Announcement: Zenarmor WireGuard Filtering on OPNsense 24.7

Started by beki, July 26, 2024, 03:51:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 26, 2024, 03:51:11 PM
Dear Zenarmor Users,

Some of our users have reported compatibility issues with filtering WireGuard VPN traffic on OPNsense 24.7. We are currently investigating the issue. If you are using Zenarmor to protect WireGuard VPN interfaces (kernel mode), we advise you not to upgrade your OPNsense platform to the latest version until we make our next announcement for safe operation.

Best Regards
Zenarmor Team
July 29, 2024, 09:38:11 AM #1
Kernel to try:

# opnsense-update -zkr 24.7_7

Don't forget to reboot.


Cheers,
Franco
July 29, 2024, 02:26:23 PM #2
After applying the 24.7_7 patch, the system started working perfectly again, making Zenarmor read the Logs and generate reports...

Now we have to wait for the corrections for the new dashboard widgets that are still being developed so that the system can be put into production once and for all!

Thank you once again for your prompt and attentive service.
July 29, 2024, 02:41:05 PM #3
Thanks for confirming. Expect this to ship in 24.7.1  8)


Cheers,
Franco
July 30, 2024, 08:11:00 AM #4
Ive already upgraded to 24.7_9, however with the native netmap driver I'm still unbale to filter WireGuard traffic.

How can i go about downgrading to 24.7_7 to use the test kernel.

Would really appreciate some guidance.

Thanks
July 30, 2024, 08:14:10 AM #5
It's fixed in both test kernels. Have you rebooted?
July 30, 2024, 08:21:51 AM #6
Yes, i have already rebooted.

July 30, 2024, 08:27:00 AM #7
Can't help you further, sorry,
July 30, 2024, 08:27:40 AM #8
Zenarmor support also asked me to avoid upgrading to 24.7_9.

Below mentioned is their email:-

"The test kernel on the Wireguard side has been patched on the OPNsense side.

We recommend that you make a backup before the process.

Kernel to try

opnsense-update -zkr 24.7_7

Don't forget to reboot

https://forum.opnsense.org/index.php?topic=41762.0

Additionally, we do not recommend updating to OPNsense 24.7_9. Wireguard works in the 24.7_7 version I provided.

We recommend that you follow OPNsense and Zenarmor updates."

Ive done the opnsense update via gui and have also checked for updates to zenarmor (1.17.5).

Should i be using the emulated native netmap driver under zenarmor instead of the native netmap driver?

Thank you
July 30, 2024, 08:47:26 AM #9
I don't see any reason to avoid any amendments to 24.7. All these have been put out specifically for fix real wold issues. I can't speak for their application, but kernel and core wise all these amendments are correct.


Cheers,
Franco
July 31, 2024, 01:16:01 PM #10
Hi all,

Zenarmor 1.17.6 version will include this fix. We plan to ship it at the end of this week.


August 05, 2024, 07:40:40 PM #11

Zenarmor v1.17.6 is out. Our users can safely upgrade their Zenarmor and OPNsense platforms to the latest versions.

https://www.zenarmor.com/docs/support/release-notes
Print
Go Up Pages1
User actions