diff --git a/deploy/.env.example b/deploy/.env.example
index 282575a..59b301c 100644
--- a/deploy/.env.example
+++ b/deploy/.env.example
@@ -10,7 +10,8 @@ ACCESS_TOKEN_TTL_SECONDS=900
 REFRESH_TOKEN_TTL_SECONDS=2592000
 DEFAULT_DNS_SERVERS=10.20.0.53
 DEFAULT_VPN_CIDR=100.96.0.0/24
-DEFAULT_GATEWAY_ENDPOINT=vpn.example.com:51820
+GATEWAY_UDP_PORT=51900
+DEFAULT_GATEWAY_ENDPOINT=vpn.example.com:51900
 DEFAULT_GATEWAY_PUBLIC_KEY=replace-me
 GATEWAY_BOOTSTRAP_TOKEN=nexavpn-gateway-bootstrap
 NEXAVPN_GATEWAY_ID=
diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml
index c147b1e..be7775a 100644
--- a/deploy/docker-compose.yml
+++ b/deploy/docker-compose.yml
@@ -80,13 +80,16 @@ services:
       - /dev/net/tun:/dev/net/tun
     extra_hosts:
       - "host.docker.internal:host-gateway"
+    ports:
+      - "${GATEWAY_UDP_PORT:-51900}:${GATEWAY_UDP_PORT:-51900}/udp"
     environment:
       GATEWAY_BOOTSTRAP_TOKEN: ${GATEWAY_BOOTSTRAP_TOKEN:-nexavpn-gateway-bootstrap}
       NEXAVPN_GATEWAY_ID: ${NEXAVPN_GATEWAY_ID:-}
       NEXAVPN_GATEWAY_NAME: ${NEXAVPN_GATEWAY_NAME:-primary-gateway}
+      NEXAVPN_GATEWAY_LISTEN_PORT: ${GATEWAY_UDP_PORT:-51900}
       NEXAVPN_GATEWAY_SYNC_URL: ${NEXAVPN_GATEWAY_SYNC_URL:-http://host.docker.internal:8080/api/v1/gateway-agent}
       NEXAVPN_GATEWAY_BOOTSTRAP_URL: ${NEXAVPN_GATEWAY_BOOTSTRAP_URL:-http://host.docker.internal:8080/api/v1/gateway-agent/bootstrap}
-      DEFAULT_GATEWAY_ENDPOINT: ${DEFAULT_GATEWAY_ENDPOINT:-localhost:51820}
+      DEFAULT_GATEWAY_ENDPOINT: ${DEFAULT_GATEWAY_ENDPOINT:-localhost:${GATEWAY_UDP_PORT:-51900}}
       DEFAULT_VPN_CIDR: ${DEFAULT_VPN_CIDR:-100.96.0.0/24}
       NEXAVPN_API_TOKEN: ${NEXAVPN_API_TOKEN:-}
       NEXAVPN_GATEWAY_PRIVATE_KEY: ${NEXAVPN_GATEWAY_PRIVATE_KEY:-}
diff --git a/deploy/scripts/gateway-entrypoint.sh b/deploy/scripts/gateway-entrypoint.sh
index 1a5cf00..586946a 100644
--- a/deploy/scripts/gateway-entrypoint.sh
+++ b/deploy/scripts/gateway-entrypoint.sh
@@ -8,6 +8,7 @@ IFACE="${NEXAVPN_GATEWAY_INTERFACE:-wg0}"
 UPLINK_IFACE="${NEXAVPN_UPLINK_INTERFACE:-eth0}"
 ENABLE_MASQUERADE="${NEXAVPN_ENABLE_MASQUERADE:-true}"
 GATEWAY_NAME="${NEXAVPN_GATEWAY_NAME:-primary-gateway}"
+GATEWAY_LISTEN_PORT="${NEXAVPN_GATEWAY_LISTEN_PORT:-51900}"
 BOOTSTRAP_URL="${NEXAVPN_GATEWAY_BOOTSTRAP_URL:-http://backend:8080/api/v1/gateway-agent/bootstrap}"
 SYNC_BASE_URL="${NEXAVPN_GATEWAY_SYNC_URL:-http://backend:8080/api/v1/gateway-agent}"
 GATEWAY_ID_FILE="/var/lib/nexavpn/gateway-id"
@@ -39,7 +40,7 @@ bootstrap_gateway() {
   BOOTSTRAP_RESPONSE="$(curl -fsSL \
     -H "Content-Type: application/json" \
     -H "X-Gateway-Bootstrap-Token: ${GATEWAY_BOOTSTRAP_TOKEN}" \
-    -d "{\"name\":\"${GATEWAY_NAME}\",\"endpoint\":\"${DEFAULT_GATEWAY_ENDPOINT:-localhost:51820}\",\"public_key\":\"${GATEWAY_PUBLIC_KEY}\",\"listen_port\":51820,\"vpn_cidr\":\"${DEFAULT_VPN_CIDR:-100.96.0.0/24}\",\"dns_servers\":[\"10.20.0.53\"]}" \
+    -d "{\"name\":\"${GATEWAY_NAME}\",\"endpoint\":\"${DEFAULT_GATEWAY_ENDPOINT:-localhost:${GATEWAY_LISTEN_PORT}}\",\"public_key\":\"${GATEWAY_PUBLIC_KEY}\",\"listen_port\":${GATEWAY_LISTEN_PORT},\"vpn_cidr\":\"${DEFAULT_VPN_CIDR:-100.96.0.0/24}\",\"dns_servers\":[\"10.20.0.53\"]}" \
     "${BOOTSTRAP_URL}")"
   NEXAVPN_GATEWAY_ID="$(printf '%s' "${BOOTSTRAP_RESPONSE}" | jq -r '.id')"
   if [ -z "${NEXAVPN_GATEWAY_ID:-}" ] || [ "${NEXAVPN_GATEWAY_ID}" = "null" ]; then