Wireguard interface active, but Zenarmor not filtering/reporting data.

Started by Imnot A Robot, August 16, 2023, 05:41:08 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
August 31, 2023, 04:41:08 PM #15
Thanks a lot for your work, much appreciated!  :)
September 01, 2023, 07:40:54 AM #16
Quote from: wirefall on August 31, 2023, 04:07:38 PM
Any news regarding this issue? I also have the same here, no wireguard traffic in Zenarmour, engine stops with same alert "Cannot validate interface:..." so I always have to restart...

Opnsense 23.7.3
os-wireguard 2.0_2
os-sensei 1.14.5

Thanks a lot!

If you want to use Zenarmor with WG, you've to install Wireguard Go instead of Wireguard (remove os-wireguard, install os-wireguard-go (System: Firmware -> Packages))

Zenarmor is currently not able to detect the WG Kernel Module interfaces. I guess this will resolve your "Cannot validate interface" issue.

The issue that we have is, that Zenarmor is able to detect the WG interfaces, but it can't inspect the traffic due to the missing TUN  patch.
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
September 01, 2023, 09:02:54 AM #17
# opnsense-update -zkr 23.7.2-tun
# opnsense-shell reboot


Cheers,
Franco
September 01, 2023, 12:06:10 PM #18
Thanks a lot Franco, the results:

1. Alerts ("Cannot validate interface:...") are not showing up anymore so far, also no engine stop

2. Dashboard Traffic still only shows dead flat lines for wg interface, and in Live Sessions there is no wg data

So I guess the engine stop is fixed with your tun patch :)

Now waiting for wireguard-kmod netmap support. Thanks in advance to Zenarmour team addressing this important feature!  :)
September 02, 2023, 11:57:49 AM #19
YAY! It's working again!  :)

WG traffic is inspected and blocked as before the OPNsense update. Thanks a lot for your support!
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
September 05, 2023, 12:44:31 PM #20
Quote from: mb on August 26, 2023, 09:09:31 PM
Hey @franco,

Thanks for the heads-up. Yes, it the tun patch is not in 23.7, that must be the reason.

Looking forward to the test kernel; team will go ahead and test it.

WRT wireguad-kmod netmap support, we're working on it to see whether it would be feasible to develop/maintain. We'll reach out to the team once we have some meaningful progress.

Any news regarding wireguad-kmod netmap support? Thanks a lot  :)
September 05, 2023, 04:30:23 PM #21
Hi all,

Thank you for your inquiry. I am pleased to inform you that we plan to support it before the release of OPNsense 24.1 version. If you have any further questions or concerns, please do not hesitate to contact to Zenarmor team.

Best regards,
September 06, 2023, 12:22:45 AM #22
this is really great news, thank you very much indeed!  :)
Print
Go Up Pages 1 2
User actions