diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-09-17 20:36:22 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2022-09-17 21:10:04 +0200 |
commit | 99b63a1eb5a4441aba4bd0c8908007450ceb7d1c (patch) | |
tree | cfc0fcd81bb5d589b2ed105646f4fc81a2509d96 /python/vyos/configverify.py | |
parent | 435016fdb353b79577c40baa23af8e01fcadd098 (diff) | |
download | vyos-1x-99b63a1eb5a4441aba4bd0c8908007450ceb7d1c.tar.gz vyos-1x-99b63a1eb5a4441aba4bd0c8908007450ceb7d1c.zip |
wireguard: T4702: actively revoke peer if it gets disabled
When any configured peer is set to `disable` while the Wireguard tunnel is up
and running it does not get actively revoked and removed. This poses a security
risk as connections keep beeing alive.
Whenever any parameter of a peer changes we actively remove the peer and fully
recreate it on the fly.
(cherry picked from commit a4feb96af9ac45aff41ded1744cf302b5c5a9e7e)
Diffstat (limited to 'python/vyos/configverify.py')
0 files changed, 0 insertions, 0 deletions