The WireGuard authors just released OpenBSD kernel driver for WireGuard vpn communication. This is request to have it this ported over to FreeBSD.
I suggest checking and testing this https://reviews.freebsd.org/D25425
Porting isn’t really straightforward. Most of the work is in the OS-specific glue. Matt Macy has been working on a FreeBSD implementation for some time. Please find a draft in the link above.
It's in review, which could mean its ready for testing? I'm willing to do some beta testing, I have today in (home) production 12.1 with Wireguard-go peer2peer running 24/7/365.
(In reply to Peter Libassi from comment #4)
It's nice that you are able and willing to do the tests. I suggest it's better to discuss further questions on the -net mailing list:
I've been running tests on the lkm version on -CURRENT. It'd need -CURRENT to compile.
In so far there has been 4 observations I've made;
1) It does connect to Linux version well. Packets that are routed through Wireguard FreeBSD machine work well.
2) There's something funny with traffic that is destined to the machine running wireguard, therefore to the wgX interface; ping induced echo requests work, and FreeBSD traceroutes are responded to - however, tcp connections blackhole somehow and won't work.
Connections to/from the other endpoint of Wireguard tunnel do work.
3) netstat counters for wgX interface aren't increasing, if the traffic is routed to elswhere.
4) wg show will coredump on the line where last keepalive handshake should show.
All in all, impressive work. Probably would benefit a lot by fixing 2) and 3), 4) is more of a "meh, ok".
I got CoVid-19 right about the time I actually started working on it in the beginning of March it and I've had CFS-like fatigue from the post-viral syndrome which has severely limited my productive hours outside of $DAYJOB. Nonetheless, It's essentially done modulo the issues pointed out by Osku As.
Jason had insisted that the code needed to be reviewed by him, but he won't actually spend any time on reviewing the code unless I'm actually sitting there engaging with him directly. The OpenBSD dev appears to have spent many dozens of hours with him. However, I simply have no time or inclination for that. I'm not sure who in the FreeBSD community has the crypto background to review the protocol bits as well as the energy to do so.
I can confirm issue 2) in comment 6.
I set up if_wg peer to a freebsd wireguard-go peer. ping both directions ok. ssh no contact in any direction, even tried ssh -b.
Then I created a remote host (jail with epair interfaces) from there i can access the wireguard-host local services. so it seems that the traffic coming from the freeBSD wireguard peer does not pass up the stack, if the traffic is from a remote host it is passed up the stack.
Then i set up if_wg peer to a void linux peer. Now ssh works in both directions!
I can confirm that the issue in comment 6 is now resolved with patch D26137
(In reply to Peter Libassi from comment #9)
Typo ;-) i mean the issue in comment 8 is resolved.