WireGuard Removed from pfSense March 2021


I usually hate to get involved in computer politics since one of the great things about computers in general it’s a politics free zone, however the pfSense subreddit is really blowing up over this area. It seems the code Netgate submitted to FreeBSD was really poorly written. Most of the “political” arguments in this thread are really a reflection on how poor the code was written. Given all the other bugs in the 2.5 release, I’m really wondering if a lot of the changes introduced in this new release are basically a function of just bad coding.

Would it have been better if they had put this into BSD (and pfsense) as experimental? Would this have caused less drama?

In my opinion, most other companies have issues such as this (poorly written code that is released too quickly), but never get discovered in a public forum since they are closed source. I can only imagine how “great” any other businesses closed source router software looks. This just blew up because its open source, and wireguard’s author called them out on the poor coding.

Personally I think this shows how well open source works for security. If this was closed source, this may have not been discovered until it became a 0day.

This is a good reason to not upgrade something right away unless there is a pressing need to. I usually wait a few weeks to upgrade production machines to see how the release is going and to see if something like this happens. I will wait until 2.5.0-p1 to upgrade production machines. There isn’t any major issues with 2.4.5.

@Greg_E I think it could have caused less drama if they did. But most people that work in this space know that new features mean new bugs and will take some time for them to get ironed out (even without the experimental tag). I wasn’t planning on using Wireguard for anything for a while until I got feedback about it.

I have no plans of moving away from openVPN right now, my ISP at home is still my limiting factor.