Inquiry Regarding the Inclusion of WireGuard VPN in IPFire

Dear IPFire Development Team,

My name is Diego Villamil, and I am serving as a Network Architect at INGECONT. First and foremost, I wish to extend my gratitude for your relentless effort and dedication in developing IPFire, an outstanding firewall and network management solution.

I have been actively exploring various VPN options to enhance security and data transmission efficiency within our network. In this pursuit, WireGuard has caught my attention. It stands out for its simplicity, efficiency, and robust security features.

I understand that integrating new functionalities into a complex system like IPFire requires thorough consideration. However, I am keen to know whether there are any plans to include WireGuard as a VPN option in IPFire. I believe that WireGuard’s incorporation would significantly benefit the IPFire community by offering a VPN alternative that is not only user-friendly but also high-performing.

I would greatly appreciate any information you can provide regarding this matter. Additionally, if it is within your plans, an estimated timeline for when we might expect this feature would be highly valuable.

Thank you in advance for your time and response. I remain committed to using IPFire and look forward to the new improvements and features that will be added in the future.

Sincerely,

Diego Villamil
Network Architect, INGECONT
Contact: +573106379164

2 Likes

Hallo @ingecont

Welcome to the IPFire community.

Wireguard will be in IPFire-3

It will not be put into IPFire-2 due to the amount of development work that would be needed which would divert resources from IPFire-3.

5 Likes

Subject: Appreciation and Excitement for the Inclusion of WireGuard in IPFire-3

Dear IPFire Development Team,

I would like to express my deepest thanks for your prompt and detailed response to my previous inquiry regarding the integration of WireGuard into IPFire. It’s heartening to see a team so committed to its community and responsive to user queries.

I am thrilled to hear the news that WireGuard will be included in the IPFire-3 project. This addition undoubtedly represents a significant step forward in terms of security and efficiency for the IPFire user community. WireGuard not only offers a modern and efficient VPN solution, but it also reflects IPFire’s ongoing commitment to innovation and adapting to new technologies.

As a Network Architect at INGECONT, I am particularly interested in the improvements this integration will bring to our network operations. I am confident that WireGuard in IPFire-3 will significantly enhance our networking capabilities and provide a safer and more efficient experience for our users.

Once again, I appreciate your dedication and efforts in maintaining and enhancing IPFire. I eagerly look forward to experiencing the benefits that WireGuard will bring to the IPFire-3 project and will continue to support and recommend IPFire as a top-tier network management and firewall solution.

Sincerely,

Diego Villamil
Network Architect, INGECONT
Contact: +57 3106379164

1 Like

Unfortunately an ETA or better… an EYA (estimated year of arrival) is not disclosed yet for IPFire 3.

1 Like

Hi !

Does anyone build maybe wireguard for Ipfire 2.x ?

Unobtanium?

Hi Adolf,

it’s great to hear that Wireguard will be supported. If you need somebody to test this feature feel free to contact me. I’m running several Wireguard tunnels because of the much better throughput and less CPU load than OpenVPN and can do several test if needed.

Sincerely,

Jens

Even if someone build a package, it must be integrated in the firewall. If i start the OpenVPN Server or the IPSec VPN Server or the tor node all iptables were set automatically and all settings will be set correctly no matter how I mess around and reload the iptables. Then it should have an easy-to-configure interface that also needs to be connected. So just install it? That would certainly work. For experts maybe.
I can also immediately think of new ideas in combination with my android and ipfire with WireGuard :smiley:

1 Like

Would anyone be able to help funding this for IPFire 2?

3 Likes

Personally, I created my own WireGuard VM based on OpenBSD and have IPFire port-forward port 51820 (UDP only) to the VM with some rate-limiting. I like the addition of PSK in creating an (almost) quantum-resistant tunnel.

The pf rules are a bit fiddly, but it works as intended to have a road-warrier setup for my connected remote devices.

For those who are interested in something simpler, wg-easy has a fairly simple implementation using Docker as the container.

Name your price :rofl:

This was a serious question actually…

I did not doubt that. I don’t think anyone doubt the seriousness.

However, there’s no public statement of the amount. If there was any private one, was never disclosed that happened… with acceptance or refusal (if the sum was privately disclosed, it’s fair that not gone public).

I know that’s not the exact same thing (founding a project to not match, as right perspective, as a purchase) however no one will buy a thing or a license without a known amount of money needed.

Obviously there is no amount. How can I know how much time I am going to need? I can only estimate. But that does not really bring us any further.

The way we fund the project simply is to have an open bucket and people put money into that bucket. We call that a donation. Whenever there is money in the bucket we spend it on someone doing the work. If there is more money, we will achieve more. If there is no money, we will come to a standstill.

3 Likes

I hear you, I feel you and I can understand. On the other hand, unless I’m spending my money (so it’s my choice if “waste” any), how can I give any proposition to the ones that are willing to invest in project funding, without providing any monetary size?
The project can be managed in any way the project director want to. But when asking for funds, at least a forecast of time and possible money spent is… a nice touch for get the people involved.

Again, I know that funding a project is not like buying goods or license, but very few people will buy something without an explicit price.
More on that: uGreen decided to enter into NAS markets. First batches of products were sold via Kickstarter, at reduced price compared to MSRP. It’s a “custom built” motherboard, with a custom built chassis, but the most green part is… software. uGreen is … a lot green into NAS management software, and it will be for a long time, compared to QNAP, Synology, Buffalo, Terramaster products and/or open source(ish, some) softwares like TrueNAS. Funny story: the originating project of TrueNAS, FreeNAS, took a lot of sources from… m0n0wall, which “moved” to OPNSense. World sometimes is smaller than what you think.

I’m not saying “project have to behave like…”. It’s not my place nor my will. But if there’s something that project members are unhappy about, consider options.
One went wrong, but… try again.

It is absolutely fine that you don’t want to contribute to IPFire. It is free software in the end - free as in freedom, so you are also free to do with it whatsoever. But please don’t try to compare us to other projects that clearly have gone another way.

IPFire is free. Any development that is funded by donations is going to be free software, too. We have been bringing you a free distribution for decades now based on that principle. If you don’t have this kind of trust in our team, then you might want to look for a commercial product, because then you will have exactly the SLAs and the commitments that you are asking for; but obviously a lot of money.

Certainly I will commit to things, too. But we are looking here for a large sum of money. This is not going to cost 500 EUR to build. It is a major project to get this right. So for any larger donors we can negotiate any kind of timeline, but for as long as we will do the bucket model, things will be done when they are done. You will get out of this project what you are putting into it.

10 Likes

Kudos to you! And cheers to you and your team!

I contribute my drop to the bucket every six months (last one was a couple of days ago) although what I get from IPFire at present is not a product but optionality. I don’t use it, but I may, especially when I see version 3, so I want to help to sustain it.

As a side note I would not contribute directly to implementing WG in v2, although the team can do as they think best with the bucket. Firstly, I want v3 so i’ll create minimum distractions, and secondly it is easy to implement WG on an internal device if needed, so no rush to have it on the firewall where I prefer to minimise “extras”.

1 Like

For those still waiting for WireGuard in IPFire and can’t read my muted comment above, here’s the link: Why Not WireGuard (2020) | Hacker News

1 Like

You are digging out a conversation from four years ago. Clearly there is the offer out there to implement this if there is funding for it…

2 Likes