OPNsense Forum

English Forums => Virtual private networks => Topic started by: gdfnr123 on November 18, 2023, 06:13:25 pm

Title: Multiple WireGuard Instances with Different ports
Post by: gdfnr123 on November 18, 2023, 06:13:25 pm

Hello,

I have 1 wireguard instance running under port 51820 and with endpoints assigned as 51820. Devices work great
Both wireguard interfaces are assigned ,Firewall Rules for both firewalls to allow
   IPv4+6 *   *   *   *   *   *   *      AllowAll-WireGuard
Firewall WAN rules
   IPv4+6 UDP   *   *   WAN address   51820   *   *      WireGuardVPN      
        IPv4+6 UDP   *   *   WAN address   53 (DNS)   *   *      WireGuardDNS53

Nat Outbound set as    Automatic outbound NAT rule generation
(no manual rules can be used)

I created another wireguard instance simulating the wireguard that i had setup with with listen port and client endpoint ports of 123,53 however when looking on the client end seeing under Transfer seeing rx  as 0 and tx numbers increasing

Any insight would be appreciated as to what could i be missing

Title: Re: Multiple WireGuard Instances with Different ports
Post by: netnut on November 20, 2023, 11:28:39 pm

Quote from: gdfnr123 on November 18, 2023, 06:13:25 pm

I created another wireguard instance simulating the wireguard that i had setup with with listen port and client endpoint ports of 123,53 however when looking on the client end seeing under Transfer seeing rx  as 0 and tx numbers increasing

With 123,53 you mean that your second wireguard instance is listening on port 123 ?

1. That port is (officialy) assigned to NTP, you could use it but you shouldn't
2. I guess (not 100% sure), wireguard doesn't bind to restricted ports <1024 by default

What if you change 123 to any port you like but greater than 1024 ? Something like 51821 for instance (and creating the according rules)?