Project

General

Profile

Actions

Feature #8786

closed

Wireguard VPN

Added by Stefan Bühler over 6 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
WireGuard
Target version:
Start date:
08/15/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

Hi
Please integrate wireguard VPN wireguard.com

Thx

Actions #1

Updated by Jim Pingle over 6 years ago

  • Subject changed from Feautre Request wireguard VPN to Wireguard VPN
  • Priority changed from Normal to Very Low

That won't happen until they make a secure, stable, and audited release. See https://forum.netgate.com/topic/132375/installing-wireguard-vpn/5

Actions #2

Updated by Jim Pingle over 5 years ago

  • Category set to New Package Request
Actions #3

Updated by Shannon Barber about 5 years ago

They have made a secure and audited release.
We'd prefer to use pfSense but are using OpenWRT for wireguard support.

Actions #4

Updated by Soren Stoutner almost 5 years ago

For those who might not be following it, WireGuard is going to be integrated into the Linux kernel 5.6 release, which means both that it is at a point where it is considered ready for general consumption and that use of WireGuard is likely to become much more common in the next couple of years.

https://www.zdnet.com/article/at-long-last-wireguard-vpn-is-on-its-way-into-linux/

Actions #5

Updated by Jim Pingle almost 5 years ago

We are fully aware. It's good news for them, but that does not mean much of anything for its implementation or stability on FreeBSD (yet).

Actions #6

Updated by Ter Ted almost 5 years ago

Thats sad, I really hope WireGuard could be implemented in pfSense as soon as possible. The performance and security advantage over OpenVPN/Strongswan is huge. Strongswan had a lot of vulnerabilities, the implementation is way to complex. Could the priority of this issue be raised?

Actions #7

Updated by Aaron Shaffer almost 5 years ago

PLEASE add WireGuard support! Thank you.

Actions #8

Updated by Guy Godfroy almost 5 years ago

Now that wireguard is officially linux upstream, which is a proof of trust to a certain level, you may want to reconsider your decision. I know Wireguard is still considered WIP, but it takes a lots of trust to be merged in the linux kernel.

Actions #9

Updated by Jim Pingle almost 5 years ago

See note 5 on this issue: https://redmine.pfsense.org/issues/8786#note-5

Linux is not FreeBSD.

Actions #10

Updated by Lai Wei-Hwa almost 5 years ago

Actions #11

Updated by Ronald Antony over 4 years ago

Lai Wei-Hwa wrote:

See these links:
https://svnweb.freebsd.org/base?view=revision&revision=357986
https://svnweb.freebsd.org/base?view=revision&revision=357987

FreeBSD is making commits for in-kernel wireguard. It's coming.

Great! Looking forward to this!
WG is pretty much what I needed for years, and badly improvise with IPsec...
...hope this makes into pfSense soon.

Actions #12

Updated by Anonymous over 4 years ago

wireguard-go exists on FreeBSD. While it may not be in-kernel, it's a userspace implementation from the same project. There's no reason to continue delaying this.

Actions #13

Updated by Jim Pingle over 4 years ago

There certainly is reason. We're working on the in-kernel implementation and won't be wasting our time on unstable userspace implementations. It's still progressing well, just not publicly except what can be seen in the code going into FreeBSD directly.

Actions #14

Updated by Soren Stoutner over 4 years ago

Take as much time as you need to get it right. I would rather have a stable, in-kernel implementation than a buggy, userspace implementation.

Actions #15

Updated by Erik Hennerfors about 4 years ago

Jim Pingle wrote:

There certainly is reason. We're working on the in-kernel implementation and won't be wasting our time on unstable userspace implementations. It's still progressing well, just not publicly except what can be seen in the code going into FreeBSD directly.

Do you guys have any updates? I know you're doing as good as you can and I appreciate all your hard work, but an update to this would be a great light in these dark times :)

Actions #16

Updated by Stefan Meili about 4 years ago

For what it's worth please consider this my up-vote for this feature.

Actions #17

Updated by Jonathon Reinhart about 4 years ago

Aaron Shaffer wrote:

PLEASE add WireGuard support! Thank you.

Stefan Meili wrote:

For what it's worth please consider this my up-vote for this feature.

Please stop adding useless comments like these. They do nothing but spam everyone who are patiently watching this issue. Then admins have to lock the issue, preventing relevant discourse from happening.

Actions #18

Updated by Ter Ted about 4 years ago

Please don't lock this issue, it is very important feature to have for many people.

Actions #20

Updated by Christian Weiss almost 4 years ago

From https://svnweb.freebsd.org/base?view=revision&revision=368163

Sponsored by: Rubicon LLC, (Netgate)

Just want to say: Thank you!

As far as i can see, all preconditions to start working on this ticket are fulfilled now.
Can we raise the priority of this ticket (currently: "Very low") to something higher accordingly to reflect the user requests above (and all others that did not spammed on this ticket)?

Actions #21

Updated by Jim Pingle almost 4 years ago

It's still being worked on (and has been the whole time). There are ongoing stability issues that have yet to be fixed.

