summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2018-08-18 08:24:23 +0200
committerGitHub <noreply@github.com>2018-08-18 08:24:23 +0200
commit9a204594dd0ada8d117d37c9ad5f0d4a59ff43fd (patch)
tree7e65fd74b218110844c831f75ac501e0c46e32c7 /src
parent3acb6381bc2a56e70a58b3a19ae817473f8dd5f4 (diff)
parent14f37d3ecbab133b0259de540ae16bd065494dd7 (diff)
downloadvyos-1x-9a204594dd0ada8d117d37c9ad5f0d4a59ff43fd.tar.gz
vyos-1x-9a204594dd0ada8d117d37c9ad5f0d4a59ff43fd.zip
Merge pull request #32 from hagbard-01/current
T783,427
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/wireguard.py42
1 files changed, 38 insertions, 4 deletions
diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py
index 7d52cfe94..e1c076e2a 100755
--- a/src/conf_mode/wireguard.py
+++ b/src/conf_mode/wireguard.py
@@ -116,6 +116,10 @@ def get_config():
if c.exists(cnf + ' peer ' + p + ' endpoint'):
config_data['interfaces'][intfc]['peer'][p]['endpoint'] = c.return_value(cnf + ' peer ' + p + ' endpoint')
+ ### persistent-keepalive
+ if c.exists(cnf + ' peer ' + p + ' persistent-keepalive'):
+ config_data['interfaces'][intfc]['peer'][p]['persistent-keepalive'] = c.return_value(cnf + ' peer ' + p + ' persistent-keepalive')
+
#print (config_data)
return config_data
@@ -135,8 +139,6 @@ def verify(c):
for p in c['interfaces'][i]['peer']:
if not c['interfaces'][i]['peer'][p]['allowed-ips']:
raise ConfigError("allowed-ips required on interface " + i + " for peer " + p)
- if not c['interfaces'][i]['peer'][p]['endpoint']:
- raise ConfigError("endpoint required on interface " + i + " for peer " + p)
### eventually check allowed-ips (if it's an ip and valid CIDR or so)
### endpoint needs to be IP:port
@@ -192,6 +194,30 @@ def apply(c):
for addr in addr_add:
add_addr(intf, addr)
+ ### persistent-keepalive
+ for p in c_eff.list_nodes(intf + ' peer'):
+ val_eff = ""
+ val = ""
+
+ if c_eff.exists_effective(intf + ' peer ' + p + ' persistent-keepalive'):
+ val_eff = c_eff.return_effective_value(intf + ' peer ' + p + ' persistent-keepalive')
+
+ if 'persistent-keepalive' in c['interfaces'][intf]['peer'][p]:
+ val = c['interfaces'][intf]['peer'][p]['persistent-keepalive']
+
+ ### disable keepalive
+ if val_eff and not val:
+ c['interfaces'][intf]['peer'][p]['persistent-keepalive'] = 0
+
+ ### set ne keepalive value
+ if not val_eff and val:
+ c['interfaces'][intf]['peer'][p]['persistent-keepalive'] = val
+
+ ## config == effective config, no change
+ if val_eff == val:
+ del c['interfaces'][intf]['peer'][p]['persistent-keepalive']
+
+ ## wg command call
configure_interface(c,intf)
### ifalias for snmp from description
@@ -205,14 +231,22 @@ def configure_interface(c, intf):
cmd = "wg set " + intf + \
" listen-port " + c['interfaces'][intf]['lport'] + \
" private-key " + pk + \
- " peer " + p + \
- " endpoint " + c['interfaces'][intf]['peer'][p]['endpoint']
+ " peer " + p
cmd += " allowed-ips "
+
for ap in c['interfaces'][intf]['peer'][p]['allowed-ips']:
if ap != c['interfaces'][intf]['peer'][p]['allowed-ips'][-1]:
cmd += ap + ","
else:
cmd += ap
+
+ ## endpoint is only required if wg runs as client
+ if c['interfaces'][intf]['peer'][p]['endpoint']:
+ cmd += " endpoint " + c['interfaces'][intf]['peer'][p]['endpoint']
+
+ if 'persistent-keepalive' in c['interfaces'][intf]['peer'][p]:
+ cmd += " persistent-keepalive " + str( c['interfaces'][intf]['peer'][p]['persistent-keepalive'])
+
sl.syslog(sl.LOG_NOTICE, "sudo " + cmd)
subprocess.call([ 'sudo ' + cmd], shell=True)