WireGuard Dynamic Listen Port Randomization
Plus Target Version:
In CGNAT situations, like failing over to an LTE WAN for instance, it can be problematic to have the listen address on a dynamic endpoint fixed (say at 51820). The Linux implementation incorporates listen port randomization on dynamic peers. Ideally something like this logic: Dynamic client randomly chooses listen port and reaches out to a fixed ip/port peer (call this the "server"). If the dynamic client doesn't receive return packets in a certain amount of time (the persistent keep alive value would be appropriate for this), then the dynamic client will choose another random port and try again. This ensures a best effort to finding an available UDP path.