Invalid interface listen port
-
@stephenw10 When I attempt to set my Wireguard tunnel to listen on port 443 for example I get this message:
"The following input errors were detected:
Invalid interface listen port."I have also confirmed that 443 is not in-use on the PFSense server:
: netstat -an | grep 443
tcp6 0 0 *.8443 . LISTEN
tcp4 0 0 *.8443 . LISTEN
[2.5.0-DEVELOPMENT] -
Hmm, could be restricted to high numbered ports only (>1023). Not sure I've tested that...
-
Nope has to be >511 currently:
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/web/wg.inc#L103That looks like input validation only though so you could probbably edit the config if you really wanted a port <512. Or edit the validation on that file.
Steve
-
@stephenw10 since there isn’t a technical reason to not allow it, can the port restriction be removed? There is no such restriction on the OpenVPN server ports.
Having to make manual config changes or changing the code to allow lower ports seem like issues in the future when the system is upgraded.
-
It was clearly coded that way for a reason. I'm digging internally.....
-
@stephenw10 Thanks! I appreciate it.
-
https://github.com/pfsense/pfsense/commit/94230d38349cfc3e76be3239833168f8835df07f
-
Hmmm...
-
Well that doesn't look right!
What did you do to see that?
-
Hello!
I am testing on :
2.5.0-DEVELOPMENT (amd64)
built on Mon Jan 25 09:13:15 EST 2021
FreeBSD 12.2-STABLEUsing Firefox 84.0.1 (64-bit)
I dont see any form field validation happening and the code in wg_validate_post and wg_validate_peer will let you enter just about anything you want.
I made a redmine issue with some stopgap code that might help. https://redmine.pfsense.org/issues/11311
John
