[ANNOUNCE] OPNsense 19.7 supports WireGuard

[ANNOUNCE] OPNsense 19.7 supports WireGuard

[Vincent]

Is there any particular tweeks required to install the announed wireguard in opnsense?
non listed under plugin and neither pkg install in opnsense 19.7.2


_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [ANNOUNCE] OPNsense 19.7 supports WireGuard

[Muenz, Michael]

Am 27.08.2019 um 06:28 schrieb Vincent:
> Is there any particular tweeks required to install the announed wireguard in opnsense?
> non listed under plugin and neither pkg install in opnsense 19.7.2
>
>
>
Ah, you are running 32bit version? WireGuard depends on Go which has 
some nasty compilation errors on FreeBSD/32bit, so it's only supported 
for 64bit installations.


Best,

Michael

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [ANNOUNCE] OPNsense 19.7 supports WireGuard

[Vincent]

[-- Attachment #1.1: Type: text/plain, Size: 752 bytes --]

yes, thx, got it


Vincent Mercier
mercier@intnet.mu <mailto:mercier@intnet.mu?subject=re:> - (+230) 5256 8254 <callto:+23052568254> <mailto:mercier@intnet.mu?subject=re:> -  <callto:+2302568254>iptel : 82568254 <sip: 82568254@iptel.org>

> On 27 Aug 2019, at 09:15, Muenz, Michael <m.muenz@spam-fetish.org> wrote:
> 
> Am 27.08.2019 um 06:28 schrieb Vincent:
>> Is there any particular tweeks required to install the announed wireguard in opnsense?
>> non listed under plugin and neither pkg install in opnsense 19.7.2
>> 
>> 
>> 
> Ah, you are running 32bit version? WireGuard depends on Go which has some nasty compilation errors on FreeBSD/32bit, so it's only supported for 64bit installations.
> 
> 
> Best,
> 
> Michael
> 


[-- Attachment #1.2: Type: text/html, Size: 2761 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [ANNOUNCE] OPNsense 19.7 supports WireGuard

[Muenz, Michael]

Am 28.08.2019 um 21:08 schrieb Alex Davies:
> This is great news. We have been using wireguard on OPNSense (mostly 
> as servers, but also as a client in a few places) in production for 
> some time now, without drama (we found one bug with a trivial 
> workaround, see email chain "Table=off behavior (not adding any route 
> *at all*)" to this list). We can now upgrade to something formally 
> "supported" ;-)
>
> If anybody else tries to use the hardware appliances provided by the 
> founders of OPNSense (Deciso[1]) as a wireguard server or client, we 
> found the performance on the non-x86 CPUs (A10, etc.) was not great 
> (they have all sorts of ipsec type offloads, but not for WG). IIRC we 
> struggled to get more than a few gigabits per second in aggregate. The 
> Intel E3 models are able to run as close to line rate on 10G as makes 
> no odds for us.
>
> [1] 
> https://www.deciso.com/wp-content/uploads/2015/11/Brochure-OPNsense-appliances_ordered-rev201603.pdf
>
The gateway code in OPNsense 19.7 changed, so it was only possible to do 
PBR with 19.1.X.

With the last update of 19.7.3 I updated the plugin to add gateway 
support so it works with PostUp and PostDown. As usual in Open Source it 
lacks documentation yet. :)

https://github.com/opnsense/plugins/pull/1443


I did some quick iperf tests in a 10G lab last year (old Xeon E3):

https://www.routerperformance.net/comparing-opnsense-vpn-performance/


Best,

Michael

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [ANNOUNCE] OPNsense 19.7 supports WireGuard

[Alex Davies]

[-- Attachment #1.1: Type: text/plain, Size: 1744 bytes --]

This is great news. We have been using wireguard on OPNSense (mostly as
servers, but also as a client in a few places) in production for some time
now, without drama (we found one bug with a trivial workaround, see email
chain "Table=off behavior (not adding any route *at all*)" to this list).
We can now upgrade to something formally "supported" ;-)

If anybody else tries to use the hardware appliances provided by the
founders of OPNSense (Deciso[1]) as a wireguard server or client, we found
the performance on the non-x86 CPUs (A10, etc.) was not great (they have
all sorts of ipsec type offloads, but not for WG). IIRC we struggled to get
more than a few gigabits per second in aggregate. The Intel E3 models are
able to run as close to line rate on 10G as makes no odds for us.

