On Tue, Aug 11, 2020 at 6:22 PM Matt Dunwoodie <[email protected]> wrote:
> On Tue, 11 Aug 2020 17:46:05 -0500 > Abel Abraham Camarillo Ojeda <[email protected]> wrote: > > > Hi to all, > > > > (unsure if this if for tech@ or misc@) > > Probably better suited for misc, moved there. > > > I'm using wireguard interfaces but I see that no matter what > > domain I put the interface: > > > > # ifconfig wg0 rdomain X > > > > It always listens in rdomain 0 (default), > > is this expected?, is there any way to listen in another rdomain? > > I want to expose several wg interfaces all listening in same port but > > there's not option to listen in another ip address: > > > > wgport port > > Set the UDP port that the tunnel operates on. The > > interface will > > bind to INADDR_ANY and IN6ADDR_ANY_INIT. If no port is > > configured, one will be chosen automatically. > > > > I tried creating several wg interfaces with different wgport and using > > pf udp redirections but source address selection gets very messy... > > > > Ideas? > > Have a look at "wgrtable" in ifconfig(8) to listen in another rdomain. > Thanks, will check that. > > However, I'd like to know the reason for wanting multiple interfaces > I made the original mail just from memory, but after reviewing the machine in question I realized that what I really wanted to do was having a single wg interface listen in several ports I run on this machine some services that are hard to isolate with pf so I run them in another rdomain (nfsd) and was exploring into how to make all this work + wg > and why they should be listening on the same port. I'm worried about extreme firewalls by universities/hotels and such here (Mexico) that block most ports, so I just recalled that what I really wanted was having a single wg interface listen in several of probably opened ports like: udp 4500 udp 53 (wanted to listen on udp53 on uplink interface/rdomain because I'm using udp53 in rdomain 0 for internal dns resolver) udp 123 (ntp) udp 443 (quic?) > Perhaps there is > a better solution than rdomains and pf redirections. > Sorry for this poorly described mail, maybe I need some sleep... Will try to answer this better tomorrow Thanks for your attention, I left that machine with a very fragile/complex setup that I'm having problems understanding right now... > Cheers, > Matt >
