An anecdotal note: I've been running Wireguard on multiple firewalls since it was first built into the kernel. One configuration is a central site that 3 remote sites depend on, on a 24/7 basis. I have had (knock on wood, I guess) no issues, crashes, etc. whatsoever. And the systems have been updated with -current about every 2-4 weeks. Maybe I'm just hitting the good snapshots in this regard. They are not using ipv6, and all have em(4) nic's.
On Wed, Oct 23, 2024 at 4:59 PM Vitaliy Makkoveev <m...@openbsd.org> wrote: > > > On 23 Oct 2024, at 23:36, Oliver Schweger <o...@init2.net> wrote: > > > > I’ll test your recommendations over the next few days, but I don’t expect > > -tcplro to make any difference, as wireguard only uses udp. > > I know, but it was reported that -tcplro helps. So I want to check > correlation.
