Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WireGuard Widget?

    Scheduled Pinned Locked Moved
    WireGuard
    4
    6
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sae
      last edited by

      Is there a WireGuard widget for the dashboard in the works? I would love something like the ipsec or openvpn widgets letting me know the status of those tunnels if possible.

      cmcdonaldC 1 Reply Last reply Reply Quote 0
      • cmcdonaldC
        cmcdonald Netgate Developer @sae
        last edited by cmcdonald

        @sae There isn't much status that can't already be deduced through other widgets (i.e. interface stats for traffic stats, gateway monitoring for checking if the peer endpoint is pingable, etc.) WireGuard is stateless so besides the latest handshake time, there really isn't much status information to display.

        Run wg show via Diagnostics>Command Prompt and you'll see for yourself that there isn't anything useful there. Albeit the wg(8) command is currently not feature complete and is missing several metrics that are available on the mainline linux implementation.

        Need help fast? https://www.netgate.com/support

        1 Reply Last reply Reply Quote 1
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          WireGuard is connectionless so there really isn't any "status" in the traditional sense.

          Even if wg on FreeBSD output what it does on Linux its usefulness is minimal. It can't tell you if a peer is connected now (since there is no "connection") only that it sent some traffic at some point in the past.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          L 1 Reply Last reply Reply Quote 2
          • L
            lra @jimp
            last edited by

            @jimp Our Linux project generates a "WireGuard VPN Status" in PHP as follows.

            First, using wg show wg0 latest-handshakes and classify by the lastest-handshake difference from the current Unix Epoch.

            1. "stale" if current Unix Epoch is greater than 3600 seconds of lastest-handshake
            2. "inactive" if current Unix Epoch is greater than 135 seconds of lastest-handshake
            3. "active" for the rest

            Next preform a wg show wg0 to display useful goodies and merge with the "stale/inactive/active" state by matching with common public peer keys.

            The "Peer" can be replaced with a matching label or use the first 6 characters if there is no matching label to the public peer key.

            Finally, display the combined results, we chose not to show "stale" tunnels, only "active" and "inactive".

            pfSense supports multiple wg+ interfaces, so iterate over all of them.

            Here is a sanitized example:

            WireGuard-Status.png

            This has worked well for our project.

            Lonnie

            1 Reply Last reply Reply Quote 2
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              None of that is available on FreeBSD yet.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 1
              • S
                sae
                last edited by

                Thanks for the info guys. I didn't realize how different WG is compared to the more traditional vpn.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post