I have a wireguard site to site between to netgate devices.
For this i followed the guide of “Christian McDonald” https://www.youtube.com/watch?v=2oe7rTMFmqc
The strange thing is that the connection is working without opening the UDP port on the WAN site’s.
Is pfsense opening this ports automatic?
I build a test setup in xcp-ng and here is see the same behavior?
[2.7.2-RELEASE][admin@pfSense1.home.arpa]/root: netstat -an
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 44 192.168.195.126.22 192.168.198.108.52731 ESTABLISHED
tcp4 0 0 127.0.0.1.953 *.* LISTEN
tcp4 0 0 *.53 *.* LISTEN
tcp6 0 0 *.80 *.* LISTEN
tcp4 0 0 *.80 *.* LISTEN
tcp6 0 0 *.443 *.* LISTEN
tcp4 0 0 *.443 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
udp4 0 0 192.168.50.1.67 *.*
udp4 0 0 *.53 *.*
udp6 0 0 *.51820 *.*
udp4 0 0 *.51820 *.*
udp6 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.514 *.*
udp6 0 0 *.514 *.*
udp4 0 0 10.100.91.0.123 *.*
udp4 0 0 192.168.50.1.123 *.*
udp6 0 0 fe80::b83e:d2ff:.123 *.*
udp4 0 0 192.168.195.126.123 *.*
udp6 0 0 fe80::9c5f:1ff:f.123 *.*
udp4 0 0 127.0.0.1.123 *.*
udp6 0 0 fe80::1%lo0.123 *.*
udp6 0 0 ::1.123 *.*
udp4 0 0 *.123 *.*
udp6 0 0 *.123 *.*
udp6 0 0 *.* *.*
udp4 0 0 *.* *.*
[2.7.2-RELEASE][admin@pfSense1.home.arpa]/root: sockstat -l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root sleep 52160 8 stream /var/run/php-fpm.socket
root sleep 52160 12 stream /var/run/php-fpm.socket
root sshd 93373 6 stream (not connected)
root kea-dhcp4 67214 8 stream /var/run/php-fpm.socket
root kea-dhcp4 67214 12 stream /var/run/php-fpm.socket
root kea-dhcp4 67214 19 stream /tmp/kea4-ctrl-socket
root kea-dhcp4 67214 22 udp4 192.168.50.1:67 *:*
unbound unbound 64284 3 udp4 *:53 *:*
unbound unbound 64284 4 tcp4 *:53 *:*
unbound unbound 64284 5 tcp4 127.0.0.1:953 *:*
unbound unbound 64284 8 stream /var/run/php-fpm.socket
unbound unbound 64284 12 stream /var/run/php-fpm.socket
root php-fpm 98463 3 dgram (not connected)
root php-fpm 98463 4 udp4 *:* *:*
root php-fpm 98463 5 udp6 *:* *:*
root php-fpm 98463 12 stream /var/run/php-fpm.socket
root dpinger 68005 6 stream /var/run/dpinger_wireguard_test~10.100.91.0~10.100.91.1.sock
root dpinger 68005 8 stream /var/run/php-fpm.socket
root dpinger 68005 12 stream /var/run/php-fpm.socket
root dpinger 67528 6 stream /var/run/dpinger_WAN_DHCP~192.168.195.126~192.168.195.1.sock
root dpinger 67528 8 stream /var/run/php-fpm.socket
root dpinger 67528 12 stream /var/run/php-fpm.socket
root php_wg 60567 3 dgram (not connected)
root php_wg 60567 4 udp4 *:* *:*
root php_wg 60567 5 udp6 *:* *:*
root php_wg 60567 8 stream /var/run/php-fpm.socket
root php_wg 60567 12 stream /var/run/php-fpm.socket
root sh 8058 8 stream /var/run/php-fpm.socket
root sh 8058 12 stream /var/run/php-fpm.socket
root syslogd 82628 6 dgram /var/dhcpd/var/run/log
root syslogd 82628 7 udp6 *:514 *:*
root syslogd 82628 9 udp4 *:514 *:*
root syslogd 82628 10 dgram /var/run/log <-
root syslogd 82628 11 dgram /var/run/logpriv
root nginx 87090 5 tcp4 *:443 *:*
root nginx 87090 6 tcp6 *:443 *:*
root nginx 87090 7 tcp4 *:80 *:*
root nginx 87090 9 tcp6 *:80 *:*
root nginx 86845 5 tcp4 *:443 *:*
root nginx 86845 6 tcp6 *:443 *:*
root nginx 86845 7 tcp4 *:80 *:*
root nginx 86845 9 tcp6 *:80 *:*
root nginx 86666 5 tcp4 *:443 *:*
root nginx 86666 6 tcp6 *:443 *:*
root nginx 86666 7 tcp4 *:80 *:*
root nginx 86666 9 tcp6 *:80 *:*
root ntpd 70997 20 udp6 *:123 *:*
root ntpd 70997 21 udp4 *:123 *:*
root ntpd 70997 22 udp6 ::1:123 *:*
root ntpd 70997 23 udp6 fe80::1%lo0:123 *:*
root ntpd 70997 24 udp4 127.0.0.1:123 *:*
root ntpd 70997 25 udp6 fe80::9c5f:1ff:fe6a:8322%xn0:123 *:*
root ntpd 70997 26 udp4 192.168.195.126:123 *:*
root ntpd 70997 27 udp6 fe80::b83e:d2ff:fe81:305d%xn1:123 *:*
root ntpd 70997 28 udp4 192.168.50.1:123 *:*
root ntpd 70997 29 udp4 10.100.91.0:123 *:*
root sshd 79353 3 tcp6 *:22 *:*
root sshd 79353 4 tcp4 *:22 *:*
root devd 1590 4 stream /var/run/devd.pipe
root devd 1590 5 seqpac /var/run/devd.seqpacket.pipe
root check_relo 432 3 stream /var/run/check_reload_status
root php-fpm 401 3 dgram (not connected)
root php-fpm 401 4 udp4 *:* *:*
root php-fpm 401 5 udp6 *:* *:*
root php-fpm 401 12 stream /var/run/php-fpm.socket
root php-fpm 400 3 dgram (not connected)
root php-fpm 400 4 udp4 *:* *:*
root php-fpm 400 5 udp6 *:* *:*
root php-fpm 400 12 stream /var/run/php-fpm.socket
root php-fpm 399 3 dgram (not connected)
root php-fpm 399 4 udp4 *:* *:*
root php-fpm 399 5 udp6 *:* *:*
root php-fpm 399 11 stream /var/run/php-fpm.socket
? ? ? ? udp6 *:51820 *:*
? ? ? ? udp4 *:51820 *:*