bind to specific ip address

[Bryce Allen <bryce@bda.space>]

Hi,

I have run into several wifi networks that block almost all traffic,
allowing only 80/443 and 53. To work around this, I got a second IP
address for my linode server, intending to run ssh on port 80 and
wireguard on 53. This works for ssh, which I set up to bind on port 80
to the new IP only, so it doesn't interfere with nginx on my main IP.

It looks like wireguard doesn't support binding to a specific address?
I understand the security and routing do not require binding to a
specific address, but I think it is useful for scenarios like this.
When I try to bring up the wg interface with ListenPort 53 in my
config, with unbound already running on 53 at other addresses, I get
"RTNETLINK answers: Address already in use\nFailed to bring up
wg-server.". The interface is still created, but the tunnel doesn't
work. I also had to manually delete the interface with "ip link del
wg-server" before I could bring it back up with the config changed back
to the original port.

I'm guessing that doing deep packet inspecion is too expensive /
overkill for a mall wifi, so I do think this workaround of using
port 53 would work. Is this address binding a feature that you would
consider adding to wireguard, or would accept a patch for? Any other
ideas for working around obnoxious firewalls?

Thanks,
Bryce
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard