The PFSSense WireGuard package is not up to date.
The PFSSense WireGuard package is not up to date.
Hey everyone, I rely on WireGuard as my preferred VPN because OpenVPN often didn’t perform well for me. It’s currently set up on pfSense. I’ve noticed that pfSense uses its own packages from the FreeBSD repo, which means versions differ—pfSense 1.6_2, FreeBSD 2.1, and outdated WireGuard binaries. While these updates aren’t a big deal for casual use, I prefer keeping things fresh for security reasons. Using newer FreeBSD packages might work fine with pfSense’s web config, but it could be riskier if you need the latest features or patches.
WireGuard isn’t a hacked together VPN, it’s becoming one of the most widely used… This is a fair question tho, and I am actually unsure if the answer. I also use it myself as a plug-in in pfsense. But, seeing as pfsense is an enterprise appliance, and WireGuard is a office plug-in of theirs, I wouldn’t be to concerned. If there was any serious security flaw, I am relatively certain they would release a patch as soon as it was known. But maybe someone would have more info and could shed more light then myself.
specifically in the past it was, which is why it is no longer installed by default in pfSense and labeled as experimental, and was removed from FreeBSD in previous iterations. Thankfully though it does work well now and it'll probably be my new go-to, though IKEv2 IPSec is an enticing offer (though after that nifty NSA slideshow I wonder how safe it'll be in the coming years) This is a good point though, I imagine it is safe at the very least but I do wonder if there's any performance to be gained by using the more up-to-date FreeBSD version, even if that version is only 6 months newer. I'm guessing that if it hasn't made its way into the newer releases yet it'll either be added with pfSense 2.7.0 stable or be pushed out Eventually™