Wireguard: Let's make things easy! Netgate: No f*cking way! Let's complicate things!
-
The title says it all. In my Fritzbox, I had connected my phone in 2 minutes. Just scan the QR-Code. But that is not what happened in my Netgate 4200. I've been busy for 2 full days now. Visited a zillion different tabs and still no go! With my simple mind, I cannot comprehend why Netgate elevates this to something impenetrable, unless you have spent a year at university to get a VPN up and running! The next thing I don't understand is that ALL advanced settings are mixed in with settings you need. Surely this was done to keep the last home user away from Netgate hardware and software? I can't think of a SINGLE reason why you wouldn't generate a QR code that users can scan. Not one! But that option just isn't there. So you have to test and try all kinds of tutorials. Because the docs are just wrong. Another thing Netgate is known for. Their impenetrable documentation department.
What on earth do you have to lose by making your product accessible to everyone? A button for [Click here for advanced options] would make a huge difference. Instead of having to visit 10 different tabs and check a box here and there and change a number. That's useless! Really!
I give up! I think Wireguard just doesn't work. After two days of full-time tinkering, I'm done with it.
-
@Rexodus WireGuard is implemented like WireGuard is, no pfSense issue.
I know the QR-Code in FritzBox is fine and yes I miss this also in pfSense.But, there is no firewall function in the FritzBox at all for WireGuard, in pfSense you can filter the complete traffic...
-
@slu Thanks for your reply. Do you know what I'm most afraid of? I've been hearing this for years. The forums are also full of comments about Netgate's user-friendliness and documentation. And they're not changing anything. Then that must be the goal. If I were a clueless home user, I would understand. But I'm MCSE NT4/2003 and I did CCNA back in the day. I know I've forgotten a lot. But something like this shouldn't be a problem. However, it is. It's really up to Netgate, if they want to double their revenue, they need to make things more accessible. A button to hide all the settings you DON'T NEED would be a very good start.
-
@Rexodus said in Wireguard: Let's make things easy! Netgate: No fucking way! Let's complicate things!:
A button to hide all the settings you DON'T NEED would be a very good start.
Mhm I need all the settings in WireGuard
But yes, first time I configured it (coming from OpenVPN) it was hard to understand the settings.
https://www.wireguard.com/quickstart/
German?
https://www.andysblog.de/pfsense-wireguard-roadwarrior-server-einrichten -
@slu said in Wireguard: Let's make things easy! Netgate: No fucking way! Let's complicate things!:
@Rexodus said in Wireguard: Let's make things easy! Netgate: No fucking way! Let's complicate things!:
A button to hide all the settings you DON'T NEED would be a very good start.
Mhm I need all the settings in WireGuard
But yes, first time I configured it (coming from OpenVPN) it was hard to understand the settings.
https://www.wireguard.com/quickstart/
German?
https://www.andysblog.de/pfsense-wireguard-roadwarrior-server-einrichtenIs my English that bad? :P I'm Dutch ;)
Thanks URL! As soon as I'm cooled down a bit I'll give it another try.
-
@Rexodus said in Wireguard: Let's make things easy! Netgate: No fucking way! Let's complicate things!:
Is my English that bad? :P I'm Dutch ;)
Hehe, no sorry I thought that because you are using the FritzBox (I'm from Germany) :)
-
@slu Fritzbox is a very nice real German product, build like a tank! XS4ALL (KPN) uses these modems for their cutomers. A good choice. No hell-desk calls about that product. That's why they use it. I understand that a company-firewall doesn't need to look te same. But I see place for improvement.
We may be neighbours. I live in Sittard, next to the border with Tuddern and I've worked many years in Germany in der Binnenschifffahrt. Vor allem zwischen dem Ruhrgebiet und Thionville. Mit Kohle nach Frankreich und mit Knauff-Gips zurück zu den Kanälen. I miss the Mosel a lot.
-
@Rexodus said in Wireguard: Let's make things easy! Netgate: No fucking way! Let's complicate things!:
Fritzbox is a very nice real German product, build like a tank! XS4ALL (KPN) uses these modems for their cutomers. A good choice. No hell-desk calls about that product.
Yes, we use it also and this boxes working without any issue.
@Rexodus said in Wireguard: Let's make things easy! Netgate: No fucking way! Let's complicate things!:
I miss the Mosel a lot.
You are welcome! Ich bin in der nähe von Stuttgart. The world is so small
-
@slu Schleuse Stuttgart. That's the Neckar. Ik remember "Muckenloch" and Heidelberg fairly well. Been there a few times also. But this is no forum to pick up sweet old memories ;)
Anyway, nice to meet you!
