Invalid interface listen port
-
Yeah, it should use the default there. It will in the next snapshot.
Steve
-
Is there any way to listen with Wireguard on a non-standard port at all? With this error, I am unable to have it listen on anything but the normal ports.
-
It can listen on any port you choose, just set it in the WireGuard interface config.
If you do that you obviously have to set any peers to use that new port.
What issue are you seeing?
Steve
-
@stephenw10 When I attempt to set my Wireguard tunnel to listen on port 443 for example I get this message:
"The following input errors were detected:
Invalid interface listen port."I have also confirmed that 443 is not in-use on the PFSense server:
: netstat -an | grep 443
tcp6 0 0 *.8443 . LISTEN
tcp4 0 0 *.8443 . LISTEN
[2.5.0-DEVELOPMENT] -
Hmm, could be restricted to high numbered ports only (>1023). Not sure I've tested that...
-
Nope has to be >511 currently:
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/web/wg.inc#L103That looks like input validation only though so you could probbably edit the config if you really wanted a port <512. Or edit the validation on that file.
Steve
-
@stephenw10 since there isn’t a technical reason to not allow it, can the port restriction be removed? There is no such restriction on the OpenVPN server ports.
Having to make manual config changes or changing the code to allow lower ports seem like issues in the future when the system is upgraded.
-
It was clearly coded that way for a reason. I'm digging internally.....
-
@stephenw10 Thanks! I appreciate it.
-
https://github.com/pfsense/pfsense/commit/94230d38349cfc3e76be3239833168f8835df07f
-
Hmmm...
-
Well that doesn't look right!
What did you do to see that?
-
Hello!
I am testing on :
2.5.0-DEVELOPMENT (amd64)
built on Mon Jan 25 09:13:15 EST 2021
FreeBSD 12.2-STABLEUsing Firefox 84.0.1 (64-bit)
I dont see any form field validation happening and the code in wg_validate_post and wg_validate_peer will let you enter just about anything you want.
I made a redmine issue with some stopgap code that might help. https://redmine.pfsense.org/issues/11311
John