diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-07-19 19:25:48 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-19 19:25:48 +0200 |
commit | a2e708384f1e1136016ceb7c45494a9a3ddaeb49 (patch) | |
tree | 4ee54246820dacee33eba93504f83ae5f962025a /python/vyos | |
parent | 02043297db68d45b2ca398486cc119d1c103e68c (diff) | |
parent | c96c3ea2ed672394b04fcae924d351565ec9dc6c (diff) | |
download | vyos-1x-a2e708384f1e1136016ceb7c45494a9a3ddaeb49.tar.gz vyos-1x-a2e708384f1e1136016ceb7c45494a9a3ddaeb49.zip |
Merge pull request #929 from sarthurdev/pki_wg
pki: wireguard: T3642: Migrate Wireguard private key directly into CLI
Diffstat (limited to 'python/vyos')
-rw-r--r-- | python/vyos/ifconfig/wireguard.py | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py index e5b9c4408..c4cf2fbbf 100644 --- a/python/vyos/ifconfig/wireguard.py +++ b/python/vyos/ifconfig/wireguard.py @@ -95,7 +95,7 @@ class WireGuardOperational(Operational): for peer in c.list_effective_nodes(["peer"]): if wgdump['peers']: - pubkey = c.return_effective_value(["peer", peer, "pubkey"]) + pubkey = c.return_effective_value(["peer", peer, "public_key"]) if pubkey in wgdump['peers']: wgpeer = wgdump['peers'][pubkey] @@ -194,11 +194,15 @@ class WireGuardIf(Interface): peer = config['peer_remove'][tmp] peer['ifname'] = config['ifname'] - cmd = 'wg set {ifname} peer {pubkey} remove' + cmd = 'wg set {ifname} peer {public_key} remove' self._cmd(cmd.format(**peer)) + config['private_key_file'] = '/tmp/tmp.wireguard.key' + with open(config['private_key_file'], 'w') as f: + f.write(config['private_key']) + # Wireguard base command is identical for every peer - base_cmd = 'wg set {ifname} private-key {private_key}' + base_cmd = 'wg set {ifname} private-key {private_key_file}' if 'port' in config: base_cmd += ' listen-port {port}' if 'fwmark' in config: @@ -210,7 +214,7 @@ class WireGuardIf(Interface): peer = config['peer'][tmp] # start of with a fresh 'wg' command - cmd = base_cmd + ' peer {pubkey}' + cmd = base_cmd + ' peer {public_key}' # If no PSK is given remove it by using /dev/null - passing keys via # the shell (usually bash) is considered insecure, thus we use a file |