Port redirection is not applied in the configuration generated by the UI

[adriy-be]

When I change the port redirection in HA, the UI don't take the new port into account. We can change WG_PORT, but there is a mismatch with the HA configured port.

The env variable WG_PORT should not be accessible. The future env variable WG_CONFIG_PORT must be accessible to have a correct configuration in the UI. Follow : https://github.com/wg-easy/wg-easy/pull/1080

[jdeath]

Duplicate of #28

Once a fix is in v14, I will make the change in the addon. For now, roll back to v12 which works correctly with a changed port.

[adriy-be]

@jdeath not sure if that is the same topic. If we change the WG_PORT, there is a mismatch with the HA add-on configuration config.json who as fixed port, if the port change inside the container there is a mismatch. I'm currently run the last version with port redirection configured in HA not with the env variable of the container, that work but I need to manually change the port in my config of WireGuard.

This PR fix this issue. That add an env variable to have a "container" port and a "config" port : https://github.com/wg-easy/wg-easy/pull/1080

[jdeath]

IF you change WG_PORT, can't you also change the port exposed too? In the network configuration section, you can change the udp port. I assume they both need to match.

I guess let me know exactly what you think should change or do a PR and I can review.

[adriy-be]

In my knowledge, you can't change WG_PORT due to this port is fixed in config.json, but you can forward the port in the network part of the add-on. Example of my config, my NAT port is 63934 who is redirect by HA to the container port 51820 who is fixed by config.json

I'm waiting the next version of wg-easy to do a PR. There is the PR about my change in wg-easy : https://github.com/wg-easy/wg-easy/pull/1090 There is your repo with the development container of wg-easy : https://github.com/adriy-be/homeassistant-addons-jdeath/tree/main/wgeasy

So, I'm a beginner with HA add-on, don't hesitate to comment If I do a mistake or if there is a better way to do that.

[jdeath]

??? Just above the screen shot you posted, you can change the change WG_PORT in the CONFIGURATION section. It is the 4th entry down. You need to have it match the port you set in the network tab. It will override the port set in config.json

I am told you need version 12 of the addon, because version 13 of upstream wgeasy has an issue that it does not set the port correctly.

changing the port does not add any real security. Unless you have a conflict, just leave the port as default.

[adriy-be]

That not correct 51820 is fixed in config.json and is the internal container port, the internal container port is WG_PORT and due to it's fixed by the config.json it must not change. 63934 is the exposed port who is remapped to the internal container port (51820)

WWW<---Router--->Exposed Port<---Container--->Internal port

Try this : https://github.com/adriy-be/homeassistant-addons-jdeath/tree/main/wgeasy You could see if you change WG_CONFIG_PORT and change the exposed port in HA, that working fine.

The WG_EASY PR is complete. I waiting to the modification was available in the tag "latest" https://github.com/wg-easy/wg-easy/pull/1090 https://github.com/wg-easy/wg-easy/pkgs/container/wg-easy

There is my full config with comments

[jdeath]

This must be a change in WGEASY v13, because it worked fine changing WG_PORT in earlier versions then making the exposed udp port match. The run.sh updates the environmental variable just fine, even if specified in config.json.

If WG_PORT should not be changed anymore, then remove it from the variables exposed in config.json and run.sh when you do a PR. Also, please update the readme so it is clear what to change. Better yet, just have WG_PORT in the homeassistant config just update WG_PORT_CONFIG environmental variable. Then a user does not have to change anything. I'll reopen until PR complete

[Shiroe93]

There is my full config with comments

this has fixed the issue for me in v14 @jdeath if the WG_port option must not be changed i suggest hiding the option to avoid confusion

[jdeath]

I do not use extra port redirection. Are you saying it works without setting WG_CONFIG_PORT? I can hide that

Ohh. WG_PORT should not be changed? Can you show me a screenshot your working config with redirect? did you change the port in the network settings too?

[Shiroe93]

[adriy-be]

@jdeath thanks for the update. The port is correctly configured in the config.