From 39174c079ab5ed824c694b92954b506ffc3dab17 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Wed, 24 Jun 2020 18:53:02 +0200
Subject: wireguard: T2632: add quotes when passing allowed-ips

Commit 289f513 ("wireguard: T2632: support PSK on multiple peers") introduced
a regression when multiple allowed-ips have been configured. They were not
properly quoted when passing them down to the wg binary.
---
 python/vyos/ifconfig/wireguard.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'python')

diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py
index a90a66ac3..62ca57ca2 100644
--- a/python/vyos/ifconfig/wireguard.py
+++ b/python/vyos/ifconfig/wireguard.py
@@ -201,7 +201,10 @@ class WireGuardIf(Interface):
         cmd += ' private-key {private_key}'.format(**self.config)
         cmd += ' peer {pubkey}'.format(**self.config)
         cmd += ' persistent-keepalive {keepalive}'.format(**self.config)
-        cmd += ' allowed-ips {}'.format(', '.join(self.config['allowed-ips']))
+        # allowed-ips must be properly quoted else the interface can't be properly
+        # created as the wg utility will tread multiple IP addresses as command
+        # parameters
+        cmd += ' allowed-ips "{}"'.format(','.join(self.config['allowed-ips']))
 
         if self.config['endpoint']:
             cmd += ' endpoint "{endpoint}"'.format(**self.config)
-- 
cgit v1.2.3