I was reading a post on Reddit regarding a security issue with Wireguard and pfSense. Is this true and should I stop using Wireguard. I hope not because I finally got it working. After watching Tom’s video and reconfiguring multiple times. I finally blew it away and started from scratch. That is when it started working.
The FreeBSD project pulled the code of interest from their main tree, both the original submission as well as the code modified by their project members.
Who do you trust?
Go back to the threads on Reddit and review what has been posted there and on the FreeBSD mailing list. Then decide for yourself.
If I was served food that was clearly undercooked in the middle, I’d consume something else.
If it was really an issue. I’m sure Tom would have covered it.
I lack interest in what there drama is going on between the people involved. but what is very important is the code and the changes can be observed here wireguard-freebsd - WireGuard implementation for the FreeBSD kernel
So far the only security issue that has come out is a notice from Netgate is do not configure jumbo frames on WireGuard interfaces (MTU >= 1420). This is a non default configuration and is not something that should cause issues because for this to occurs requires you to manually reconfigure pfsense interfaces where Wireguard is listening to accept these frames and have a system sending those frames out of spec to potentially cause a buffer overflow.
I am still watching through the code changes and note to see if there are any other change related to pfsense that could be an issue, but so far none have really surfaced. If they do, I will do a video on the topic.
As for whatever controversies may come from this, feel free to join in the many discussions over at reddit or any other forums where that is happening, no need for that to be discussed here.
Well, my last post did not age well but I will leave it up. They just posted this “WireGuard Removed from pfSense® CE and pfSense® Plus Software” so there are clearly some issues. So as of right now, I would say not to use WireGuard.