diff --git a/group_vars/.all.yml.swp b/group_vars/.all.yml.swp
index 0224d05..732ea84 100644
Binary files a/group_vars/.all.yml.swp and b/group_vars/.all.yml.swp differ
diff --git a/group_vars/all.yml b/group_vars/all.yml
index 6a467f8..4ee51c9 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -4,6 +4,10 @@ ip_admin: 192.168.6.7
 mysql_host: "{{ ip_admin }}"
 gateway: 192.168.6.1
 
+wireguard-server:
+  wstunnel-download-url: https://github.com/erebe/wstunnel/releases/download/v10.5.2/wstunnel_10.5.2_linux_amd64.tar.gz
+  internal-port: 51822
+
 wireguard-client:
   ntb:
     ip: 10.0.0.2
diff --git a/playbooks/services/wireguard-cerberus.yml b/playbooks/services/wireguard-cerberus.yml
index ec04778..f59105c 100644
--- a/playbooks/services/wireguard-cerberus.yml
+++ b/playbooks/services/wireguard-cerberus.yml
@@ -3,7 +3,7 @@
   become: true
   vars_files:
     - vault.yml
-    - zeus-vars.yml
+    - all.yml
   tasks:
     - name: wireguard-server
       ansible.builtin.include_role:
diff --git a/roles/wireguard_server/tasks/wstunnel.yml b/roles/wireguard_server/tasks/wstunnel.yml
index 7c943a3..46c97af 100644
--- a/roles/wireguard_server/tasks/wstunnel.yml
+++ b/roles/wireguard_server/tasks/wstunnel.yml
@@ -9,7 +9,7 @@
   block:
     - name: Download and unarchive wstunnel package
       ansible.builtin.unarchive:
-        src: https://github.com/erebe/wstunnel/releases/download/v5.1/wstunnel_5.1_linux_amd64.tar.gz
+        src: "{{ wstunnel-download-url }}"
         dest: /tmp
         remote_src: yes
         creates: /tmp/wstunnel
@@ -38,7 +38,7 @@
       [Service]
       Type=simple
       User=nobody
-      ExecStart=/usr/local/bin/wstunnel -s 127.0.0.1:8080 -t udp://127.0.0.1:51820
+      ExecStart=/usr/local/bin/wstunnel -s 0.0.0.0:8080 -t udp://127.0.0.1:{{ wireguard-server.internal-port }}
       Restart=always
       RestartSec=3
 
diff --git a/roles/wireguard_server/templates/wireguardserver.conf b/roles/wireguard_server/templates/wireguardserver.conf
index 40ebce9..9344cd3 100644
--- a/roles/wireguard_server/templates/wireguardserver.conf
+++ b/roles/wireguard_server/templates/wireguardserver.conf
@@ -3,7 +3,7 @@ PrivateKey = {{ wireguard-server.key }}
 Address=10.0.0.1/24
 PostUp=iptables -A FORWARD -i wireguardserver -o ens18 -j ACCEPT; iptables -A FORWARD -i ens18 -o wireguardserver -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE;
 PostDown=iptables -D FORWARD -i wireguardserver -o ens18 -j ACCEPT; iptables -D FORWARD -i ens18 -o wireguardserver -j ACCEPT; iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE;
-ListenPort=51822
+ListenPort={{ wireguard-server.internal-port }}
 
 {% for user in wireguard %}
 [Peer]