-
@Rexodus said in Wireguard: Let's make things easy! Netgate: No fucking way! Let's complicate things!:
Anyway, nice to meet you!
Nice to meet you!
Try WireGuard and if you need help please ask.
-
@Rexodus said in Wireguard: Let's make things easy! Netgate: No fucking way! Let's complicate things!:
Do you know what I'm most afraid of?
What?
-
To be honest: yes, Netgate (pfSense) is not as easy as a Fritzbox, but I kicked the Fritzbox off and use an appliance (SG-3100) since years.
If I ever need a one-click-router again, I may be will re-use a Fritzbox, but on the other hand AVM was doing a lot of bad things, i.e. if you have a FritzOS > 8.x you cant disable the "push-button-to-confirm", a nightmare when you are doing remote configuration.
Only way to dismiss the lock is an unofficial tool to edit the settings and restore to Fritzbox.
Not very user-friendly.And btw: AVMs implementation from WG is a bit odd, with all other routers ist was very easy to establish a site-2-site WG tunnel, with a Fritzbox it takes me 2 days to find the correct settings.
For mobile clients all was done in one or two hours.
Also AVMs IPSec is very old, another reason why switching to pfSense (prior using WG).
So all depends to personnal experience, my ist rather fine with pfSense.Regards
And allways "eine Handbreit Wasser unter dem Kiel."
-
There are some feature requests open for this you can add comments to: https://redmine.pfsense.org/issues/15647
-
@stephenw10 I did miss this one. Anyway, I started yesterday for the 4th time. This time I let my AI fix things. It did cost me 5 Euro energy, tried a ZILLION things. But still no Wireguard. A friend of mine is busy since 2023. An active systemadmin too. Same problem.
Conclusion: This is simply NOT how a VPN should work. If one has to visit 3000 tabs before things work, while the Fritzbox only needs a QR-code, you did miss out on UX/Interface lessons.
I guaranty you a standard network admin doesn't get this to work. Because I don't, my friend isn't and my bot should be uncapable too? The bot RTFM's way better than I do!
How things COULD look:
Ah! You clicked the Wireguard TAB. I guess you need transport between WAN and LAN1? Click the interfaces between which you like traffic and click OK:
o WAN
o LAN1
o LAN2
o LAN3... Waiting ... Ok, done! Now take the phone and scan this QR-Code. Do you wanna send this code by e-mail? Pse fill in the email-address.
Thank you for flying with Netgate. The link is up and running, have a nice day.
I payed 600 Euro for a device (4200 MAX) I can't use to it's full potential because of the Puzzle-factor. I'm very not impressed. And let me be clear, I understand most of the rest of this firewall perfectly fine. I have MCSE NT4, 2003 and 2008 and CCNA. So I'm not completely stupid. So isn't my friend and my Qwen3.5 397B stupid either. But I feel stupid now, not getting this to work. While my motto was always: 'If it ain't broken, I get it to run'... Not this time...
-
@Rexodus sorry to hear you don't get it running.
If you follow this steps it should working:
https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.htmlNote: FritzBox make WireGuard different because you get there a IP address from the LAN (!) sub net and per default all traffic is routed to the FirtzBox...
As soon it working you can generate with a tool QR codes for example on Debian Linux:
qrencode -t png -o user-qr.png -r wg-client.conf -
@slu Thanks for the reply again.
But I'm absolutely done with it. Simply because I read in some places it IS broken. I wasted at LEAST 2 full days work in this lost project. Next what I'm gonna do: I just forward 51820 to my Fritzbox, which is still running because of the WiFi/switch. and there is everything working fine. But this is not the way it should be. And I don't understand why Netgate delivers this kind of 'not finished' products anyway. Wireguard was to simplify thing. Not to extra complicate things. But that is unfortunately exactly what happened here. It's impossible to complicate even more.
-
@Rexodus I agree this could be made more beginner-friendly, but for now you might have a look at this package: 3um3le3ee/pfSense-wireguard-peer-export
-
@Rexodus said in Wireguard: Let's make things easy! Netgate: No f*cking way! Let's complicate things!:
But I'm absolutely done with it. Simply because I read in some places it IS broken.
If you change your mind, we can look into it together.
The Fritz!Box simply offers far fewer configuration options than pfSense.But it's not broken and I also needed some hours to understand how WireGuard is working.
-
@luckman212 maybe Netgate can add your plugin?
@stephenw10 -
@slu It's not my plugin, I was just pointing it out since I'm not sure many are aware it exists.
