Hi,
I've configured a Wireguard server on my Flint 2 router running 4.6.4. When running a ShieldsUp port probe on 51820 it appears as closed when the server is on and stealth when the server is off. From my limited understanding the Wireguard server shouldn't be visible at all unless it receives the correct keys.
Is this correct behaviour? If not, what settings would I need to change to fix this?
Thanks
Can you show a screenshot of luci and their firewall zones?
Please also include the global rules.
On my own openwrt (not gl-inets), i have input to drop and forwarding to reject for global but also for wan and for wgserver input to accept.
As to your question, it is incorrect wireguard should be stealth if the firewall uses drop instead of reject, reject means it shows its blocked by a fw, drop however gives a time out and don't make a user aware it's a block.
Try setting input to drop on general settings 
Edit:
Also i did a look to a traffic rule: allow_wgserver set this one to protocol udp only.
If tcp was set or icmp aswell it could still reply with a icmp reply that it was unreachable this is what the scanner sees, wireguard only uses udp thus does not doing the replying 
Stealth does not exist speaking of ports.
| • | Open: A service is actively listening on the port, and it responds to connection attempts. | |
|---|---|---|
| • | Closed: The port exists, but no service is actively listening, so the system responds with a “closed” message. | |
| • | Stealth: The system does not respond to the probe at all. This could be because a firewall is blocking the traffic or dropping the probe without acknowledgment. |
So I assume the device replied via ping as long as WireGuard is enabled?
Anyway: Nothing you should worry about. It won't tell someone anything.
Thanks for the help, it appears that it's caused by the allow_wgserver rule defaulting to udp and tcp as @xize11 said. Changing that rule to udp only still allows me to connect to the server but still appears as stealth according to ShieldsUp . Turning the Wireguard server on and off again resets this though so it seems a bit irritating.
Cheers!
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.