[1]
https://www.deciso.com/wp-content/uploads/2015/11/Brochure-OPNsense-appliances_ordered-rev201603.pdf


On Mon, Aug 26, 2019 at 1:32 PM Varun Priolkar <me@varunpriolkar.com> wrote:

> Congratulations! :) I did test it out when it wasn’t stable and well
> things weren’t stable(as expected). Hope to have an another crack at it.
>
> On Sun, 25 Aug 2019 at 21:32, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
>> Congratulations on the release. That's great news.
>>
>> Would you like me to add some blurb to https://www.wireguard.com/install/
>> on it?
>> _______________________________________________
>> WireGuard mailing list
>> WireGuard@lists.zx2c4.com
>> https://lists.zx2c4.com/mailman/listinfo/wireguard
>>
> --
> Regards,
>
> Varun Priolkar
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>

[-- Attachment #1.2: Type: text/html, Size: 3089 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [ANNOUNCE] OPNsense 19.7 supports WireGuard

[Muenz, Michael]

Am 26.08.2019 um 13:44 schrieb Vincent:
> Wireguard not listed in OPNsense 19.7 plugins
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>
I have one user report where it wasn't listed in the plugins menu.

Seems user switched multiple times from production to development mode.


You can as always install via CLI:

# pkg install os-wireguard


Best,

Michael


_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [ANNOUNCE] OPNsense 19.7 supports WireGuard

[Chriztoffer Hansen]

It is at least included on the latest documentation. https://wiki.opnsense.org/manual/vpnet.html
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [ANNOUNCE] OPNsense 19.7 supports WireGuard

[Vincent]

Wireguard not listed in OPNsense 19.7 plugins
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [ANNOUNCE] OPNsense 19.7 supports WireGuard

[Muenz, Michael]

Am 25.08.2019 um 17:45 schrieb Jason A. Donenfeld:
> Congratulations on the release. That's great news.
>
> Would you like me to add some blurb to https://www.wireguard.com/install/ on it?
>
Hi,

If you like you can add some lines like "Install via 
"System->Firmware->Plugins->WireGuard" and follow the documenatation 
here https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html

Best,

Michael


_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [ANNOUNCE] OPNsense 19.7 supports WireGuard

[Varun Priolkar]

[-- Attachment #1.1: Type: text/plain, Size: 567 bytes --]

Congratulations! :) I did test it out when it wasn’t stable and well things
weren’t stable(as expected). Hope to have an another crack at it.

On Sun, 25 Aug 2019 at 21:32, Jason A. Donenfeld <Jason@zx2c4.com> wrote:

> Congratulations on the release. That's great news.
>
> Would you like me to add some blurb to https://www.wireguard.com/install/
> on it?
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>
-- 
Regards,

Varun Priolkar

[-- Attachment #1.2: Type: text/html, Size: 1254 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [ANNOUNCE] OPNsense 19.7 supports WireGuard

[Jason A. Donenfeld]

Congratulations on the release. That's great news.

Would you like me to add some blurb to https://www.wireguard.com/install/ on it?
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

[ANNOUNCE] OPNsense 19.7 supports WireGuard

[Muenz, Michael]

Hi,


After over 8 months of development and troubleshooting WireGuard 
instabilities cause of FreeBSD kernel lacks, OPNsense finally released 
it's WireGuard plugin to stable branch.

Many thanks to Jason and Bernhard Fröhlich from FreeBSD helping to make 
the port stable.


Now it's possible to configure WireGuard as site2site[1] or client[2] 
via WebUI also supporting Mullvad[3] or Azire[4].


Hope you enjoy it :)


Michael

[1] https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html

[2] https://docs.opnsense.org/manual/how-tos/wireguard-client.html

[3] https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html

[4] https://docs.opnsense.org/manual/how-tos/wireguard-client-azire.html

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard