WireGuard lives!

tquade

@vajonam

Having no success upgrading to 0.1.1 from 0.0.9 on pfSense 2.6.0-DEVELOPMENT.

Have tried the following with result:

[2.6.0-DEVELOPMENT][admin@pfSense.localdomain]/root: pkg upgrade pfSense-pkg-WireGuard-0.1.1_1.txz
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
pkg: pfSense-pkg-WireGuard-0.1.1_1.txz is not installed, therefore upgrade is impossible
Checking integrity... done (0 conflicting)
Your packages are up to date.

[2.6.0-DEVELOPMENT][admin@pfSense.localdomain]/root: pkg install pfSense-pkg-WireGuard-0.1.1_1.txz
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'pfSense-pkg-WireGuard-0.1.1_1.txz' have been found in the repositories

[2.6.0-DEVELOPMENT][admin@pfSense.localdomain]/root: pkg add https://github.com/theonemcdonald/pfSense-pkg-WireGuard/releases/download/v0.1.1/pfSense-pkg-WireGuard-0.1.1_1.txz
Fetching pfSense-pkg-WireGuard-0.1.1_1.txz: 100% 26 KiB 26.6kB/s 00:01
Installing pfSense-pkg-WireGuard-0.1.1_1...
the most recent version of pfSense-pkg-WireGuard-0.0.9 is already installed

I'm out of ideas.
Ted Quade

vajonam

@tquade

pkg remove 0.0.9 and then pkg install 0.1.1_1

I think the issue is that you cannot upgrade a _1 (REVISION) package when you dont have 0.1.1 package installed.

remove should not lose your configuration.

tquade

@vajonam

Thanks for the pointers.

I had to run pkg add ...........-0.1.1_1
instead of pkg install ..........-0.1.1_1

Ted Quade

vajonam

Just a best practice. when using the command line, always remove and install new versions.

Eventually when we move to a gui installer (Package Manager) it will do this anyway. this way no files are left around because of an upgrade.

cmcdonald

@tquade if you are side loading you should always pkg remove first and then pkg add. The GUI package manager doesn't perform in place upgrades as that can leave obsolete files on disk.

Edit: @vajonam beat me lool

tquade

@theonemcdonald
@vajonam I leave a little wiser. Thanks to both of you.

Ted

vjizzle

Hi. I have version 0.0.8 installed on pfsense 2.6 using the package manager in pfsense. But it does not show me the newer version so I can upgrade. Is this normal (for now at least)?

vajonam

@vjizzle yes. There is open pull request to include it into the 2.6.0 ports repository once that happens it will show up.

Likely to be sometime next week.

vajonam

Just to be clear on changes

If you are on 0.0.8 or 0.0.9. Here is list of major changes for 0.1.1

• unbound ACL creation for non assigned interfaces
• service daemonization, reliable startup shutdown eliminate zombie process/services.
  • enables smooth upgrade of the kmod when the upstream kmod is updated. because stopping the service unloads the kernel module so it can be upgraded.
• redone status page with show/hide peers
• bug fixes / better validation for initial peer / tunnel setup.
• move away from wg-quick and dependency on bash. better response for enabling / disabling peers and tunnels.

If you are using for just private internet access and there aren't very many changes that affect you.

more importantly on the wiregurad-kmod side

• upgrading to wireguard-kmod-0.0.20210503.txz fixes a kernel panic that I had reported and this was fixed upstream.

@theonemcdonald please feel free to add anything if missed anything.

volkerg

Installed it in Version 2.5.1

works great - thank you for yor work

regards

dersch

Upgrade to 0.1.1 worked great! Thanks.

But i'm encountering high errors out on the tun_wg interface:

WG_DSHOME Interface (opt3, tun_wg0)
Status up 
IPv4 Address 192.168.166.1 
Subnet mask IPv4 255.255.255.240 
IPv6 Address fdac:ce55::1 
Subnet mask IPv6 64 
MTU 1420 
In/out packets
2287708/3201934 (486.02 MiB/555.38 MiB) 
In/out packets (pass)
2287708/3201934 (486.02 MiB/555.38 MiB) 
In/out packets (block)
1444/0 (208 KiB/0 B) 
In/out errors
0/3512 
Collisions
0

i have no idea why and what could be the cause. Any idea or hint what could produce that errors?

vajonam

@dersch

Not really sure why that happens. I am running this with very few errors maybe 1 or 0. I will keep an eye on it. Just a thought maybe try adjusting the MTU depending on your WAN uplink.

dersch

@vajonam Its pretty strange. but i'm not using the wan for peers. So it shouldn't be related?

vajonam

@dersch, sorry I just assumed it was over a WAN link. then I am out of ideas sorry.

psp

Just upgraded to 2.6.0.a.20210524.0100-DEV:

Crash report details:

PHP Errors:
[24-May-2021 18:48:49 Europe/Rome] PHP Warning: flock() expects parameter 1 to be resource, null given in /usr/local/pkg/wireguard/wg_service.inc on line 324
[24-May-2021 18:48:49 Europe/Rome] PHP Warning: fclose() expects parameter 1 to be resource, null given in /usr/local/pkg/wireguard/wg_service.inc on line 327

Installed pfSense v2.6.0-DEV from scratch and configured WG by hand (i.e. no import from old config.xml) after added pkg.

WG is properly working though.

cmcdonald

@psp I caught this a few days ago. Fix will be in the next release. It is cosmetic.

brians

Does this currently, or in future, work on official Netgate hardware eg. SG-5100?

gabacho4

@brians update to Pfsense version 21.05 RC and you will have access to the package. Unfortunately it's version 0.0.8 instead of the more current 0.1.1. Unsure why that is.

gabacho4

@gabacho4 just manually removed the older package versions and manually reinstalled and all is well. Not as convenient as having a package to select in the package manager, but easy enough still and nice to be on current.

brians

@gabacho4 Thanks, I will just wait until official release. Was just curious because the different version numbers with PfSense + and CE.
Having said that, wonder if will support the ARM devices eg. SG3100.