On Tue, 27 Oct 2020 22:36:38 +0100
Pierre Emeriaud wrote:
> Howdy misc@,
>
> I have a fairly complicated setup with lots of interfaces, a couple of
> rdomains etc.
>
> I'd like wireguard to listen only on an IP address, not all. But if my
> understanding of ifconfig(8) is correct, this doesn't
> On Oct 29, 2020, at 6:09 PM, Pierre Emeriaud
> wrote:
>
> Le jeu. 29 oct. 2020 à 21:03, Stuart Henderson a
> écrit :
>> Which DNS server do you have bound on 53?
>
> unwind
>
>
>>> Is there a reason why wg needs such a large bind?
>> Unless/until it gets an option to bind to a
Pierre Emeriaud wrote:
> Totally agreed. This is because of my stupid idea to share port 53 for
> this use. Maybe my understanding of sockets was wrong, but I thought
> that applications could use the bind port _if and only_ they weren't
> trying to bind the same IP+port, hence my question about
On 2020/10/29 23:08, Pierre Emeriaud wrote:
> Le jeu. 29 oct. 2020 à 21:03, Stuart Henderson a écrit
> :
> >
> > Which DNS server do you have bound on 53?
>
> unwind
>
>
> > > Is there a reason why wg needs such a large bind?
> >
> > Unless/until it gets an option to bind to a specific IP
Le jeu. 29 oct. 2020 à 21:17, Theo de Raadt a écrit :
>
> Or, don't try to overlay stuff onto a single port. Look, we can tell
> what is going on here, you want to tunnel over the least-filtered port
> on the internet, but if you do that trying to use that port for another
> thing is quite a
Pierre Emeriaud wrote:
> Le jeu. 29 oct. 2020 à 18:00, Brian Brombacher a écrit
> :
> >
> >
> > Then there’s a misconfiguration, wg driver bug, or the driver documentation
> > is wrong in ifconfig about wgrtable.
> >
> > Routing domains are where you can specify multiple conflicting port
Le jeu. 29 oct. 2020 à 21:03, Stuart Henderson a écrit :
>
> Which DNS server do you have bound on 53?
unwind
> > Is there a reason why wg needs such a large bind?
>
> Unless/until it gets an option to bind to a specific IP that's all it
> can sanely do. It would definitely be useful IMO.
Le jeu. 29 oct. 2020 à 18:00, Brian Brombacher a écrit :
>
>
> Then there’s a misconfiguration, wg driver bug, or the driver documentation
> is wrong in ifconfig about wgrtable.
>
> Routing domains are where you can specify multiple conflicting port binds and
> be fine, INADDR_ANY included.
On
Stuart Henderson wrote:
> On 2020-10-29, Pierre Emeriaud wrote:
> > Le jeu. 29 oct. 2020 à 01:20, Theo de Raadt a écrit :
> >>
> >> I believe you are running into the restriction that we don't allow an
> >> INADDR_ANY:port binding to be done after a ipaddr:port binding has been
> >> done. It
On 2020-10-29, Pierre Emeriaud wrote:
> Le jeu. 29 oct. 2020 à 01:20, Theo de Raadt a écrit :
>>
>> I believe you are running into the restriction that we don't allow an
>> INADDR_ANY:port binding to be done after a ipaddr:port binding has been
>> done. It must be done beforehands.
>
> Sorry
> On Oct 29, 2020, at 11:21 AM, Pierre Emeriaud
> wrote:
>
> Le jeu. 29 oct. 2020 à 00:09, Brian Brombacher a
> écrit :
>>
>> Scratch that, use the ifconfig wgrtable option to specify separate routing
>> domains for the port 53. This lets you initiate many. You still need to
>> deal
On 10/29/20 5:20 PM, Kevin Chadwick wrote:
> I believe it actually operates at layer 2/3 below IP and uses the default gw
> IP
> to decide where to operate for a peer to peer link.
I'm not actually sure how that makes any sense as it uses UDP which is layer 4.
But this says layer 3
On 10/29/20 4:00 PM, Pierre Emeriaud wrote:
>>> Is there a reason why wg needs such a large bind?
>> I don't know why wg does that, because I haven't looked at the code.
