From f078e743c9c36b07a98d7ab433483cfca8ed2e0a Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Tue, 19 May 2020 22:27:50 +0200
Subject: wireguard: T2481: support IPv6 based underlay

---
 interface-definitions/interfaces-wireguard.xml.in | 8 ++++++--
 python/vyos/ifconfig/wireguard.py                 | 2 +-
 src/conf_mode/interfaces-wireguard.py             | 8 +++++---
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in
index 9db608afb..5894f159d 100644
--- a/interface-definitions/interfaces-wireguard.xml.in
+++ b/interface-definitions/interfaces-wireguard.xml.in
@@ -89,10 +89,14 @@
                   <help>IP address of tunnel remote end</help>
                   <valueHelp>
                     <format>ipv4</format>
-                    <description>IP address to listen for incoming connections</description>
+                    <description>IPv4 address to listen for incoming connections</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>ipv6</format>
+                    <description>IPv6 address to listen for incoming connections</description>
                   </valueHelp>
                   <constraint>
-                    <validator name="ipv4-address"/>
+                    <validator name="ip-address"/>
                   </constraint>
                 </properties>
               </leafNode>
diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py
index fdf5d9347..027b5ea8c 100644
--- a/python/vyos/ifconfig/wireguard.py
+++ b/python/vyos/ifconfig/wireguard.py
@@ -208,7 +208,7 @@ class WireGuardIf(Interface):
             else:
                 cmd += aip
         if self.config['endpoint']:
-            cmd += " endpoint {}".format(self.config['endpoint'])
+            cmd += " endpoint '{}'".format(self.config['endpoint'])
         cmd += " persistent-keepalive {}".format(self.config['keepalive'])
 
         self._cmd(cmd)
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index 820b0a724..97dcf626b 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -25,7 +25,7 @@ from vyos.config import Config
 from vyos.configdict import list_diff
 from vyos.ifconfig import WireGuardIf
 from vyos.util import chown, chmod_750, call
-from vyos.validate import is_member
+from vyos.validate import is_member, is_ipv6
 from vyos import ConfigError
 
 kdir = r'/config/auth/wireguard'
@@ -288,8 +288,10 @@ def apply(wg):
 
         # endpoint
         if peer['address'] and peer['port']:
-            w.config['endpoint'] = '{}:{}'.format(
-                peer['address'], peer['port'])
+            if is_ipv6(peer['address']):
+                w.config['endpoint'] = '[{}]:{}'.format(peer['address'], peer['port'])
+            else:
+                w.config['endpoint'] = '{}:{}'.format(peer['address'], peer['port'])
 
         # persistent-keepalive
         if peer['persistent_keepalive']:
-- 
cgit v1.2.3