Actions #22

Updated by Renato Botelho almost 4 years ago

  • Project changed from pfSense Packages to pfSense
  • Category changed from New Package Request to VPN (Multiple Types)
  • Status changed from New to Feedback
  • Assignee set to Renato Botelho
  • Priority changed from Very Low to Normal
  • Target version set to 2.5.0

Initial kernel version wireguard support is now in place

Actions #23

Updated by Jim Pingle almost 4 years ago

  • Category changed from VPN (Multiple Types) to WireGuard
Actions #24

Updated by Ronald Schellberg almost 4 years ago

Renato Botelho wrote:

Initial kernel version wireguard support is now in place

FYI. I have receiving fetch errors on the wiregaurd-tools port. The particular distinfo package is not available on external servers. I have waited a few days to see if it was going to get propagated upstream. Also Jason's latest commit on his server for wireguard-tools is dated 20-12-18 and the pfsense makefile points to a 20-12-16 version.

=======================<phase: fetch >============================
===> License GPLv2 accepted by the user
=> pfSense-wireguard-tools-b252b4effb62f0a3a5727cc188cfa4ec7ea7ca59_GL0.tar.gz doesn't seem to exist in /portdistfiles/.
=> Attempting to fetch https://gitlab.netgate.com/pfSense/wireguard-tools/repository/b252b4effb62f0a3a5727cc188cfa4ec7ea7ca59/archive.tar.gz?dummy=/pfSense-wireguard-tools-b252b4effb62f0a3a5727cc188cfa4ec7ea7ca59_GL0.tar.gz
fetch: https://gitlab.netgate.com/pfSense/wireguard-tools/repository/b252b4effb62f0a3a5727cc188cfa4ec7ea7ca59/archive.tar.gz?dummy=/pfSense-wireguard-tools-b252b4effb62f0a3a5727cc188cfa4ec7ea7ca59_GL0.tar.gz: No route to host
=> Attempting to fetch http://distcache.FreeBSD.org/ports-distfiles/pfSense-wireguard-tools-b252b4effb62f0a3a5727cc188cfa4ec7ea7ca59_GL0.tar.gz
fetch: http://distcache.FreeBSD.org/ports-distfiles/pfSense-wireguard-tools-b252b4effb62f0a3a5727cc188cfa4ec7ea7ca59_GL0.tar.gz: Not Found
=> Couldn't fetch it - please try to retrieve this
=> port manually into /portdistfiles/ and try again.

Actions #25

Updated by Renato Botelho almost 4 years ago

Ronald Schellberg wrote:

Renato Botelho wrote:

Initial kernel version wireguard support is now in place

FYI. I have receiving fetch errors on the wiregaurd-tools port. The particular distinfo package is not available on external servers. I have waited a few days to see if it was going to get propagated upstream. Also Jason's latest commit on his server for wireguard-tools is dated 20-12-18 and the pfsense makefile points to a 20-12-16 version.

=======================<phase: fetch >============================
===> License GPLv2 accepted by the user
=> pfSense-wireguard-tools-b252b4effb62f0a3a5727cc188cfa4ec7ea7ca59_GL0.tar.gz doesn't seem to exist in /portdistfiles/.
=> Attempting to fetch https://gitlab.netgate.com/pfSense/wireguard-tools/repository/b252b4effb62f0a3a5727cc188cfa4ec7ea7ca59/archive.tar.gz?dummy=/pfSense-wireguard-tools-b252b4effb62f0a3a5727cc188cfa4ec7ea7ca59_GL0.tar.gz
fetch: https://gitlab.netgate.com/pfSense/wireguard-tools/repository/b252b4effb62f0a3a5727cc188cfa4ec7ea7ca59/archive.tar.gz?dummy=/pfSense-wireguard-tools-b252b4effb62f0a3a5727cc188cfa4ec7ea7ca59_GL0.tar.gz: No route to host
=> Attempting to fetch http://distcache.FreeBSD.org/ports-distfiles/pfSense-wireguard-tools-b252b4effb62f0a3a5727cc188cfa4ec7ea7ca59_GL0.tar.gz
fetch: http://distcache.FreeBSD.org/ports-distfiles/pfSense-wireguard-tools-b252b4effb62f0a3a5727cc188cfa4ec7ea7ca59_GL0.tar.gz: Not Found
=> Couldn't fetch it - please try to retrieve this
=> port manually into /portdistfiles/ and try again.

Project was hosted on an internal server but is now replicated to github at https://github.com/pfsense/wireguard-tools

It will be added to FreeBSD as well soon

Actions #26

Updated by Ronald Schellberg almost 4 years ago

Renato Botelho wrote:

Project was hosted on an internal server but is now replicated to github at https://github.com/pfsense/wireguard-tools

It will be added to FreeBSD as well soon

Just noticed that it was added to github. Thanks

Actions #27

Updated by Renato Botelho almost 4 years ago

  • Status changed from Feedback to Resolved

Import of wireguard is complete. Issues are being tracked on separate tickets

Actions

Also available in: Atom PDF