91
Virtual private networks / Re: Wireguard port - public wifi
« on: September 25, 2021, 07:15:34 pm »
Yup J posted this already. It goes to the opnsense ip address.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
92
Virtual private networks / Re: Wireguard port - public wifi
« on: September 25, 2021, 05:23:29 pm »
I cant understand why you guys cant get redirecting from a different port to work. On mine it works perfectly fine. I can run wireguard on any port And just redirect a different external port of my choosing. Honestly I dont see how this cant work for you. Its like a basic feature of the firewall to be able to do this.
Maybe you guys are removing the rule that allows wireguard to listen in the port its configured. Can you rule this out by having 2 nat rules (one original rule to the same wireguard port its listening in and a second nat rule where the redirect is performed). If this scenario works then you guys are deleting the rule to allow wireguard to service requests on the port it is listening on which would break it obviously.
Maybe you guys are removing the rule that allows wireguard to listen in the port its configured. Can you rule this out by having 2 nat rules (one original rule to the same wireguard port its listening in and a second nat rule where the redirect is performed). If this scenario works then you guys are deleting the rule to allow wireguard to service requests on the port it is listening on which would break it obviously.
93
Virtual private networks / Re: Wireguard port - public wifi
« on: September 25, 2021, 12:58:19 am »
Ok I am running wireguard in kernel mode. Not the wireguard go version. What do you have?
94
Virtual private networks / Re: Wireguard port - public wifi
« on: September 24, 2021, 09:39:45 pm »
My Opnsense IP is 192.168.2.2 in case you wondered.
95
Virtual private networks / Re: Wireguard port - public wifi
« on: September 24, 2021, 09:38:52 pm »
Did you make sure under wireguard - local the port you are redirecting to is what wireguard is running on. Mine works totally fine. Here is a rule example of mine that works:
(My wireguard runs on 443 but I opened port 53 externally as a test.)
(My wireguard runs on 443 but I opened port 53 externally as a test.)
96
21.7 Legacy Series / Re: 21.7.3. - high CPU and MEM usage
« on: September 23, 2021, 05:19:38 am »
Same for me. 1 core pegged but a reboot fixed it totally for me.
97
Virtual private networks / Re: Wireguard port - public wifi
« on: September 22, 2021, 10:05:04 pm »
That would make it much harder. To test you would need to change the port to something else in your rule without changing anything else and confirm it works and then if this is the case consider another port to use that might bypass. The best is 53 and 443 but if those are out the question you might have success with port 465 as many firewalls allow this port (secure mail for gmail for example).
98
Virtual private networks / Re: Wireguard port - public wifi
« on: September 20, 2021, 11:31:28 pm »
I feel this would be a lot easier to test if you didnt leave your home and just checked it was working from your phone when you turn wifi on and off. Maybe start there as being able to switch back and forth is a lot easier.
99
Virtual private networks / Re: Wireguard over SSL or tunnel
« on: September 20, 2021, 09:19:18 pm »
Another person had this same question. Tunnel over port 443 or 53 both on UDP to try bypass firewalls.
Pete
Pete
100
Virtual private networks / Re: Wireguard port - public wifi
« on: September 20, 2021, 09:17:51 pm »
Assuming your FW is 192.168.1.1 and WG runs on port 989 UDP then it looks correct to me.
101
Virtual private networks / Re: Wireguard port - public wifi
« on: September 20, 2021, 07:35:27 pm »
I tested on my firewall and it works perfectly so you will have to check your rules etc. You should do basic troubleshooting steps like checking the opnsense server sees a handshake, if you can ping (rule out a dns issue etc) and wotnot and report back with any interesting findings. Mine was running in port 443 and I just opened port 53 to redirect to 443 in addition and it worked without changing anything further so must be something your side that could be stopping it.
102
Virtual private networks / Re: Wireguard port - public wifi
« on: September 19, 2021, 07:47:06 pm »
Let me know how it goes and I can help further if need be.
103
Virtual private networks / Re: Wireguard port - public wifi
« on: September 19, 2021, 07:19:08 pm »
Yes it is safe because you are not exposing dns to the internet. Wireguard is designed to be exposed to the internet. The port is not relevant. My question was, did you expose adguard to the internet on port 53 (that is unsafe).
You should create a nat rule. firewall - NAT. The appropriate rule will be created automatically when you make the NAT rule. You can see it and check its correct in firewall, wan, rules afterwards. Making the NAT rule will make the second rule for you.
P
You should create a nat rule. firewall - NAT. The appropriate rule will be created automatically when you make the NAT rule. You can see it and check its correct in firewall, wan, rules afterwards. Making the NAT rule will make the second rule for you.
P
104
Virtual private networks / Re: Wireguard port - public wifi
« on: September 19, 2021, 07:09:29 pm »
Ok thats fine. If you dont forward on your wan (pic shows lan interface) port 53 then you can do a nat rule on port 53 and redirect to a different internal port that wireguard runs on. So rule is interface wan, ipv4, udp, destination - 53, redirect to target port 51820 (or whatever you set wg port to be).
That way witeguard tuns on a different port internally but externally, someone contacting your wan address on port 53 udp is redirected internally to the wg port.
That should bypass most airports etc with restrictions.
P
That way witeguard tuns on a different port internally but externally, someone contacting your wan address on port 53 udp is redirected internally to the wg port.
That should bypass most airports etc with restrictions.
P
105
Virtual private networks / Re: Wireguard port - public wifi
« on: September 19, 2021, 03:13:28 am »
You have port 53 open to the whole internet?? I would recommend you dont do that. Perhaps you can explain your setup.