Can't set interface listen port without wireguard_endpoint being defined

[semoog]

The recent changes to the config template, namely adding a condition linking ListenPort to wireguard_endpoint have broken the ability to set a port on the interface without an endpoint defined. On 17.1.0 we get a random port assigned by WG every time, because the portion of the template setting up ListenPort never gets rendered. Server interfaces don't need endpoints configured - only the client peers need to specify endpoints to know where to connect, so this condition doesn't match WireGuard's actual requirements.

Change was merged in with 17.1.0 - #101 /
https://github.com/githubixx/ansible-role-wireguard/pull/102/files

https://github.com/githubixx/ansible-role-wireguard/blob/master/templates/etc/wireguard/wg.conf.j2#L18-L20:

[Interface]
...
{% if wireguard_endpoint is defined and wireguard_endpoint != "" %}
ListenPort = {{ wireguard_port }}
{% endif %}

Note that this is on the interface, not the peer. This functionality works as expected on 17.0.0 prior to the changes above.

[srigi]

+1 to this one. It shot me into the foot multiple times now. It should be fixed that port configuration is always rendered into config if it is specified in the yaml.

[githubixx]

So what do you suggest? For some people #102 solved a problem. Just reverting the PR might also not be an option.

[hp197]

So what do you suggest? For some people #102 solved a problem. Just reverting the PR might also not be an option.

That is something else I think. That issue is about peers, this issue is about the interface block.
The request is valid. To have wireguard passivly listening (vpn server), you should define the ListPort without a endpoint.

As a ugly hack, i currently misused the saveconfig var:

wireguard_save_config: |
  true
  ListenPort = 51820