> On Oct 27, 2020, at 5:33 PM, Pierre Emeriaud <petrus.lt+open...@gmail.com>
> wrote:
>
> Howdy misc@,
>
> I have a fairly complicated setup with lots of interfaces, a couple of
> rdomains etc.
>
> I'd like wireguard to listen only on an IP address, not all. But if my
> understanding of ifconfig(8) is correct, this doesn't seem possible
> currently:
>
> wgport port
> Set the UDP port that the tunnel operates on. _The interface will
> bind to INADDR_ANY and IN6ADDR_ANY_INIT._
>
> I guess this the reason for the following behaviour?
>
> $ doas ifconfig wg0 wgport 53
> ifconfig: SIOCSWG: Address already in use
> (the error message is generic I guess - but confusing imho)
>
> $ netstat -natfinet | grep 53
> tcp 0 0 127.0.0.1.53 *.* LISTEN
> udp 0 0 127.0.0.1.53 *.*
>
> $ netstat -T1 -natfinet | grep 53
> udp 0 0 127.0.0.1.53 *.*
>
> Is there a way to circumvent this restriction? (is there a reason
> behind it maybe?)
>
> thanks
> --
> pierre
>
I wonder if multiple ports, 5053, 5153 (and so on) redirected using pf rdr-to
rules may work? That way you can setup rules like first IP + port 53 redirect
to 5053, second IP + 53 redirect to 5153?
May be worth a shot trying. Not an answer to your question, but as a
workaround for others.
