This is an automated archive.
The original was posted on /r/wireguard by /u/Schwippps on 2024-01-22 08:28:10+00:00.
Hi all,
I have two machines that I need to connect via Wireguard.Due to restrictive Firewall settings on my ISP side (which is totally fine with me), I would like to use pre defined ports on both machines.However once a handshake has been made, wireguard changes the port on one side, which ultimately is blocked. One side runs in a Podman container, but I don’t think that is part of the problem?I will refer as “Native” and “Podman” for the two peers / clients & server.See below my configs:
“Podman”
[Interface]
PrivateKey = ICZPq9iqKYxxxxxxI6B3FAA5hQHI=
Address = 10.0.0.2/32
ListenPort = 51822
[Peer]
PublicKey = KUPIzlIqXYHhxoesvexxxxxxxxxGfOaVixXj4=
Endpoint = 135.125.133.xxx:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
**“Native”**Address = 10.0.0.1/32
SaveConfig = true
PreUp = iptables -t mangle -A PREROUTING -i wg0 -j MARK --set-mark 0x30
PreUp = iptables -t nat -A POSTROUTING ! -o wg0 -m mark --mark 0x30 -j MASQUERADE
PreUp = iptables -t nat -A PREROUTING -p tcp --dport 32400 -j DNAT --to-destination 10.0.0.2:32400
PreUp = iptables -t nat -A PREROUTING -p udp --dport 32400 -j DNAT --to-destination 10.0.0.2:32400
PostDown = iptables -t mangle -D PREROUTING -i wg0 -j MARK --set-mark 0x30
PostDown = iptables -t nat -D POSTROUTING ! -o wg0 -m mark --mark 0x30 -j MASQUERADE
PostDown = iptables -t nat -D PREROUTING -p udp --dport 32400 -j DNAT --to-destination 10.0.0.2:32400
PostDown = iptables -t nat -D PREROUTING -p tcp --dport 32400 -j DNAT --to-destination 10.0.0.2:32400
ListenPort = 51820
FwMark = 0xca6c
PrivateKey = aKl8mnu1Hoxxxxxxxxxn56hHWWNFiv2oRcmnw=
[Peer]
PublicKey = ZgOCElEHQ8j0X7ExxxxxxxKWHe1FMgiUiyQyU=
AllowedIPs = 10.0.0.2/32, 10.0.0.1/32, 10.0.0.0/24
Endpoint = 135.181.143.xxx:51822
Output before handshake:
**“Native”**alfred@Batarang:~$ sudo wg show wg0
interface: wg0
public key: KUPIzlIqXYxxxxxxxQSdlGfOaVixXj4=
private key: (hidden)
listening port: 51820
fwmark: 0xca6c
peer: ZgOCElEHQ8j0X7xxxxxxHe1FMgiUiyQyU=
*endpoint: 135.181.143.xxx:*51822
allowed ips: 10.0.0.2/32, 10.0.0.1/32, 10.0.0.0/24
Output after handshake:
“Native”
interface: wg0
public key: KUPIzlIqXYHhxoexxxxxdlGfOaVixXj4=
private key: (hidden)
listening port: 51820
fwmark: 0xca6c
peer: ZgOCElEHQ8j0X7EJnxxxxxxxxxcKWHe1FMgiUiyQyU=
endpoint: 135.181.143.xxx:52260
allowed ips: 10.0.0.2/32, 10.0.0.1/32, 10.0.0.0/24
transfer: 148 B received, 92 B sent
For whatever reason my port appears to be changing. Do you have any idea why?
Obviously, the changed port is not accessible through my firewall, leading to the fact that wireguard is not working.
You must log in or register to comment.