WireGuard lives!
-
@chrisjmuk I just get got it setup and working fine.
Here is what I did.
- download zip file for the config from mullvad
- create tunnels and peers. (the conf in the zip file contains the tunnel private key, and public key for peer, the pfsense ui will generate the tunnel public key automatically)
- create interface MULL_WG with Interface Address 10.x.x.x/32, create a gateway at the same time for that same IP.
- create outbound NAT, set interface to MULL_WG and source / dest to any
- firewall rules to do policy based routing.
-
@vajonam Thank you, that done the trick - all working now, i will set my self as a regular sponsor for your github.
-
Hi! I setup pfSense 2.6 on my Hyper-V lab and was able to get setup a Wireguard tunnel with TorGuard. Looks promising! I did notice a little more cpu load then I expected when running speedtests but I was able to utilize my 100Mbit internet connection.
WGTUN Interface (opt1, tun_wg0) Status up IPv4 Address 10.13.XX.XX Subnet mask IPv4 255.255.255.0 Gateway IPv4 10.13.XX.XX MTU 1500 In/out packets 509239/443583 (536.63 MiB/360.12 MiB) In/out packets (pass) 509239/443583 (536.63 MiB/360.12 MiB) In/out packets (block) 0/0 (0 B/0 B) In/out errors 0/0 Collisions 0
-
@vjizzle There is still optimization gains to be realized yet in the kernel module...primarily around the crypto. We will track all ongoing development on all fronts to keep this fresh and current. Stay tuned
-
@theonemcdonald Hi! Just to clarify, will this be available in pfSense 2.5.1 Package Manager ?
-
@emikaadeo said in WireGuard lives!:
@theonemcdonald Hi! Just to clarify, will this be available in pfSense 2.5.1 Package Manager ?
Not currently as it's not recommended for stable. So if you want to run it on 2.5.x, download the packages from GitHub and install it manually.
-
@emikaadeo I am currently just using the Dev build 1.6.xxxx and just install the package via the package manager and seems to work great.
-
@vjizzle i am using the same and this is my CPU spec and i am only using 3% on idle but does jump to 40% on a speed which it would normally even without the wireguard.
Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Current: 1826 MHz, Max: 1827 MHz
4 CPUs: 1 package(s) x 4 core(s) -
@chrisjmuk think you mean 2.6.xx ?
-
@chrisjmuk I have the following specs on my testlab pfSense 2.6:
CPU Type Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
2 CPUs: 1 package(s) x 1 core(s) x 2 hardware threads
AES-NI CPU Crypto: Yes (inactive)
QAT Crypto: NoThe load does not bother me that much, my main pfSense is a core i5 beast :) so no worries there. But by the time this is ready for production I expect it to be better optimized for performance. The developer said there will be tweaks and tuning.
-
Downloaded packages from GitHub and installed manually v0.0.9 on 2.5.1-RELEASE (amd64) in this order:
wireguard-kmod-0.0.20210503.txz wireguard-tools-lite-1.0.20210424.txz pfSense-pkg-WireGuard-0.0.9.txzWorks great so far (using Mullvad VPN)
Is there any best/safe method to upgrade packages when new versions will be available? -
So if i update to 2.5.1 i need to manually install the package?
-
@dersch
The new WireGuard port is currently not available officially in 2.5.1 Package Manager (only in 2.6.0 development) so yes, you have to install packages manually. -
I'm running 2.5.1 with the pfsense wireguard v0.0.9 pkgs installed. I configured wireguard 3+ days ago to connect my VPN (Windscribe) and since then all is working flawlessly. Nice.
Now I see that the v0.1.1 pkgs were released a few hours ago, so like @emikaadeo asked previously, what is/are the "best/safe method to upgrade packages when new versions will be available?"
Thanks!
. -
@martywd same for me.
@theonemcdonald can you advise please how to upgrade?
with
pgk upgrade pfSense-pkg-WireGuard-new.version.txzit is asking to install it new. So do we need to remove the old.version first? will the config persist?
-
Yes as long as the "keep settings" is checked on the settings tab. It will persist. but its always good to make a backup of your config before you upgrade. Recreating the wg tunnels is quite easy once you have the settings.
However I have done the upgrade on many boxes and it runs it fine. Just be careful if you are upgrading wireguard over the wire guard tunnel itself like a remote router.
-
Having no success upgrading to 0.1.1 from 0.0.9 on pfSense 2.6.0-DEVELOPMENT.
Have tried the following with result:
[2.6.0-DEVELOPMENT][admin@pfSense.localdomain]/root: pkg upgrade pfSense-pkg-WireGuard-0.1.1_1.txz
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
pkg: pfSense-pkg-WireGuard-0.1.1_1.txz is not installed, therefore upgrade is impossible
Checking integrity... done (0 conflicting)
Your packages are up to date.[2.6.0-DEVELOPMENT][admin@pfSense.localdomain]/root: pkg install pfSense-pkg-WireGuard-0.1.1_1.txz
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'pfSense-pkg-WireGuard-0.1.1_1.txz' have been found in the repositories[2.6.0-DEVELOPMENT][admin@pfSense.localdomain]/root: pkg add https://github.com/theonemcdonald/pfSense-pkg-WireGuard/releases/download/v0.1.1/pfSense-pkg-WireGuard-0.1.1_1.txz
Fetching pfSense-pkg-WireGuard-0.1.1_1.txz: 100% 26 KiB 26.6kB/s 00:01
Installing pfSense-pkg-WireGuard-0.1.1_1...
the most recent version of pfSense-pkg-WireGuard-0.0.9 is already installedI'm out of ideas.
Ted Quade -
pkg remove 0.0.9 and then pkg install 0.1.1_1
I think the issue is that you cannot upgrade a _1 (REVISION) package when you dont have 0.1.1 package installed.
remove should not lose your configuration.
-
Thanks for the pointers.
I had to run pkg add ...........-0.1.1_1
instead of pkg install ..........-0.1.1_1Ted Quade
-
Just a best practice. when using the command line, always remove and install new versions.
Eventually when we move to a gui installer (Package Manager) it will do this anyway. this way no files are left around because of an upgrade.
