Announcement

Collapse
No announcement yet.

WireGuard Support Merged Into Upstream OpenBSD

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • k1e0x
    replied
    Originally posted by starshipeleven View Post
    fixed

    It's at least a year that the go application is available. OPNSense (somewhat similar to pfsense) is using that in their packages for Wireguard support.

    It's simple because it is just doing the VPN job and nothing else. Use your OS's routing functionality to do routing, as explained here for Linux-based routing https://www.wireguard.com/netns/

    Yeah with very strange names like
    Interface, PrivateKey, ListenPort, FwMark, Peer, PublicKey, PresharedKey, AllowedIPs, Endpoint, PersistentKeepalive (and that's all there is).

    Very difficult to guess what they are for. The only "strange" part for a VPN is that Wireguard has no server or client and every device is a "peer".
    Well lets talk about this..
    Is "Address" the IP address you want the service to listen or or the address of the tunnel, or is it the virtual adapter?
    What "Endpoint" are you talking about, the network you are connecting to or the server or the tunnel? What perspective are you coming from here? Is endpoint the network your bridging to?
    "AllowedIP's" is confusing too is that an allow list for the clients that connect to it? Address in the tunnel? What?

    This could be cleaned up with clearer names such as "ListenAddress" (like every other piece of software.)

    if I'm asking these questions as a ~30 year experienced sysadmin.. regular users are going to be totally lost. Even the Webpage is screwed up "Interworkings" What in the crap? -- how about DOCS? Is that too hard? No.. it is because they don't have real docs. (Interworkings.. jesus.. christ.. this is what happens when you let programmers run the show. They think their software is so cool and creative.. well maybe it is but nobody else cares, they just care if it solves their problem.)

    Originally posted by starshipeleven View Post
    Did you perhaps miss the link called

    Consult the man page of wg(8) for more information.

    from the quickstart page? https://www.wireguard.com/quickstart/

    There you can read a manual that describes "each and every function" of both the command line application and the config file

    I mean, that's all it does and all the config options it supports. What were you expecting, a 50-page manual? A couple pages are enough.
    The man page is actually ok. (That is saying something for a Linux program) But it's missing a section on wgX.conf, it only contains information about the wg command, that in itself is fine.. but there need to be another man page on the configuration. (OpenVPN is guilty of this too, although they have web links) OpenSSH is the gold standard for command line applications and it's made by the OpenBSD team you scoff at. Oh look, sshd_config is in the man page.

    And no, In fact I did read the scrawl they wrote. Proper IT documentation stats with an introduction and has information on each and every fiction and option in the configuration and then contains working tutorials and examples. They don't need 50 pages, but 10 would be nice. If they ever want to be taken serious they need this. OpenVPN has good documentation, where is Wireguards?

    I literally laughed reading it when they were talking about "So say you are in a coffee shop on their wifi - If you just run this script" ... give me a break.. what a joke. This is NOT enterprise software. At all. it's about at the same level stunnel is.. and there is nothing wrong with that.. but if you are going to make claims like, improving VPN's and making them simple and high performant and replacing all VPN software.. Wireguard team has decades in front of them before they will meet those goals.
    Last edited by k1e0x; 06-24-2020, 08:03 PM.

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by k1e0x View Post
    This is cool, this is the only use case that OpenBSD is great for.
    fixed

    For FreeBSD/pfsense, Wireguard runs on FreeBSD now. (in go, It's just not included in the kernel) a package could be made for pfsense tho using that.
    It's at least a year that the go application is available. OPNSense (somewhat similar to pfsense) is using that in their packages for Wireguard support.

    to me it almost feels too simple.. A VPN can be a very complicated thing and sometimes added configuration options are wanted (such as routing options).
    It's simple because it is just doing the VPN job and nothing else. Use your OS's routing functionality to do routing, as explained here for Linux-based routing https://www.wireguard.com/netns/

    I don't really like the terminology wireguard uses in it's config, it's not clear what configuration options do by their name
    Yeah with very strange names like
    Interface, PrivateKey, ListenPort, FwMark, Peer, PublicKey, PresharedKey, AllowedIPs, Endpoint, PersistentKeepalive (and that's all there is).

    Very difficult to guess what they are for. The only "strange" part for a VPN is that Wireguard has no server or client and every device is a "peer".

    Write proper documentation please. (Your wiki sucks too, write a manual describing each and every function)
    Did you perhaps miss the link called

    Consult the man page of wg(8) for more information.

    from the quickstart page? https://www.wireguard.com/quickstart/

    There you can read a manual that describes "each and every function" of both the command line application and the config file

    I mean, that's all it does and all the config options it supports. What were you expecting, a 50-page manual? A couple pages are enough.
    Last edited by starshipeleven; 06-22-2020, 07:45 PM.

    Leave a comment:


  • k1e0x
    replied
    This is cool, this is exactly the kind of use case that OpenBSD is great for. Nice to see this supported

    For FreeBSD/pfsense, Wireguard runs on FreeBSD now. (in go, It's just not included in the kernel) a package could be made for pfsense tho using that.

    Overall on wireguard, I got time to play around with it and to me it almost feels too simple.. A VPN can be a very complicated thing and sometimes added configuration options are wanted (such as routing options). I don't think OpenVPN is going to die out any time soon..

    I don't really like the terminology wireguard uses in it's config, it's not clear what configuration options do by their name and I absolutely HATE the videos on the website. Write proper documentation please. (Your wiki sucks too, write a manual describing each and every function)
    Last edited by k1e0x; 06-22-2020, 02:23 PM.

    Leave a comment:


  • brad0
    replied
    Originally posted by HarlemSquirrel View Post
    Would be nice to have in pfsense.
    Netgate has already announced sponsoring an implementation for FreeBSD. Who knows if the FreeBSD implementation will take any inspiration from this code or be another brand new implementation from scratch like OpenBSD's.

    Leave a comment:


  • HarlemSquirrel
    replied
    Would be nice to have in pfsense.

    Leave a comment:


  • jaypatelani
    replied
    Congratulations team.. now fingers crossed for NetBSD wiregaurd merge

    Leave a comment:


  • phoronix
    started a topic WireGuard Support Merged Into Upstream OpenBSD

    WireGuard Support Merged Into Upstream OpenBSD

    Phoronix: WireGuard Support Merged Into Upstream OpenBSD

    Following WireGuard being merged into Linux 5.6, the attention turned in recent months by WireGuard developers onto seeing their kernel port upstreamed in OpenBSD. As of this weekend, the WireGuard upstreaming in OpenBSD is their latest accomplishment...

    http://www.phoronix.com/scan.php?pag...ard-In-OpenBSD
Working...
X