Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WireGuard lives!

    Scheduled Pinned Locked Moved WireGuard
    90 Posts 17 Posters 28.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      emikaadeo
      last edited by emikaadeo

      Downloaded packages from GitHub and installed manually v0.0.9 on 2.5.1-RELEASE (amd64) in this order:

      wireguard-kmod-0.0.20210503.txz
      wireguard-tools-lite-1.0.20210424.txz
      pfSense-pkg-WireGuard-0.0.9.txz
      

      Works great so far (using Mullvad VPN)
      Is there any best/safe method to upgrade packages when new versions will be available?

      1 Reply Last reply Reply Quote 0
      • D
        dersch
        last edited by

        So if i update to 2.5.1 i need to manually install the package?

        E 1 Reply Last reply Reply Quote 0
        • E
          emikaadeo @dersch
          last edited by

          @dersch
          The new WireGuard port is currently not available officially in 2.5.1 Package Manager (only in 2.6.0 development) so yes, you have to install packages manually.

          1 Reply Last reply Reply Quote 0
          • martywdM
            martywd
            last edited by

            I'm running 2.5.1 with the pfsense wireguard v0.0.9 pkgs installed. I configured wireguard 3+ days ago to connect my VPN (Windscribe) and since then all is working flawlessly. Nice.

            Now I see that the v0.1.1 pkgs were released a few hours ago, so like @emikaadeo asked previously, what is/are the "best/safe method to upgrade packages when new versions will be available?"

            Thanks!
            .

            D 1 Reply Last reply Reply Quote 1
            • D
              dersch @martywd
              last edited by

              @martywd same for me.

              @theonemcdonald can you advise please how to upgrade?

              with

              pgk upgrade pfSense-pkg-WireGuard-new.version.txz
              

              it is asking to install it new. So do we need to remove the old.version first? will the config persist?

              V 1 Reply Last reply Reply Quote 0
              • V
                vajonam Rebel Alliance @dersch
                last edited by

                @dersch

                Yes as long as the "keep settings" is checked on the settings tab. It will persist. but its always good to make a backup of your config before you upgrade. Recreating the wg tunnels is quite easy once you have the settings.

                However I have done the upgrade on many boxes and it runs it fine. Just be careful if you are upgrading wireguard over the wire guard tunnel itself like a remote router.

                T 1 Reply Last reply Reply Quote 2
                • T
                  tquade @vajonam
                  last edited by

                  @vajonam

                  Having no success upgrading to 0.1.1 from 0.0.9 on pfSense 2.6.0-DEVELOPMENT.

                  Have tried the following with result:

                  [2.6.0-DEVELOPMENT][admin@pfSense.localdomain]/root: pkg upgrade pfSense-pkg-WireGuard-0.1.1_1.txz
                  Updating pfSense-core repository catalogue...
                  pfSense-core repository is up to date.
                  Updating pfSense repository catalogue...
                  pfSense repository is up to date.
                  All repositories are up to date.
                  pkg: pfSense-pkg-WireGuard-0.1.1_1.txz is not installed, therefore upgrade is impossible
                  Checking integrity... done (0 conflicting)
                  Your packages are up to date.

                  [2.6.0-DEVELOPMENT][admin@pfSense.localdomain]/root: pkg install pfSense-pkg-WireGuard-0.1.1_1.txz
                  Updating pfSense-core repository catalogue...
                  pfSense-core repository is up to date.
                  Updating pfSense repository catalogue...
                  pfSense repository is up to date.
                  All repositories are up to date.
                  pkg: No packages available to install matching 'pfSense-pkg-WireGuard-0.1.1_1.txz' have been found in the repositories

                  [2.6.0-DEVELOPMENT][admin@pfSense.localdomain]/root: pkg add https://github.com/theonemcdonald/pfSense-pkg-WireGuard/releases/download/v0.1.1/pfSense-pkg-WireGuard-0.1.1_1.txz
                  Fetching pfSense-pkg-WireGuard-0.1.1_1.txz: 100% 26 KiB 26.6kB/s 00:01
                  Installing pfSense-pkg-WireGuard-0.1.1_1...
                  the most recent version of pfSense-pkg-WireGuard-0.0.9 is already installed

                  I'm out of ideas.
                  Ted Quade

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    vajonam Rebel Alliance @tquade
                    last edited by

                    @tquade

                    pkg remove 0.0.9 and then pkg install 0.1.1_1

                    I think the issue is that you cannot upgrade a _1 (REVISION) package when you dont have 0.1.1 package installed.

                    remove should not lose your configuration.

                    T 1 Reply Last reply Reply Quote 0
                    • T
                      tquade @vajonam
                      last edited by

                      @vajonam

                      Thanks for the pointers.

