that is why neither NetFlow, nor zenarmor can monitor it. For more info, check r/zenarmor - don't want to post the link here. After receiving their advice I opened this thread here:
https://forum.opnsense.org/index.php?topic=34299.0
«
Last Edit: June 01, 2023, 09:11:46 pm by khs
»
Logged
gstyle
Newbie
Posts: 24
Karma: 0
Re: Wireguard VPN traffic monitoring
«
Reply #2 on:
June 01, 2023, 09:40:22 pm »
If I understand right, the main difference between go and kid is performance.
Anything else?
Can the performance difference be quantified?
I have a N5105 box and would need 100MBit....
Logged
khs
Newbie
Posts: 6
Karma: 0
Re: Wireguard VPN traffic monitoring
«
Reply #3 on:
June 01, 2023, 11:10:13 pm »
Haven't migrated yet – don't want to be reconfiguring interfaces in the middle of the night in case something goes wrong. I'll do it this weekend. Despite Go being more CPU demanding and reportedly at least 50% less performant, I'm confident it will still fully saturate the 100 Mbit WAN. The WireGuard devs have an IRC channel, which can be found on the official site.
Logged
gstyle
Newbie
Posts: 24
Karma: 0
Re: Wireguard VPN traffic monitoring
«
Reply #4 on:
June 02, 2023, 10:26:51 am »
I just did the change. Just installed wireguard-go. Wireguard-kmod was removed automatically.
Configuration stayed as it was.
After a quick testing in my LAN, I did not see a speed difference for me.
The wg interface now shows up in Zenarmor.
Logged
khs
Newbie
Posts: 6
Karma: 0
Re: Wireguard VPN traffic monitoring
«
Reply #5 on:
June 02, 2023, 03:17:22 pm »
I'm glad it worked out for you. I will be migrating tonight then.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard VPN traffic monitoring