Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Wireguard feedback for 24.1
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard feedback for 24.1 (Read 323 times)
jawaidbazyar
Newbie
Posts: 1
Karma: 0
Wireguard feedback for 24.1
«
on:
June 26, 2024, 10:46:45 pm »
Hi,
I struggled for two days over something that should have been very simple - setting up a site to site wireguard vpn.
1. Not specifying a port in the Instance setup, wireguard chooses a listen port at random. I do not understand what the use case for this is, but, it seems like the vast majority of users would want to listen fixed at port 51820, and so this should be the default, and the user should have to take action to switch the instance listener to a non-fixed port.
2. Changing certain parameters in instance and peer does not take effect right away - and stopping and restarting it seems to be the only way to get it to take effect. Maybe the Apply button? But the Apply button position strongly suggests that it will only apply to enable / disable wireguard as a whole.
Changing fields that require a disable/enable cycle to take effect, should tell the user so similar to how firewall rules require a separate Apply step.
3. I was struggling with the above items, and tried setting "Allowed IPs" to 0.0.0.0/0. Well that was a big mistake. I had assumed that this was a filter for IP blocks that the remote peer was sending. I learned that anything in "Allowed IPs" basically gets blindly set as static routes in the routing table. Wouldn't it make more sense if the IPs are only put in the routing table once a handshake has been established? And wouldn't it also make sense to show a warning that setting 0.0.0.0/0 (or any large route) may not have the intended effect?
Thanks!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Wireguard feedback for 24.1