Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Invalid interface listen port

    Scheduled Pinned Locked Moved WireGuard
    17 Posts 5 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tobira @stephenw10
      last edited by

      @stephenw10 When I attempt to set my Wireguard tunnel to listen on port 443 for example I get this message:

      "The following input errors were detected:
      Invalid interface listen port."

      I have also confirmed that 443 is not in-use on the PFSense server:
      : netstat -an | grep 443
      tcp6 0 0 *.8443 . LISTEN
      tcp4 0 0 *.8443 . LISTEN
      [2.5.0-DEVELOPMENT]

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Hmm, could be restricted to high numbered ports only (>1023). Not sure I've tested that...

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by stephenw10

          Nope has to be >511 currently:
          https://github.com/pfsense/pfsense/blob/master/src/etc/inc/web/wg.inc#L103

          That looks like input validation only though so you could probbably edit the config if you really wanted a port <512. Or edit the validation on that file.

          Steve

          T 1 Reply Last reply Reply Quote 0
          • T
            tobira @stephenw10
            last edited by

            @stephenw10 since there isn’t a technical reason to not allow it, can the port restriction be removed? There is no such restriction on the OpenVPN server ports.

            Having to make manual config changes or changing the code to allow lower ports seem like issues in the future when the system is upgraded.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              It was clearly coded that way for a reason. I'm digging internally.....

              T 1 Reply Last reply Reply Quote 0
              • T
                tobira @stephenw10
                last edited by

                @stephenw10 Thanks! I appreciate it.

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  https://github.com/pfsense/pfsense/commit/94230d38349cfc3e76be3239833168f8835df07f

                  1 Reply Last reply Reply Quote 0
                  • S
                    serbus
                    last edited by

                    Hmmm...

                    Firefox_Screenshot_2021-01-26T00-43-23.772Z.png

                    Lex parsimoniae

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Well that doesn't look right! 😉

                      What did you do to see that?

                      1 Reply Last reply Reply Quote 0
                      • S
                        serbus
                        last edited by

                        Hello!

                        I am testing on :

                        2.5.0-DEVELOPMENT (amd64)
                        built on Mon Jan 25 09:13:15 EST 2021
                        FreeBSD 12.2-STABLE

                        Using Firefox 84.0.1 (64-bit)

                        I dont see any form field validation happening and the code in wg_validate_post and wg_validate_peer will let you enter just about anything you want.

                        I made a redmine issue with some stopgap code that might help. https://redmine.pfsense.org/issues/11311

                        John

                        Lex parsimoniae

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.