Re: wireguard listen in other rdomain?

[Abel Abraham Camarillo Ojeda]

On Tue, Aug 11, 2020 at 6:22 PM Matt Dunwoodie  wrote:

> On Tue, 11 Aug 2020 17:46:05 -0500
> Abel Abraham Camarillo Ojeda  wrote:
>
> > Hi to all,
> >
> > (unsure if this if for tech@ or misc@)
>
> Probably better suited for misc, moved there.
>
> > I'm using wireguard interfaces but I see that no matter what
> > domain I put the interface:
> >
> > # ifconfig wg0 rdomain X
> >
> > It always listens in rdomain 0 (default),
> > is this expected?, is there any way to listen in another rdomain?
> > I want to expose several wg interfaces all listening in same port but
> > there's not option to listen in another ip address:
> >
> >  wgport port
> >  Set the UDP port that the tunnel operates on.  The
> >  interface will
> >  bind to INADDR_ANY and IN6ADDR_ANY_INIT.  If no port is
> >  configured, one will be chosen automatically.
> >
> > I tried creating several wg interfaces with different wgport and using
> > pf udp redirections but source address selection gets very messy...
> >
> > Ideas?
>
> Have a look at "wgrtable" in ifconfig(8) to listen in another rdomain.
>

Thanks, will check that.


>
> However, I'd like to know the reason for wanting multiple interfaces
>


I made the original mail just from memory, but after reviewing the machine
in question I realized that what I really wanted to do was having a single
wg interface listen in several ports

I run on this machine some services that are hard to isolate with pf so I
run them
in another rdomain (nfsd) and was exploring into how to make all this
work + wg


> and why they should be listening on the same port.


I'm worried about extreme firewalls by universities/hotels and such here
(Mexico) that block most ports,
so I just recalled that what I really wanted was having a single wg
interface listen in several of probably
opened ports like:

udp 4500
udp 53  (wanted to listen on udp53 on uplink interface/rdomain because I'm
using udp53 in rdomain 0 for
 internal dns resolver)
udp 123 (ntp)
udp 443 (quic?)


> Perhaps there is
> a better solution than rdomains and pf redirections.
>

Sorry for this poorly described mail, maybe I need some sleep...

Will try to answer this better tomorrow

Thanks for your attention, I left that machine with a very fragile/complex
setup that I'm having
problems understanding right now...


> Cheers,
> Matt
>

Re: wireguard listen in other rdomain?

[Matt Dunwoodie]

On Tue, 11 Aug 2020 17:46:05 -0500
Abel Abraham Camarillo Ojeda  wrote:

> Hi to all,
> 
> (unsure if this if for tech@ or misc@)

Probably better suited for misc, moved there.

> I'm using wireguard interfaces but I see that no matter what
> domain I put the interface:
> 
> # ifconfig wg0 rdomain X
> 
> It always listens in rdomain 0 (default),
> is this expected?, is there any way to listen in another rdomain?
> I want to expose several wg interfaces all listening in same port but
> there's not option to listen in another ip address:
> 
>  wgport port
>  Set the UDP port that the tunnel operates on.  The
>  interface will
>  bind to INADDR_ANY and IN6ADDR_ANY_INIT.  If no port is
>  configured, one will be chosen automatically.
> 
> I tried creating several wg interfaces with different wgport and using
> pf udp redirections but source address selection gets very messy...
> 
> Ideas?

Have a look at "wgrtable" in ifconfig(8) to listen in another rdomain.

However, I'd like to know the reason for wanting multiple interfaces
and why they should be listening on the same port. Perhaps there is
a better solution than rdomains and pf redirections.

Cheers,
Matt