pfSense » pfSense Packages

I can confirm high delay in webgui response when loading wireguard UI.

I can also confirm very high CPU usage when using the Wireguard widget. Can this be addressed as it is also still an issue on 2.7 beta so has not been addressed.

I can also confirm that 50 WG peers are killing a 1537 Max device. Making changes is painful, doubled when I have to make changes to 2 devices in an HA pair.

I can also confirm this, but its happening to me with only some Peers (exactly, 4 tunnels, about 10 peers in total) I've checked the output of "wg show all dump" but in terminal is kind of instant, no any delay.

Adding any widget to main dashboard related to Wireguard makes dashboard also slow.

+1 - Adding Wireguard widget to dashboard makes the dashboard load extremely slowly. Also the menus relating to wireguard are slow to load.
Later edit: 2.7.0-RELEASE at this time.

Hello,
any updates?

I notice that the culprit is this line:

https://github.com/pfsense/FreeBSD-ports/blob/08d333649a242a6672d49261e8e788e6ed516769/net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/includes/wg_globals.inc#L228

It looks like reloading the config every time a wireguard page is accessed is the culprit of the slow load:

// Reload config.xml to get any recent changes
$config = parse_config(true);

If you comment out this line the load time is istantaneous.

I don't know if this is a viable solution or loading every time the config is actually needed.

I can confirm that this is happening on 2.7.0 as well. We have over 900 peers and adding a new peer is painfully slow. The load time is >30s. Has there been any updates on this?

Would changing $config = parse_config(false); hurt anything?

I also have a 24.03 pfsense that I tested on and only added 24 peers on and experience the delay. On that test machine, I set $config = parse_config(false); instead of $config = parse_config(true); and the pages load instantaneously. I am still not sure if there are any repercussions to doing this though so I have not applied this the production firewall will over 700 peers.

Thanks for the fix here. This solved my issue. I only have 10 peers and it does take some considerable time to load but this was extremely snappy.

My suggestion would be to submit a PR if you haven't already.