Wireguard and 23.01
-
If I have this in the wrong group, please forgive me and tell me where I should move this. It seemed like the closest I could find.
I was one of the "early-ish" adopters of the wireguard implementation when we had the "misfire" with wireguard and FreeBSD. I am currently running on 22.05 (FreeBSD 12.3-STABLE based). I have wireguard running very well, and am happy. I have been waiting to upgrade pfSense until the full native kernel implementation of wireguard into the kernel of FreeBSD was completed, and there was a new pfSense based on that version.
According to this article I read here the full implementation has been released in 13.2, and will be present in the 14.0 final release.
This is where I start getting confused and need some clarification... According to the documentation here the 23.01 release of pfSense was based on FreeBSD 14.0-CURRENT. There is an hex identifier after the release name in the table, which I am guessing refers to a particular build/state/snapshot of the BSD code, that this was/is based on. I am assuming this is a "CURRENT" build because 14.0 has not been released yet (schedule)
So, that means that 23.01 is based on non-released BSD? Is this common practice? I'm not trying to be critical. It just took me by surprise a bit that it was based on it when it's still at alpha stage. I can totally see how tricky it would be to get your release timing to work smoothly when you are dependent on someone else's timelines.
Given the state of FreeBSD's current schedule, along with the state of 23.05, would I be correct to assume that 23.05 will likely release before the 14.0 does?
Again, please don't take any of this as a complaint or criticism. I work in software. I totally understand how challenging release management can be. My only goal here it to try to anticipate when there is likely to be a pfSense version based on a released FreeBSD with the wireguard kernel to have the best chance of upgrading without any issues with my wireguard implementation. Until then, unless I get a big push from another direction, I will likely stick with the "if it's ain't broke, don't fix it" position and stay with 22.05.
Thanks for any advice! I've been using the product for a long time. I have been and continue to be a huge fan!
-Jim
-
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on
-
On 23.01 and 23.05 the WireGuard interface is in the package but the kernel parts are in base since it was moved back in FreeBSD 14.x. For users the experience is functionally identical either way.
On 23.05 the WireGuard package will be installed by default out of the box for fresh installs (upgrades will not be altered, e.g. if they had it before, it's still there on upgrade).
-
@jimp First, thank you for finding my post a better home in this forum area.
I guess I had it in the other one because of the parts I was asking about regarding releases, upon which I noticed you didn't comment. Are my assumptions correct there, and did you have any comment on why a re-release FreeBSD was targeted? Were there other things in 14.0 than just the kernel support for wireguard that made that decision an easy one to make? I realize these are some general "I'm just curious to know" questions, so if I should pull them out into a separate post in another group to find out the answers, I'm glad to do that. Or, if they're things no one has time to answer, I can even live with that.
Wireguard wise, when I finally do get to doing my upgrade, it seems like the safest road forward based on some of my reading is to record all my pertinent wireguard configuration details somewhere, remove them all, upgrade, then re-enable wireguard and re-implement manually, even though and upgrade "should work"? Since my pfSense Plus is virtual, I'll be snapshotting before I do anything to allow easy rollback, so upgrades aren't too scary.
Thanks for your time!
-Jim -
I didn't cover those because they have been asked and answered numerous times and even covered in blog posts:
https://www.netgate.com/blog/pfsense-software-is-moving-ahead
The information is already widely available, no need for anyone to rehash it.
If you are using WireGuard on 22.05 there is no user-visible difference in using WireGuard like you are now and how it works on 23.xx. No changes in settings are necessary, everything is carried over.
It's not like the previous disruptive change when it was moved to a package.
-
@jimp Thank you! Sorry I didn't run across this in my reviews of other forums. That was EXACTLY what I was looking for!