Page MenuHomeVyOS Platform

Wireguard port 53 not allowed
Closed, ResolvedPublicBUG

Description

I have been unable to host a wireguard VPN server on port 53 due to an error on VyOS
I assume it is a problem with some of the python scripting. I have tried this on multiple rolling releases.

Here is output when i try:

maltahl@vyosvultr# set interfaces wireguard wg1 port 53
[edit]
maltahl@vyosvultr# comp
[edit interfaces wireguard wg1]
>port 53
[edit]
maltahl@vyosvultr# commit;save
[ interfaces wireguard wg1 ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Make sure you are running the latest version of the code available at
  https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso
- Consult the forum to see how to handle this issue
  https://forum.vyos.io
- Join our community on slack where our users exchange help and advice
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
  business policy requires it)
- and include all the information presented below

Report Time:      2020-09-08 12:19:03
Image Version:    VyOS 1.3-rolling-202006151642
Release Train:    equuleus

Built by:         root@4227000955df
Built on:         Mon 15 Jun 2020 16:42 UTC
Build UUID:       55c4dd47-e1ae-4723-9048-eac77bdabc4c
Build Commit ID:  1dfa9a3c7cce72

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    640cf4a7-15d7-4067-9e88-6a8a59b57849

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces-wireguard.py", line 327, in <modu                                                                                                                                                                                                                                             le>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces-wireguard.py", line 311, in apply
    w.update()
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/wireguard.py", line 214, in                                                                                                                                                                                                                                              update
    self._cmd(cmd)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 48, in _c                                                                                                                                                                                                                                             md
    return cmd(command, self.debug)
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 178, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: wg set wg1 listen-port 53 fwma                                                                                                                                                                                                                                             rk 0 private-key /config/auth/wireguard/default/private.key peer sgWn5vj1F6/epbh                                                                                                                                                                                                                                             uoxxycqBokwUU4SPEhx85c/lx0i4=  preshared-key /dev/null  allowed-ips 0.0.0.0/0,fd                                                                                                                                                                                                                                             42:42:42::2/128 persistent-keepalive 0
returned:
exit code: 1

noteworthy:
cmd 'wg set wg1 listen-port 53 fwmark 0 private-key /config/auth/wireguard/defau                                                                                                                                                                                                                                             lt/private.key peer sgWn5vj1F6/epbhuoxxycqBokwUU4SPEhx85c/lx0i4=  preshared-key                                                                                                                                                                                                                                              /dev/null  allowed-ips 0.0.0.0/0,fd42:42:42::2/128 persistent-keepalive 0'
returned (out):

returned (err):
Unable to modify interface: Address already in use

[[interfaces wireguard wg1]] failed
Commit failed

Total config i want to use:

set interfaces wireguard wg1 address '10.0.190.1/32'
set interfaces wireguard wg1 address 'fd42:42:42::1/128'
set interfaces wireguard wg1 description 'mobile-access'
set interfaces wireguard wg1 peer mobile allowed-ips '10.0.190.2/32'
set interfaces wireguard wg1 peer mobile allowed-ips 'fd42:42:42::2/128'
set interfaces wireguard wg1 peer mobile pubkey 'sgWn5vj1F6/epbhuoxxycqBokwUU4SPEhx85c/lx0i4='
set interfaces wireguard wg1 port '53'
set protocols static interface-route 10.0.190.0/24 next-hop-interface wg1
set protocols static interface-route6 fd42:42:42::/64 next-hop-interface wg1

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3-rolling-202006151642
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

@Maltahl try the latest rolling release.

vyos@r1-roll# set interfaces wireguard wg1 address '10.0.190.1/32'
[edit]
vyos@r1-roll# set interfaces wireguard wg1 address 'fd42:42:42::1/128'
[edit]
vyos@r1-roll# set interfaces wireguard wg1 description 'mobile-access'
[edit]
vyos@r1-roll# set interfaces wireguard wg1 peer mobile allowed-ips '10.0.190.2/32'
[edit]
vyos@r1-roll# set interfaces wireguard wg1 peer mobile allowed-ips 'fd42:42:42::2/128'
[edit]
vyos@r1-roll# set interfaces wireguard wg1 peer mobile pubkey 'sgWn5vj1F6/epbhuoxxycqBokwUU4SPEhx85c/lx0i4='
[edit]
vyos@r1-roll# set interfaces wireguard wg1 port '53'
[edit]
vyos@r1-roll# commit
[edit]
vyos@r1-roll# 
[edit]
vyos@r1-roll# 
[edit]
vyos@r1-roll# run show version 

Version:          VyOS 1.3-rolling-202009080118

Latest rolling has this fixed. Thanks Viacheslav.