Between the FreeBSD WireGuard drama and WireGuard's maintainer's (Jason Donenfeld) reaction to the NetBSD implementation, I think it's a good idea to look at not only what's happening, but why and by whom. There's something slightly fishy about it all.

https://mail-index.netbsd.org/current-users/2020/08/20/msg03... https://mail-index.netbsd.org/current-users/2020/08/22/msg03...

Jason Donenfeld has, to this day, never answered direct and simple questions about WHY he felt so strongly that NetBSD's wg implementation should be removed from NetBSD.

Good post from Phoronix on the topic, also giving a bit of context as to why they're "bringing back" the driver: https://www.phoronix.com/news/FreeBSD-WireGuard-Lands-2022

I'm really looking forward to this making its way into OPNsense and such.

Genuinely curious…

Is there any security benefit to moving a WireGuard bastion from fully patched Ubuntu to FreeBSD?

Can someone please explain: I've been using WireGuard via `wg-quick` command in FreeBSD for quite a while now. What does this commit do?

I care about this only in the context of OPNsense which I replaced my old pfSense router with. Though I'd love to run a linux firewall router rather than *BSD, none seem up to the task. OPNsense is good.

I'm currently running a VM with a wireguard server within my firewall. That VM is running linux. I'm fine with this until the kmod lands in OPNsense, then I'll likely transition. One less VM to manage sounds good to me.

And another plug for OPNsense. Setting it up was easy. Far easier than pfSense, which I'd used for about a decade.

I use WireGuard on OPNsense (FreeBSD-based router appliance) and clients on macOS, iPhone, iPad, Android, Linux, and Windows. It's easy to setup and Just Works(tm). Throw away your AnyConnect, Tunnelblick (OpenVPN), and such.

I assume this is with Jason Donenfeld's approval?