The Early Bird Gets The Challenging Upgrade Path
pfSense Community Edition is the open source branch freely available for use, as opposed to pfSense Pro which is the new closed source branch. pfSense CE 2.5.2 has just been released for you packet junkies out there, but as ServeTheHome discovered it may not be a simple upgrade for some. After the release of pfSense 2.5, pfSense and FreeBSD pulled back on kernel WireGuard support which many had been using in conjunction with pfSense. This means that a number of users out there are running a router with an outdated version of Wireguard and that will prevent a happy upgrade to 2.5.2, which returns Wireguard support as an experimental add-in.
Upon installing the update, those few brave souls running Wireguard will be faced with error messages stating that all Wireguard interfaces and tunnels must be removed before the installation can succeed. This is inconvenient but as the number of users that will see the message is quite low the decision makes some sense. In order to upgrade the existing version of Wireguard, pfSense would have to put a fair amount of work into testing and development for this patch. This could change thanks to the open source nature of pfSense CE, but ServeTheHome is not holding much hope for that at the moment.
In the mean time, they suggest a workaround using OpenVPN; not the best solution but perhaps less time consuming that rebuilding your Wireguard configuration from scratch.
Since we have a bit of experience with this after the FreeNAS Corral fiasco, and we had users request that we do this, we wanted to see what would happen to users who deployed pfSense 2.5 with Wireguard and who were stuck using the first implementation.