[BUG] Incorrect ListenPort in Peer Config

[SpongeManiac]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

When using a non-standard port for WireGuard's SERVERPORT=***** environment variable, peer configs still use the default WireGuard port (51820) for the ListenPort despite the environment variable being set.

Expected Behavior

Peer configs have the correct port for ListenPort when specifying SERVERPORT=*****

Steps To Reproduce

When running this docker image with the following environment variables, generated peer configs do not have the correct port in ListenPort

Docker Compose:

services:
  wireguard:
    image: linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000 # Adjust to your user ID
      - PGID=1000 # Adjust to your group ID
      - TZ=America/Denver # Set your timezone
      - SERVERURL=myserver.com # Your domain or public IP
      - SERVERPORT=44444 # WireGuard port
      - PEERS=10 # Number of client configs to generate (WILL OVERWRITE EXISTING CONFIG)
      - PEERDNS=172.18.0.2 # DNS for the peers (auto uses WireGuard default)
      - INTERNAL_SUBNET=192.168.2.0/24 # Internal subnet for WireGuard
      - ALLOWEDIPS=0.0.0.0/0
    volumes:
      - /home/portainer/volumes/wireguard:/config # Config directory for WireGuard
      - /lib/modules:/lib/modules # Required for kernel modules
    ports:
      - 44444:44444/udp # WireGuard UDP port
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1 # Required for routing
      - net.ipv4.ip_forward=1
    restart: unless-stopped
    networks:
      - web

  dns:
    container_name: dns
    restart: unless-stopped
    image: strm/dnsmasq
    volumes:
      - /home/portainer/volumes/dnsmasq/dnsmasq.conf:/etc/dnsmasq.conf
    cap_add:
      - NET_ADMIN
    networks:
      web:
        ipv4_address: 172.18.0.2

networks:
  web:
    external: true
    name: web

Generated Config:

[Interface]
Address = 192.168.2.2
PrivateKey = [Redacted]
ListenPort = 51820
DNS = 172.18.0.2

[Peer]
PublicKey = [Redacted]
PresharedKey = [Redacted]
Endpoint = myserver.com:44444
AllowedIPs = 0.0.0.0/0

Environment

- OS: Ubuntu 24.04 LTS x86_64
- How docker service was installed: Following official documentation (Add repository and install via `apt`)

CPU architecture

x86-64

Docker creation

docker compose up -d

Container logs

[migrations] started
[migrations] no migrations found
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝

   Brought to you by linuxserver.io
───────────────────────────────────────

To support the app dev(s) visit:
WireGuard: https://www.wireguard.com/donations/

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    1000
User GID:    1000
───────────────────────────────────────
Linuxserver.io version: 1.0.20210914-r4-ls64
Build-date: 2025-01-16T11:23:44+00:00
───────────────────────────────────────

Uname info: Linux d16dee3af89a 6.8.0-51-generic #52-Ubuntu SMP PREEMPT_DYNAMIC Thu Dec  5 13:09:44 UTC 2024 x86_64 GNU/Linux
**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****
**** As the wireguard module is already active you can remove the SYS_MODULE capability from your container run/compose. ****
****     If your host does not automatically load the iptables module, you may still need the SYS_MODULE capability.     ****
**** Server mode is selected ****
**** External server address is set to spiretown.fun ****
**** External server port is set to 44444. Make sure that port is properly forwarded to port 51820 inside this container ****
**** Internal subnet is set to 192.168.2.0/24 ****
**** AllowedIPs for peers 0.0.0.0/0 ****
**** Peer DNS servers will be set to 172.18.0.2 ****
**** Server mode is selected ****
**** No changes to parameters. Existing configs are used. ****
[custom-init] No custom files found, skipping...
.:53
CoreDNS-1.11.3
linux/amd64, go1.21.8,
**** Found WG conf /config/wg_confs/wg0.conf, adding to list ****
**** Activating tunnel /config/wg_confs/wg0.conf ****
Warning: `/config/wg_confs/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 192.168.2.1 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] ip -4 route add 192.168.2.9/32 dev wg0
[#] ip -4 route add 192.168.2.8/32 dev wg0
[#] ip -4 route add 192.168.2.7/32 dev wg0
[#] ip -4 route add 192.168.2.6/32 dev wg0
[#] ip -4 route add 192.168.2.5/32 dev wg0
[#] ip -4 route add 192.168.2.4/32 dev wg0
[#] ip -4 route add 192.168.2.3/32 dev wg0
[#] ip -4 route add 192.168.2.2/32 dev wg0
[#] ip -4 route add 192.168.2.11/32 dev wg0
[#] ip -4 route add 192.168.2.10/32 dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
**** All tunnels are now active ****
[ls.io-init] done.

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[karolisc]

Listening port inside container is hardcoded in templates ListenPort = 51820

try

ports:
  - 44444:51820/udp # WireGuard UDP port

ref:
https://github.com/linuxserver/docker-wireguard/blob/master/root/defaults/server.conf#L3
https://github.com/linuxserver/docker-wireguard/blob/master/root/defaults/peer.conf#L4