It's no secret that Netgate is *very* late with WireGuard. Some random guy on the forums had it working nearly a year ago, which is what I'm running on my pfSense boxes (and why I'm still using pfSense, frankly).
It's also the audited userland version, so I'm glad I didn't hurry up and upgrade to the 2.5.0 release with in-kernel Wireguard. What's worse is that the Netgate staff has been shittalking the userland version, yet for me it's been totally stable, if a bit of a pain in the ass to get set up the first time.
The real thorn is that Opnsense, the community fork of pfSense that has gone its own way, has had Wireguard for, what, a couple years now? And they take patches in a timely manner (one of my pfSense fixes took > 3 years to commit). But there's no easy way to migrate in either direction, so it's not like the userbases are entirely interchangable.
And, yes, I send Netgate >$1000 orders every so often, contribute code, and file decent bugs, so it's not like I have it out for those guys. I just wish they would listen to their users a bit more.
At least they backed down from deprecating their own hardware from a few years ago which was "the plan" for some bullshit reason centering on AES-NI-ish things. Cache-timing attacks made their theoretical attack seem esoteric and difficult by comparison.
I get that it's not easy to make money in this business but it would be better to build a robust community and fandom to increase sales.
Hurried (Score:3)
It's no secret that Netgate is *very* late with WireGuard. Some random guy on the forums had it working nearly a year ago, which is what I'm running on my pfSense boxes (and why I'm still using pfSense, frankly).
It's also the audited userland version, so I'm glad I didn't hurry up and upgrade to the 2.5.0 release with in-kernel Wireguard. What's worse is that the Netgate staff has been shittalking the userland version, yet for me it's been totally stable, if a bit of a pain in the ass to get set up the first time.
The real thorn is that Opnsense, the community fork of pfSense that has gone its own way, has had Wireguard for, what, a couple years now? And they take patches in a timely manner (one of my pfSense fixes took > 3 years to commit). But there's no easy way to migrate in either direction, so it's not like the userbases are entirely interchangable.
And, yes, I send Netgate >$1000 orders every so often, contribute code, and file decent bugs, so it's not like I have it out for those guys. I just wish they would listen to their users a bit more.
At least they backed down from deprecating their own hardware from a few years ago which was "the plan" for some bullshit reason centering on AES-NI-ish things. Cache-timing attacks made their theoretical attack seem esoteric and difficult by comparison.
I get that it's not easy to make money in this business but it would be better to build a robust community and fandom to increase sales.