Project

General

Profile

Feature #8786

Wireguard VPN

Added by Stefan Bühler about 2 years ago. Updated 5 days ago.

Status:
New
Priority:
Very Low
Assignee:
-
Category:
New Package Request
Target version:
-
Start date:
08/15/2018
Due date:
% Done:

0%

Estimated time:

Description

Hi
Please integrate wireguard VPN wireguard.com

Thx

History

#1 Updated by Jim Pingle about 2 years ago

  • Subject changed from Feautre Request wireguard VPN to Wireguard VPN
  • Priority changed from Normal to Very Low

That won't happen until they make a secure, stable, and audited release. See https://forum.netgate.com/topic/132375/installing-wireguard-vpn/5

#2 Updated by Jim Pingle about 1 year ago

  • Category set to New Package Request

#3 Updated by Shannon Barber about 1 year ago

They have made a secure and audited release.
We'd prefer to use pfSense but are using OpenWRT for wireguard support.

#4 Updated by Soren Stoutner 11 months ago

For those who might not be following it, WireGuard is going to be integrated into the Linux kernel 5.6 release, which means both that it is at a point where it is considered ready for general consumption and that use of WireGuard is likely to become much more common in the next couple of years.

https://www.zdnet.com/article/at-long-last-wireguard-vpn-is-on-its-way-into-linux/

#5 Updated by Jim Pingle 11 months ago

We are fully aware. It's good news for them, but that does not mean much of anything for its implementation or stability on FreeBSD (yet).

#6 Updated by Ter Ted 10 months ago

Thats sad, I really hope WireGuard could be implemented in pfSense as soon as possible. The performance and security advantage over OpenVPN/Strongswan is huge. Strongswan had a lot of vulnerabilities, the implementation is way to complex. Could the priority of this issue be raised?

#7 Updated by Aaron Shaffer 9 months ago

PLEASE add WireGuard support! Thank you.

#8 Updated by Guy Godfroy 9 months ago

Now that wireguard is officially linux upstream, which is a proof of trust to a certain level, you may want to reconsider your decision. I know Wireguard is still considered WIP, but it takes a lots of trust to be merged in the linux kernel.

#9 Updated by Jim Pingle 9 months ago

See note 5 on this issue: https://redmine.pfsense.org/issues/8786#note-5

Linux is not FreeBSD.

#10 Updated by Lai Wei-Hwa 8 months ago

#11 Updated by Ronald Antony 4 months ago

Lai Wei-Hwa wrote:

See these links:
https://svnweb.freebsd.org/base?view=revision&revision=357986
https://svnweb.freebsd.org/base?view=revision&revision=357987

FreeBSD is making commits for in-kernel wireguard. It's coming.

Great! Looking forward to this!
WG is pretty much what I needed for years, and badly improvise with IPsec...
...hope this makes into pfSense soon.

#12 Updated by Justin Coffman 3 months ago

wireguard-go exists on FreeBSD. While it may not be in-kernel, it's a userspace implementation from the same project. There's no reason to continue delaying this.

#13 Updated by Jim Pingle 3 months ago

There certainly is reason. We're working on the in-kernel implementation and won't be wasting our time on unstable userspace implementations. It's still progressing well, just not publicly except what can be seen in the code going into FreeBSD directly.

#14 Updated by Soren Stoutner 3 months ago

Take as much time as you need to get it right. I would rather have a stable, in-kernel implementation than a buggy, userspace implementation.

#15 Updated by Erik Hennerfors 5 days ago

Jim Pingle wrote:

There certainly is reason. We're working on the in-kernel implementation and won't be wasting our time on unstable userspace implementations. It's still progressing well, just not publicly except what can be seen in the code going into FreeBSD directly.

Do you guys have any updates? I know you're doing as good as you can and I appreciate all your hard work, but an update to this would be a great light in these dark times :)

Also available in: Atom PDF