WireGuard lives!

psp

Just upgraded to v0.0.8 in pfSense v2.6.0-DVM. No issues so far. All is still properly working.

cmcdonald

@psp Thanks for the update!

vjizzle

Waiting anxiously for tutorial and easy installation option. However don’t rush it, we all know how that goes .

KOM

I'm wondering if it's a simple matter to just scp the 4 package files over and then run pkg on each one to install them, then reboot?

vajonam

Yup that is it.. I like to install them in the order of dependency.

wireguard-kmod, bash, wireguard-tools and then pkg-Wireguard. With the latest kmod we are seeing some KPs and other wierdness. So remeber this is experimental. don't run on prod and backup before you make any chagnes.

chrisjmuk

I cant get it to work.

I am not even sure if its connecting and i am not sure how the NAT should be configured so that all traffic goes via wireguard as it no longer makes a gateway.

Kind Regards,
Chris

cmcdonald

@chrisjmuk so you’ll need to create your own gateway entry manually, and then policy route over it as usual

chrisjmuk

@theonemcdonald i know how to create the gateway and set the rule in the firewall to go to the specific gateway, or am i missing something else?

cmcdonald

@chrisjmuk What VPN provider are you using?

chrisjmuk

Mullvad VPN - used before on pfSense 1.5.1 Dev

These are my settings - i have removed the keys on purpose and will change.

Screenshot_2021-05-05 pfSense home arpa - VPN WireGuard Tunnels Edit.png

Screenshot_2021-05-05 pfSense home arpa - VPN WireGuard Peers Edit.png

Screenshot_2021-05-05 pfSense home arpa - System Routing Gateways Edit.png

Screenshot_2021-05-05 pfSense home arpa - Interfaces mlvdgb12 (tun_wg0).png

cmcdonald

@chrisjmuk I will get a mullvad subscription to test

chrisjmuk

@theonemcdonald its free for 24 hours.

also getting this error

Crash report begins.  Anonymous machine information:

amd64
12.2-STABLE
FreeBSD 12.2-STABLE devel-12-n226623-ba553ae641b5 pfSense

Crash report details:

PHP Errors:
[05-May-2021 14:07:00 Etc/UTC] PHP Warning:  Invalid argument supplied for foreach() in /usr/local/www/wg/vpn_wg_peers_edit.php on line 259



No FreeBSD crash data found.

vajonam

@chrisjmuk This has been fixed, will be in the next release.

cmcdonald

For anyone having issues with Mullad,

Make sure your gateway is the same as your interface address

chrisjmuk

@theonemcdonald still no luck unfortuantly on my side. are you able to give me a quick message?

vajonam

@chrisjmuk I just get got it setup and working fine.

Here is what I did.

download zip file for the config from mullvad
create tunnels and peers. (the conf in the zip file contains the tunnel private key, and public key for peer, the pfsense ui will generate the tunnel public key automatically)
create interface MULL_WG with Interface Address 10.x.x.x/32, create a gateway at the same time for that same IP.
create outbound NAT, set interface to MULL_WG and source / dest to any

firewall rules to do policy based routing.

chrisjmuk

@vajonam Thank you, that done the trick - all working now, i will set my self as a regular sponsor for your github.

vjizzle

Hi! I setup pfSense 2.6 on my Hyper-V lab and was able to get setup a Wireguard tunnel with TorGuard. Looks promising! I did notice a little more cpu load then I expected when running speedtests but I was able to utilize my 100Mbit internet connection.

WGTUN Interface (opt1, tun_wg0)
Status
up 
IPv4 Address
10.13.XX.XX
Subnet mask IPv4
255.255.255.0 
Gateway IPv4
10.13.XX.XX
MTU
1500 
In/out packets
509239/443583 (536.63 MiB/360.12 MiB) 
In/out packets (pass)
509239/443583 (536.63 MiB/360.12 MiB) 
In/out packets (block)
0/0 (0 B/0 B) 
In/out errors
0/0 
Collisions
0

cmcdonald

@vjizzle There is still optimization gains to be realized yet in the kernel module...primarily around the crypto. We will track all ongoing development on all fronts to keep this fresh and current. Stay tuned

emikaadeo

@theonemcdonald Hi! Just to clarify, will this be available in pfSense 2.5.1 Package Manager ?