>> Your configuration is definately pushing the limits.
> Allright many thanks Theo. Maybe Jason can chime in on this topic.
I
Le jeu. 29 oct. 2020 à 16:40, Theo de Raadt a écrit :
>
> > Is there a reason why wg needs such a large bind?
>
> I don't know why wg does that, because I haven't looked at the code.
> Your configuration is definately pushing the limits.
Allright many thanks Theo. Maybe Jason can chime in on
Pierre Emeriaud wrote:
> Le jeu. 29 oct. 2020 à 01:20, Theo de Raadt a écrit :
> >
> > I believe you are running into the restriction that we don't allow an
> > INADDR_ANY:port binding to be done after a ipaddr:port binding has been
> > done. It must be done beforehands.
>
> Sorry Theo,
Le jeu. 29 oct. 2020 à 01:20, Theo de Raadt a écrit :
>
> I believe you are running into the restriction that we don't allow an
> INADDR_ANY:port binding to be done after a ipaddr:port binding has been
> done. It must be done beforehands.
Sorry Theo, maybe things got lost in translation, but if
Le jeu. 29 oct. 2020 à 00:09, Brian Brombacher a écrit :
>
> Scratch that, use the ifconfig wgrtable option to specify separate routing
> domains for the port 53. This lets you initiate many. You still need to
> deal with getting the IP pointing at the right routing domain now.
I'm already
Pierre Emeriaud wrote:
> Le mar. 27 oct. 2020 à 23:46, j...@snoopy.net.nz a écrit
> :
> >
> >
> >
> > Hi Pierre,
> >
> > The error may indicate that port 53 on 127.0.0.1 is already used by another
> > service. This appears to be confirmed by your netstat example. This is
> > probably a dns
> On Oct 28, 2020, at 6:21 PM, Brian Brombacher wrote:
>
>
>
>> On Oct 28, 2020, at 5:07 PM, Pierre Emeriaud
>> wrote:
>>
>> Le mar. 27 oct. 2020 à 23:46, j...@snoopy.net.nz a
>> écrit :
>>>
>>>
>>>
>>> Hi Pierre,
>>>
>>> The error may indicate that port 53 on 127.0.0.1 is
> On Oct 28, 2020, at 5:07 PM, Pierre Emeriaud
> wrote:
>
> Le mar. 27 oct. 2020 à 23:46, j...@snoopy.net.nz a
> écrit :
>>
>>
>>
>> Hi Pierre,
>>
>> The error may indicate that port 53 on 127.0.0.1 is already used by another
>> service. This appears to be confirmed by your netstat
Le mar. 27 oct. 2020 à 23:46, j...@snoopy.net.nz a écrit :
>
>
>
> Hi Pierre,
>
> The error may indicate that port 53 on 127.0.0.1 is already used by another
> service. This appears to be confirmed by your netstat example. This is
> probably a dns service.
Thanks Joe. This is indeed a dns
Hi Brian
Le mar. 27 oct. 2020 à 23:07, Brian Brombacher a écrit :
>
> I wonder if multiple ports, 5053, 5153 (and so on) redirected using pf rdr-to
> rules may work? That way you can setup rules like first IP + port 53
> redirect to 5053, second IP + 53 redirect to 5153?
>
> May be worth a
2020, 10:36 am
To: misc
Subject: wg(4) listen on a specific interface / address
Howdy misc@,
I have a fairly complicated setup with lots of interfaces, a couple
of
rdomains etc.
I'd like wireguard to listen only on an IP address, not all. But if
my
understanding of ifconfig(8
> On Oct 27, 2020, at 5:33 PM, Pierre Emeriaud
> wrote:
>
> Howdy misc@,
>
> I have a fairly complicated setup with lots of interfaces, a couple of
> rdomains etc.
>
> I'd like wireguard to listen only on an IP address, not all. But if my
> understanding of ifconfig(8) is correct, this
Howdy misc@,
I have a fairly complicated setup with lots of interfaces, a couple of
rdomains etc.
I'd like wireguard to listen only on an IP address, not all. But if my
understanding of ifconfig(8) is correct, this doesn't seem possible
currently:
wgport port
Set the UDP port that
25 matches
Mail list logo
