WireGuard lives!
-
@chrisjmuk think you mean 2.6.xx ?
-
@chrisjmuk I have the following specs on my testlab pfSense 2.6:
CPU Type Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
2 CPUs: 1 package(s) x 1 core(s) x 2 hardware threads
AES-NI CPU Crypto: Yes (inactive)
QAT Crypto: NoThe load does not bother me that much, my main pfSense is a core i5 beast :) so no worries there. But by the time this is ready for production I expect it to be better optimized for performance. The developer said there will be tweaks and tuning.
-
Downloaded packages from GitHub and installed manually v0.0.9 on 2.5.1-RELEASE (amd64) in this order:
wireguard-kmod-0.0.20210503.txz wireguard-tools-lite-1.0.20210424.txz pfSense-pkg-WireGuard-0.0.9.txz
Works great so far (using Mullvad VPN)
Is there any best/safe method to upgrade packages when new versions will be available? -
So if i update to 2.5.1 i need to manually install the package?
-
@dersch
The new WireGuard port is currently not available officially in 2.5.1 Package Manager (only in 2.6.0 development) so yes, you have to install packages manually. -
I'm running 2.5.1 with the pfsense wireguard v0.0.9 pkgs installed. I configured wireguard 3+ days ago to connect my VPN (Windscribe) and since then all is working flawlessly. Nice.
Now I see that the v0.1.1 pkgs were released a few hours ago, so like @emikaadeo asked previously, what is/are the "best/safe method to upgrade packages when new versions will be available?"
Thanks!
. -
@martywd same for me.
@theonemcdonald can you advise please how to upgrade?
with
pgk upgrade pfSense-pkg-WireGuard-new.version.txz
it is asking to install it new. So do we need to remove the old.version first? will the config persist?
-
Yes as long as the "keep settings" is checked on the settings tab. It will persist. but its always good to make a backup of your config before you upgrade. Recreating the wg tunnels is quite easy once you have the settings.
However I have done the upgrade on many boxes and it runs it fine. Just be careful if you are upgrading wireguard over the wire guard tunnel itself like a remote router.
-
Having no success upgrading to 0.1.1 from 0.0.9 on pfSense 2.6.0-DEVELOPMENT.
Have tried the following with result:
[2.6.0-DEVELOPMENT][admin@pfSense.localdomain]/root: pkg upgrade pfSense-pkg-WireGuard-0.1.1_1.txz
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
pkg: pfSense-pkg-WireGuard-0.1.1_1.txz is not installed, therefore upgrade is impossible
Checking integrity... done (0 conflicting)
Your packages are up to date.[2.6.0-DEVELOPMENT][admin@pfSense.localdomain]/root: pkg install pfSense-pkg-WireGuard-0.1.1_1.txz
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'pfSense-pkg-WireGuard-0.1.1_1.txz' have been found in the repositories[2.6.0-DEVELOPMENT][admin@pfSense.localdomain]/root: pkg add https://github.com/theonemcdonald/pfSense-pkg-WireGuard/releases/download/v0.1.1/pfSense-pkg-WireGuard-0.1.1_1.txz
Fetching pfSense-pkg-WireGuard-0.1.1_1.txz: 100% 26 KiB 26.6kB/s 00:01
Installing pfSense-pkg-WireGuard-0.1.1_1...
the most recent version of pfSense-pkg-WireGuard-0.0.9 is already installedI'm out of ideas.
Ted Quade -
pkg remove 0.0.9 and then pkg install 0.1.1_1
I think the issue is that you cannot upgrade a _1 (REVISION) package when you dont have 0.1.1 package installed.
remove should not lose your configuration.
-
Thanks for the pointers.
I had to run pkg add ...........-0.1.1_1
instead of pkg install ..........-0.1.1_1Ted Quade
-
Just a best practice. when using the command line, always remove and install new versions.
Eventually when we move to a gui installer (Package Manager) it will do this anyway. this way no files are left around because of an upgrade.
-
-
@theonemcdonald
@vajonam I leave a little wiser. Thanks to both of you.Ted
-
Hi. I have version 0.0.8 installed on pfsense 2.6 using the package manager in pfsense. But it does not show me the newer version so I can upgrade. Is this normal (for now at least)?
-
@vjizzle yes. There is open pull request to include it into the 2.6.0 ports repository once that happens it will show up.
Likely to be sometime next week.
-
Just to be clear on changes
If you are on 0.0.8 or 0.0.9. Here is list of major changes for 0.1.1
- unbound ACL creation for non assigned interfaces
- service daemonization, reliable startup shutdown eliminate zombie process/services.
- enables smooth upgrade of the kmod when the upstream kmod is updated. because stopping the service unloads the kernel module so it can be upgraded.
- redone status page with show/hide peers
- bug fixes / better validation for initial peer / tunnel setup.
- move away from wg-quick and dependency on bash. better response for enabling / disabling peers and tunnels.
If you are using for just private internet access and there aren't very many changes that affect you.
more importantly on the wiregurad-kmod side
- upgrading to wireguard-kmod-0.0.20210503.txz fixes a kernel panic that I had reported and this was fixed upstream.
@theonemcdonald please feel free to add anything if missed anything.
-
Installed it in Version 2.5.1
works great - thank you for yor work
regards
-
Upgrade to 0.1.1 worked great! Thanks.
But i'm encountering high errors out on the tun_wg interface:
WG_DSHOME Interface (opt3, tun_wg0) Status up IPv4 Address 192.168.166.1 Subnet mask IPv4 255.255.255.240 IPv6 Address fdac:ce55::1 Subnet mask IPv6 64 MTU 1420 In/out packets 2287708/3201934 (486.02 MiB/555.38 MiB) In/out packets (pass) 2287708/3201934 (486.02 MiB/555.38 MiB) In/out packets (block) 1444/0 (208 KiB/0 B) In/out errors 0/3512 Collisions 0
i have no idea why and what could be the cause. Any idea or hint what could produce that errors?
-
Not really sure why that happens. I am running this with very few errors maybe 1 or 0. I will keep an eye on it. Just a thought maybe try adjusting the MTU depending on your WAN uplink.