Wireguard Status App, QR-Code

admins · Jan 29, 2021, 7:47 PM

Hi all
I've tested the wireguard implementation of pfsense.
First of all, thx Jim for integrating it.

Feautre request:

I wan't to see which peers are connected with wireguard on the Dashboard
It would be nice if you create a qr code, so thats faster to configure a mobile device

Thx
admins

Aerowinder · Jan 29, 2021, 8:01 PM

@admins Totally agree on #2.

For #1, it's my understanding that this is not possible, as wg does not expose this information. WireGuard is not like other VPNs. It would be nice if you could at least see the last handshake on a connection, but same issue - wg does not expose that information at this time.

jimp · Jan 29, 2021, 8:45 PM

1 isn't possible yet as wg doesn't output any information of that kind.

2 is already on our radar for an export option, no ETA but soon.

yon 0 · Feb 1, 2021, 12:51 PM

@jimp

QR code is need.

Can you refer to some functions in it?

https://github.com/k4yt3x/wg-meshconf

jimp · Feb 1, 2021, 1:16 PM

We already know how to generate the QR codes and have most of the code to do that, but we need all the other structure of an "export" package to generate the client configurations. Making the QR codes is super simple, it's just a QR code made from a string that is the entire client config file. We have a QR code library in the FreeRADIUS package that is easy to work with. It's the rest of the code to get it to that point with a user-friendly GUI that is necessary. It's not as easy as making a button to click, since the user may want to customize things like the address clients use to connect, what networks to route across the VPN, etc.

We are actively working on it already, just no ETA. Be patient.

Lichtlos · Dec 24, 2021, 3:06 PM

@jimp is this still on track for 2022?

cmcdonald · Dec 24, 2021, 4:21 PM

We are constantly exploring new features and capabilities for sure. Yes, these features are high on the list of things to build. There is some initial work on QR in the public GitHub repository for the WireGuard package. This is a high priority for me once we get 22.01 and 2.6.0 shipped here very soon. Stay tuned.

a.dresner · Nov 4, 2022, 11:34 PM

@cmcdonald Thank you for all your work, watching your YouTube videos has been very helpful. Look forward to seeing this come to fruition - any updates?

galileofigaro99 · Mar 1, 2023, 1:14 PM

I'm also new here, but I wanted to chime in and say that I've used Wireguard in the past, and it's a pretty nifty implementation. Your feature request is a great idea, especially since it would make it easier to configure mobile devices.

Lichtlos · Mar 6, 2023, 4:52 PM

https://www.cyberciti.biz/faq/how-to-generate-wireguard-qr-code-on-linux-for-mobile/ this seems like a quick-win for easy QR-code generation

slu · Aug 8, 2023, 3:15 PM

I configured yesterday a WireGuard connection on the german FRITZ!Box with the qrcode, this was so easy and quick.
Hope we see the QR-Code feature also in pfSense ;)

Cris70 · Sep 18, 2023, 4:38 PM

@jimp any news on the possibility to generate QR codes for quickly configuring WireGuard peers?

netgate12345 · Sep 27, 2023, 9:28 AM

Hi Netgate team,

Last response on this topic was late 2021. This function does not seems to be high on the release priority list.
The Wireguard implementation in PFsense now is still "raw" (read: complex to the users) and cannot simply, securely and user-friendly be enrolled by (home/business) Pfsense users.

Some (friendly) considerations for the team of the problems:
1- How can we securely exchange the wireguard encryption keys, such as the Pre-shared Key and other keys, without a QR-code to all listed Wireguard peers/clients? Please help. The "netgate docs" do not help on this: https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/configure.html
2- Creating a new Peer Configuration and enrolling is now a lot of work and time consuming. Same problem exists when periodically renewing all of the Peer keys (1 per device) for the Peer configurations.

The rest of the world seems to accept QR-codes to securely enrol Wireguard VPN configurations. Even router brands such as Fritzbox... (see post above) have implemented this for the public to the supported devices. Why would Pfsense not accept this enrol standard and release this function for it's users? This also could be a huge opportunity for potential new Pfsense installs.

Hope to receive a reply from you that the QR-code functionality will be released soon to Pfsense users.
Thank you. Much appreciated your effort on this.

Owen82 · Sep 27, 2023, 4:42 PM

@netgate12345 Agreed. I feel pfsense is sadly (very) behind the curve with this. Along with the lack of QR code functionality also adding/control of fw rules/nat/routes/MTU/MSS etc would be very welcome by everyone who is using this.

jader · May 18, 2024, 1:01 AM

I still needing this feature. How could I start to learn how to do a package for PFSENSE and I'll try to discovery how to do it.
I understand once that:
a) all info configurated on GUI interface can be recovered
b) there are several sites to create QRCODE from text file

would be easy to create basic QRCODE.
Advanced options would be phase 2!

Let's go create a v1 of QRCODE-WG package by ourselves.

Who wanna to create a GitHub project and start to moving ahead on these??

jader · May 18, 2024, 12:50 PM

Overview:

a) create screen with :
field to type IP interface WG
- how get latest one to add + 1c? where is stored?
- OneWord name to identify cliente

b) validate IP typed (do not exist, valid, inside WG interface range)

c) Use template file and replace data from step A to generate config-IP.file

d) convert config-IP.file to QRCODE
(verify how https://www.wireguardconfig.com/qrcode do it on client side)

e) save/show config-IP.file e show QRCODE on screen

f) (MAYBE) sent QRCODE by e-mail (if so... request it on step A)