Hey all,
How can I specify which WireGuard UDP port each node should listen on (and advertise to peers)?
I’ve got 3 nodes sharing one IP address behind a NAT and 6 nodes sharing another IP address behind a NAT, so they can’t all listen on 51194.
Apologies if this is documented somewhere - I did search the docs but didn’t find an answer.
All nodes run Ubuntu 22.04.
Thanks!
xpost answer from Reddit:
you can launch tailscaled --port 1234 for each client, or set the PORT line in /etc/default/tailscaled and restart the service. By default it will listen on port 41641, but will try to negotiate a direct connection via the DERP network on connect.
So unless you’re doing a 1:1 port:host map in your router, I’d suggest trying with the default settings before making any manual changes. Depending on some of the assumptions of your firewall/NAT system, it may “just work” out of the box.
You can test by using tailscale ping 100.x.y.z to another node. The first couple of packets will relay, but it should switch to a direct connection before the 10 packet timeout.
Thank you.
tailscale ping was able to find direct routes between my nodes without requiring me to manually set the UDP port.
Despite this, I did need to manually set the UDP port to get (what appears to be) a fully-working Kubernetes install.