                      I had to run pkg add ...........-0.1.1_1
                      instead of pkg install ..........-0.1.1_1

                      Ted Quade

                      cmcdonaldC 1 Reply Last reply Reply Quote 1
                      • V
                        vajonam Rebel Alliance
                        last edited by

                        Just a best practice. when using the command line, always remove and install new versions.

                        Eventually when we move to a gui installer (Package Manager) it will do this anyway. this way no files are left around because of an upgrade.

                        1 Reply Last reply Reply Quote 2
                        • cmcdonaldC
                          cmcdonald Netgate Developer @tquade
                          last edited by cmcdonald

                          @tquade if you are side loading you should always pkg remove first and then pkg add. The GUI package manager doesn't perform in place upgrades as that can leave obsolete files on disk.

                          Edit: @vajonam beat me lool

                          Need help fast? https://www.netgate.com/support

                          T 1 Reply Last reply Reply Quote 1
                          • T
                            tquade @cmcdonald
                            last edited by

                            @theonemcdonald
                            @vajonam I leave a little wiser. Thanks to both of you.

                            Ted

                            1 Reply Last reply Reply Quote 0
                            • V
                              vjizzle
                              last edited by

                              Hi. I have version 0.0.8 installed on pfsense 2.6 using the package manager in pfsense. But it does not show me the newer version so I can upgrade. Is this normal (for now at least)?

                              V 1 Reply Last reply Reply Quote 0
                              • V
                                vajonam Rebel Alliance @vjizzle
                                last edited by

                                @vjizzle yes. There is open pull request to include it into the 2.6.0 ports repository once that happens it will show up.

                                Likely to be sometime next week.

                                1 Reply Last reply Reply Quote 0
                                • V
                                  vajonam Rebel Alliance
                                  last edited by

                                  Just to be clear on changes

                                  If you are on 0.0.8 or 0.0.9. Here is list of major changes for 0.1.1

                                  • unbound ACL creation for non assigned interfaces
                                  • service daemonization, reliable startup shutdown eliminate zombie process/services.
                                    • enables smooth upgrade of the kmod when the upstream kmod is updated. because stopping the service unloads the kernel module so it can be upgraded.
                                  • redone status page with show/hide peers
                                  • bug fixes / better validation for initial peer / tunnel setup.
                                  • move away from wg-quick and dependency on bash. better response for enabling / disabling peers and tunnels.

                                  If you are using for just private internet access and there aren't very many changes that affect you.

                                  more importantly on the wiregurad-kmod side

                                  • upgrading to wireguard-kmod-0.0.20210503.txz fixes a kernel panic that I had reported and this was fixed upstream.

                                  @theonemcdonald please feel free to add anything if missed anything.

                                  V 1 Reply Last reply Reply Quote 0
                                  • V
                                    volkerg @vajonam
                                    last edited by

                                    Installed it in Version 2.5.1

                                    works great - thank you for yor work

                                    regards

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      dersch
                                      last edited by dersch

                                      Upgrade to 0.1.1 worked great! Thanks.

                                      But i'm encountering high errors out on the tun_wg interface:

                                      WG_DSHOME Interface (opt3, tun_wg0)
                                      Status up 
                                      IPv4 Address 192.168.166.1 
                                      Subnet mask IPv4 255.255.255.240 
                                      IPv6 Address fdac:ce55::1 
                                      Subnet mask IPv6 64 
                                      MTU 1420 
                                      In/out packets
                                      2287708/3201934 (486.02 MiB/555.38 MiB) 
                                      In/out packets (pass)
                                      2287708/3201934 (486.02 MiB/555.38 MiB) 
                                      In/out packets (block)
                                      1444/0 (208 KiB/0 B) 
                                      In/out errors
                                      0/3512 
                                      Collisions
                                      0
                                      

                                      i have no idea why and what could be the cause. Any idea or hint what could produce that errors?

                                      V 1 Reply Last reply Reply Quote 0
                                      • V
                                        vajonam Rebel Alliance @dersch
                                        last edited by vajonam

                                        @dersch

                                        Not really sure why that happens. I am running this with very few errors maybe 1 or 0. I will keep an eye on it. Just a thought maybe try adjusting the MTU depending on your WAN uplink.

                                        D 1 Reply Last reply Reply Quote 0
                                        • D
                                          dersch @vajonam
                                          last edited by

                                          @vajonam Its pretty strange. but i'm not using the wan for peers. So it shouldn't be related?

                                          V 1 Reply Last reply Reply Quote 0
                                          • V
                                            vajonam Rebel Alliance @dersch
                                            last edited by

                                            @dersch, sorry I just assumed it was over a WAN link. then I am out of ideas sorry.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.