Hello wireguard-kmod on OPNsense!

Update: Starting from OPNsense 23.1 wireguard-kmod is now installed by default instead of the go implementation.

Yesterday (30th March 2021) OPNsense released their latest version of OPNsense 21.1.4, its just a minor update with few package updates and security fixes. Bundled hidden away in this update was a lovely new package called wireguard-kmod, which is the WireGuard kernel implementation for FreeBSD, since OPNsense runs on FreeBSD we get to enjoy its goodness! More bandwidth, lower latency!

Now this kernel module isn’t fully production ready and is considered experimental but for testing or bleeding edge users, you can install it today! To install it you simply need to SSH or access the console of OPNsense and install the package pkg install wireguard-kmod once installed, simply reboot OPNsense and you’ll now be using the WireGuard kernel module for OPNsense. Note, the wireguard-go service will show as stopped since the go implementation isn’t being used, due to the kernel module, OPNsense will fix this in a later release.

I have been testing the WireGuard kernel module on OPNsense and I’ve seen over 2.5x performance increase, managing 1.1gbit speeds connected to a PIA WireGuard server, where before I was only getting 200-300mbits. Going with the kernel module is quite the speed increase.

Also to note, this implementation is the one by the WireGuard project owner Jason A. Donenfeld and not the one by Netgate.

At this time this code is new, unvetted, possibly buggy, and should be

considered “experimental”. It might contain security issues. We gladly

welcome your testing and bug reports, but do keep in mind that this code

is new, so some caution should be exercised at the moment for using it

in mission critical environments.

https://www.freshports.org/net/wireguard-kmod/
https://git.zx2c4.com/wireguard-freebsd/
https://lists.zx2c4.com/pipermail/wireguard/2021-March/006518.html