Jump to content

WireGuard pfSense package outdated?

mr cheese
By mr cheese
in Networking
 Share
Posted

Hey all, I use WireGuard as my VPN of choice since I just wasn't ever getting great mileage out of OpenVPN every time I used it. As of now it's running on pfSense. However, since pfSense maintains its own packages alongside the FreeBSD official repo, I noticed where pfSense's WireGuard is on version 1.6_2, FreeBSD is on 2.1. Similarly, packages like wireguard-kmod are now 6 months out-of-date. Typically I wouldn't bat an eye to this but since WireGuard is a more experimental (and, in the past, hacked-together mess of a) VPN I figured it would be best for security that they would stay more up-to-date.

 

Is it safe to be on these (relatively) outdated packages for everyday use, and would it be wise (or work well at all with pfSense's web configurator) to use the more up-to-date FreeBSD binaries?

My profile picure is real. That's what I look like in real life. I'm actually a blue and white African Wild Dog.

Ryzen 9 5900X - MSI Ventus 2x OC 3060 Ti - 2x8GB Corsair Vengeance LPX 3200MHz CL16 - ASRock B550 Phantom Gaming ITX/ax

EVGA CLC 280 + 2x140mm NF-A14 - Samsung 850 EVO 500GB + WD Black SN750 1TB - Windows 11/10 - EVGA Supernova G3 1000W

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
9 hours ago, mr cheese said:

Hey all, I use WireGuard as my VPN of choice since I just wasn't ever getting great mileage out of OpenVPN every time I used it. As of now it's running on pfSense. However, since pfSense maintains its own packages alongside the FreeBSD official repo, I noticed where pfSense's WireGuard is on version 1.6_2, FreeBSD is on 2.1. Similarly, packages like wireguard-kmod are now 6 months out-of-date. Typically I wouldn't bat an eye to this but since WireGuard is a more experimental (and, in the past, hacked-together mess of a) VPN I figured it would be best for security that they would stay more up-to-date.

 

Is it safe to be on these (relatively) outdated packages for everyday use, and would it be wise (or work well at all with pfSense's web configurator) to use the more up-to-date FreeBSD binaries?

WireGuard isn’t a hacked together VPN, it’s becoming one of the most widely used…

 

This is a fair question tho, and I am actually unsure if the answer. I also use it myself as a plug-in in pfsense. But, seeing as pfsense is an enterprise appliance, and WireGuard is a office plug-in of theirs, I wouldn’t be to concerned. If there was any serious security flaw, I am relatively certain they would release a patch as soon as it was known. But maybe someone would have more info and could shed more light then myself. 

Rig: i7 10700k @ 5.1Ghz, 4.8 Ring - - Z490 Vision G - - EVGA RTX 2080 XC Ultra @ 2025Mhz - - 4x8GB Vengeance Pro 3000Mhz 15-17-17-34 @ 3500MHz 16-19-19-38 - - Samsung 950 Pro 512 NVMe Boot + Main Programs - - Samsung 830 Pro 256 RAID 0 Lightroom + Photo work - - WD Blue 1 TB SSD for Games - - Corsair RM850x - - Sound BlasterX EA-5 - - EK Supremacy Evo - - XT45 X-Flow 420 + UT60 280 rads - - EK Full Cover GPU Block - - EK XRES RGB PWM - - Fractal Define S2 - - Acer Predator X34 -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 64 GB ECC 2133 - - 10x4 TB WD Red RAID Z2 - - 10TB WD Red for expendable data - - Corsair 750D - - Corsair RM650i - - Dell H310 6Gbps SAS HBA - - Intel RES2SC240 SAS Expander - - TreuNAS + many other VM’s

 

iPhone 14 Pro - 2018 MacBook Air

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
1 hour ago, LIGISTX said:

WireGuard isn’t a hacked together VPN

specifically in the past it was, which is why it is no longer installed by default in pfSense and labeled as experimental, and was removed from FreeBSD in previous iterations. Thankfully though it does work well now and it'll probably be my new go-to, though IKEv2 IPSec is an enticing offer (though after that nifty NSA slideshow I wonder how safe it'll be in the coming years)

 

1 hour ago, LIGISTX said:

I wouldn’t be to concerned. If there was any serious security flaw, I am relatively certain they would release a patch as soon as it was known

This is a good point though, I imagine it is safe at the very least but I do wonder if there's any performance to be gained by using the more up-to-date FreeBSD version, even if that version is only 6 months newer. I'm guessing that if it hasn't made its way into the newer releases yet it'll either be added with pfSense 2.7.0 stable or be pushed out Eventually™

My profile picure is real. That's what I look like in real life. I'm actually a blue and white African Wild Dog.

Ryzen 9 5900X - MSI Ventus 2x OC 3060 Ti - 2x8GB Corsair Vengeance LPX 3200MHz CL16 - ASRock B550 Phantom Gaming ITX/ax

EVGA CLC 280 + 2x140mm NF-A14 - Samsung 850 EVO 500GB + WD Black SN750 1TB - Windows 11/10 - EVGA Supernova G3 1000W

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×