ListenPort for ASUSWRT-Merlin WireGuard -Clients-?

[dionhouston]

Hello everyone,

Environment: ASUS RT-AX88U, current firmware (388.9_2)

First kudos on the people that fixed the old WireGuard clashes with NAT Acceleration. I'm glad that's history. I use WireGuard between my Mom's network, and my home network, and previously was using separate devices for that purpose due to the bug.

Question: I think everyone knows that there is no difference between a WireGuard server and a client, as they are all peers. Under my former set up, I set endpoints at both locations, so they are mutually reachable. With a WireGuard "server" I can get the listen port, but then the router wants to control the keys. As a "client" I can connect to my server, which is cool, but there's no way to set the listen port - it appears to be random.

I tried adding NVRAM variables wgc_port and wgc1_port -- neither did anything.

Is this possible to make happen? I know I can go the reverse direction (by making keys), but I'd like my router to be primary on Wireguard connections.

Thanks!

 

[ZebMcKayhan]

Hello everyone,

Environment: ASUS RT-AX88U, current firmware (388.9_2)

First kudos on the people that fixed the old WireGuard clashes with NAT Acceleration. I'm glad that's history. I use WireGuard between my Mom's network, and my home network, and previously was using separate devices for that purpose due to the bug.

Question: I think everyone knows that there is no difference between a WireGuard server and a client, as they are all peers. Under my former set up, I set endpoints at both locations, so they are mutually reachable. With a WireGuard "server" I can get the listen port, but then the router wants to control the keys. As a "client" I can connect to my server, which is cool, but there's no way to set the listen port - it appears to be random.

I tried adding NVRAM variables wgc_port and wgc1_port -- neither did anything.

Is this possible to make happen? I know I can go the reverse direction (by making keys), but I'd like my router to be primary on Wireguard connections.

Thanks!

I think the most straight forward way is to use a server peer and manually adjust the keys and add an endpoint to the peer, like this: https://www.snbforums.com/threads/wireguard-server-tweaks.85758/post-852124

going the other way, using a client and add the listen-port is more complicated. Listen-port is related to [Interface] and not [peer] so it may not be as easy to add afterwards, but it surely is possible, I just don't know how. However, just adding the Listen-port directive would not be enough. you would also need to open the firewall to let these packets in. On top of that you will need to manage VPNDirector to your new site and circumvent any routing issues that may come with this.
This is all very possible, but would it be worth all this work?