Thanks Adolf.
Now, all works fine.
Bye. 
1 Like
Hi guys.
I’ve noticed something strange with WireGuard.
I have it installed on my phone (the client) and configured perfectly with IPFire, and I have access without any issues, but after a while (indefinite, I think at least a week), it doesn’t connect. Let’s see, it seems like it connects. The client doesn’t give an error, but it won’t let me connect with either RDP or the NAS.
It only lets me connect if I disable the affected connection in IPFire and then re-enable it. Then, during that time, everything works correctly again, allowing me to connect to everything.
Is this happening to anyone else?
A big hug.
1 Like
First of all thanks to the dev team for wireguard integration! I am delighted that we were able to support it’s realization with a donation dedicated to wireguard last year.
We fully switched to core 195 beta yesterday to give wireguard a first try. Previously, we used a crossover net-to-net connection between two IPFire systems (local) via dedicated network connections to a remote site with another 2 IPFire systems behind (double) NAT. IPSec was used for this until we now replaced it with wireguard. We previously tried this with OpenVPN, but the results were disappointing.
It basically worked straight away! The connections were established even before routing/natting on the remote site were fine-tuned. I was really surprised! 
In addition, we use all the security features offered by IPFire on all the systems involved and I manually decreased the keep-alive interval from 25 to 15.
Observations so far are the following:
(1) while IPSec took benefit from AES-NI, wireguard consumes a significant little bit more cpu power, +15% estimated (powerful IPFire business appliance with 8 cores and AES-NI, overall cpu utilization near 50%)
(2) the connections are extremely (!) stable over time and are reestablished within seconds if they break off (heavy stability problems often occurred with IPSec)
(3) this setup fully utilizes the available bandwidth of the network connections (approx. 360 MBit/s in total), the overall throughput increased to the maximum; the IPSec scenario didn’t reach this for longer periods
(4) in my opinion, latency of the connection was improved
(5) I found that there is no wireguard entry under system protocols to monitor any problems
So far, I am very pleased with the results and I think that IPFire has taken a big step forward!
4 Likes
Thank you very much once again!
Compared to OpenVPN and IPsec, the experience on the client side is much smoother indeed.
IPsec throughput is very much dependant on the client side implementation. On the IPFire side there should be enough oomph there. But of course it takes two to tango.
We think so too. I hope that we will continue our journey into more networks all over the world this way.
Hello IPFire community.
IPFire 2.29 - Core Update 195 which features WireGuard support has been released!
Thank you to all those who helped with testing.
A G
2 Likes