summaryrefslogtreecommitdiff
path: root/python/vyos
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-07-19 19:25:48 +0200
committerGitHub <noreply@github.com>2021-07-19 19:25:48 +0200
commita2e708384f1e1136016ceb7c45494a9a3ddaeb49 (patch)
tree4ee54246820dacee33eba93504f83ae5f962025a /python/vyos
parent02043297db68d45b2ca398486cc119d1c103e68c (diff)
parentc96c3ea2ed672394b04fcae924d351565ec9dc6c (diff)
downloadvyos-1x-a2e708384f1e1136016ceb7c45494a9a3ddaeb49.tar.gz
vyos-1x-a2e708384f1e1136016ceb7c45494a9a3ddaeb49.zip
Merge pull request #929 from sarthurdev/pki_wg
pki: wireguard: T3642: Migrate Wireguard private key directly into CLI
Diffstat (limited to 'python/vyos')
-rw-r--r--python/vyos/ifconfig/wireguard.py12
1 files changed, 8 insertions, 4 deletions
diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py
index e5b9c4408..c4cf2fbbf 100644
--- a/python/vyos/ifconfig/wireguard.py
+++ b/python/vyos/ifconfig/wireguard.py
@@ -95,7 +95,7 @@ class WireGuardOperational(Operational):
for peer in c.list_effective_nodes(["peer"]):
if wgdump['peers']:
- pubkey = c.return_effective_value(["peer", peer, "pubkey"])
+ pubkey = c.return_effective_value(["peer", peer, "public_key"])
if pubkey in wgdump['peers']:
wgpeer = wgdump['peers'][pubkey]
@@ -194,11 +194,15 @@ class WireGuardIf(Interface):
peer = config['peer_remove'][tmp]
peer['ifname'] = config['ifname']
- cmd = 'wg set {ifname} peer {pubkey} remove'
+ cmd = 'wg set {ifname} peer {public_key} remove'
self._cmd(cmd.format(**peer))
+ config['private_key_file'] = '/tmp/tmp.wireguard.key'
+ with open(config['private_key_file'], 'w') as f:
+ f.write(config['private_key'])
+
# Wireguard base command is identical for every peer
- base_cmd = 'wg set {ifname} private-key {private_key}'
+ base_cmd = 'wg set {ifname} private-key {private_key_file}'
if 'port' in config:
base_cmd += ' listen-port {port}'
if 'fwmark' in config:
@@ -210,7 +214,7 @@ class WireGuardIf(Interface):
peer = config['peer'][tmp]
# start of with a fresh 'wg' command
- cmd = base_cmd + ' peer {pubkey}'
+ cmd = base_cmd + ' peer {public_key}'
# If no PSK is given remove it by using /dev/null - passing keys via
# the shell (usually bash) is considered insecure, thus we use a file