How to switch to wireguard-go in 23.7?

[Mechman]

Hi all,

I'm running wireguard-go in 23.1. After updating to 23.7 wireguard-go is still listed as installed, but it seems the kmod variant is used, as the issues described in this post https://forum.opnsense.org/index.php?topic=32110.msg155352#msg155352 are reappearing. Also there is no longer a running wireguard-go process and the services only list wireguard as running.
Tried switching between both plugins as I did in 23.1, but I still cannot make the system use the go variant.

Thanks for your help!

[franco]

Screenshot of plugin list please.


Cheers,
Franco

[Mechman]

Here you go:

[Mechman]

Additionally services and processes.

[franco]

Ah, this is great. wireguard-go doesn't work because FreeBSD 13.2 has WireGuard in the kernel. -.-

I'll try to see if I can fix this for 23.7.2.


Cheers,
Franco

[Mechman]

Thanks!

[franco]

For reference:

https://github.com/WireGuard/wireguard-tools/blob/13f4ac4cb74b5a833fa7f825ba785b1e5774e84f/src/wg-quick/freebsd.bash#L117-L129

wg-quick just tries to add an interface and if it works it ignores the go implementation.

I don't see another choice but to disable the WireGuard kernel module.


Cheers,
Franco

[franco]

PS: Maybe if you do this you can trick it into using go on the next reboot:

# mv /boot/kernel/if_wg.ko /root

[Mechman]

Nice, that works!

[RamSense]

@Mechman: I was experiencing the malfunction of the WG kernel (and go as of latest OPNsense update) [Wireguard handshakes are timing out] but I managed to keep it working by adding this in the endpoint(s)

Keepalive Interval 25

[Mechman]

I already have keepalives active, but still packets were sent out the wrong interface. For now go works fine, I will monitor this as it is an intermittent issue.

[Mechman]

The fix in 23.7.2 is working, wireguard-go runs fine again.

Keep up the great work, so far no other issues with 23.7!

Thanks again, Franco!

[franco]

This was an unforeseen complication in the upgrade. Sorry for the trouble.


Cheers,
Franco