Wireguard refuses to work with ports other than 443

Hynwell · October 19, 2023, 2:21am

Wireguard отказывается работать не с 443 портом

wireguard only works if enabled:
pritunl set app.server_ssl true
pritunl set app.server_port 443

How can I make it work on other ports?

Since port 80, 443 are busy for me traefik proxy

zach · October 19, 2023, 2:33am

The Pritunl client needs to access the Pritunl web server for the authentication request. If you are using a port different than 443 for the web server run sudo pritunl set app.reverse_proxy false. The ssl option must be true.

Hynwell · October 19, 2023, 8:33am

I just installed pritunl from scratch
received ssl certificate

openvpn and wireguard work

turn it on
sudo pritunl set app.reverse_proxy false
pritunl set app.server_port 8443

and when connecting to wireguard an error appears
Failed to connect to vpn (test-wg)

Hynwell · October 19, 2023, 8:48am

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:27017         0.0.0.0:*               LISTEN      42057/mongod        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      16812/sshd: /usr/sb 
tcp        0      0 127.0.0.1:9756          0.0.0.0:*               LISTEN      38016/python3       
tcp6       0      0 :::80                   :::*                    LISTEN      43201/pritunl-web   
tcp6       0      0 :::22                   :::*                    LISTEN      16812/sshd: /usr/sb 
tcp6       0      0 :::8443                 :::*                    LISTEN      43201/pritunl-web   
udp        0      0 0.0.0.0:15776           0.0.0.0:*                           42980/openvpn       
udp        0      0 0.0.0.0:16000           0.0.0.0:*                           -                   
udp6       0      0 :::16000                :::*                                -     ~~~

Hynwell · October 20, 2023, 10:23am

how can this problem be solved?

zach · October 25, 2023, 10:36am

This configuration also requires the sync address to be set in the advanced host settings. This option is only shown in the hosts tab with an enterprise subscription. Without this it will use the IP address from the OpenVPN remotes which doesn’t have the web server port.

vitexeon · October 25, 2023, 11:16am

The same mistake. How to make Pritunl WireGuard work not on port 443 ?
How to separate the Pritunl GUI from WireGuard authentication.

PS
as I understand it, this is a very frequent request from Pritunl users, since many do not want to expose port 443 to the outside, or he is busy with his software… Can you make a separate configuration in Pritunl so that it can be configured immediately in the Pritunl web interface??

zach · October 25, 2023, 11:20am

I did check the code for this and it will only work with the sync address configured which is an advanced setting in the host options. It’s not recommended to run the server on a different port. The WireGuard design reused the existing OpenVPN remotes which don’t specify the web server port. These are overridden when the sync address is configured but this option requires an enterprise subscription.

Hynwell · October 26, 2023, 10:12am

Specified parameters:
pritunl set app.reverse_proxy true
pritunl set app.redirect_server false
pritunl set app.server_ssl false

And also in the hosts section, in the server settings in the Sync Address parameter ma.domain:another_port
And everything worked, thanks everyone for your attention!