Pfsense wireguard site to site

Hi everyone,

I was wondering if wireguard was ready for prime time. I think Tom said he was using it instead of OpenVPN or IPsec.

Anyone is using it for multisite, mesh VPN in production ?
How is it going for you any hickups or problems when updating ?

I have been using in production for close to two years for site to site. It’s not beta anymore.

Hi Tom,

Thank you for confirming this. Wanted to make sure before I deploy on a customer that as 4 different sites connected with OpenVPN at the moment.

You have a great day.
Ben

If you have OpenVPN and it’s working fine there is not really a reason to switch.

I thought Wireguard would be a bit faster and I think I heard you say that since the shared key mode was going away in 2.7 for OpenVPN it was preferable to do the switch to Wireguard.

I might be mistaken. thanks for taking the time !

If you are using shared key for OpenVPN, then yes that is getting deprecated. It is a bit faster, but most people are limited by their internet connection speeds more than their VPN unless you are running it on lower end hardware.

Hi Tom,

Noted. They are all running on custom firewalls with enough power for sure. Wireguard seemed cleaner to configure then OpenVPN with TLS I will weigh my options.

Yes, Wireguard is cleaner but there is some learning curves so budget some time if it’s your first one.

I did test it already with 3 virtual firewall in a mesh configuration. Wasn’t too bad but I see what you mean with all the routing and addressing it gets complex really quickly spacially for the first time. Thanks for the heads up. I’ll retest some more to make sure. Have a nice weekend.

1 Like