diff --git a/security/tor/src/opnsense/mvc/app/models/OPNsense/Tor/General.xml b/security/tor/src/opnsense/mvc/app/models/OPNsense/Tor/General.xml
index 3949a1531..a7c4788bc 100644
--- a/security/tor/src/opnsense/mvc/app/models/OPNsense/Tor/General.xml
+++ b/security/tor/src/opnsense/mvc/app/models/OPNsense/Tor/General.xml
@@ -19,7 +19,7 @@
     </socks_listen_port>
     <control_port type="IntegerField">
       <default>9051</default>
-      <MinimumValue>0</MinimumValue>
+      <MinimumValue>1</MinimumValue>
       <Required>N</Required>
       <MaximumValue>65535</MaximumValue>
       <ValidationMessage>A valid Port number must be specified.</ValidationMessage>
diff --git a/security/tor/src/opnsense/scripts/tor/tor_diag b/security/tor/src/opnsense/scripts/tor/tor_diag
index 65c2c0765..266644ce0 100755
--- a/security/tor/src/opnsense/scripts/tor/tor_diag
+++ b/security/tor/src/opnsense/scripts/tor/tor_diag
@@ -36,11 +36,23 @@ $TOR_DEBUG = false
 
 config = REXML::Document.new(File.new("/conf/config.xml"))
 $TOR_PASSWORD = config.elements['opnsense/OPNsense/tor/general/control_port_password'].text
+$TOR_CONTROL_PORT = 9051
+if port = config.elements['opnsense/OPNsense/tor/general/control_port']&.text&.to_i
+  if port > 0
+    $TOR_CONTROL_PORT = port
+  else
+    puts '{"error":"invalid control port found"}'
+    exit
+  end
+else
+  puts '{"error":"no control port found"}'
+  exit
+end
 
 class TorCTL
 
   def initialize
-    @tor = TCPSocket.new("127.0.0.1", 9051)
+    @tor = TCPSocket.new("127.0.0.1", $TOR_CONTROL_PORT)
     send_query("AUTHENTICATE \"#{$TOR_PASSWORD}\"")
   end