diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-04-08 21:17:31 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-04-08 21:20:41 +0200 |
| commit | ae80fdac76f2cb411cfd1f246e8aff3dbb37e528 (patch) | |
| tree | e0a0998612a7fff69bf2ed9eab4e292d385864ab | |
| parent | 038add76f9bc74c112b8733c5a7537f87d301769 (diff) | |
| download | vyos-1x-ae80fdac76f2cb411cfd1f246e8aff3dbb37e528.tar.gz vyos-1x-ae80fdac76f2cb411cfd1f246e8aff3dbb37e528.zip | |
wireguard: T2247: add VRF support
| -rw-r--r-- | interface-definitions/interfaces-wireguard.xml.in | 1 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-wireguard.py | 14 |
2 files changed, 14 insertions, 1 deletions
diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in index bd56d4d50..519aeb57a 100644 --- a/interface-definitions/interfaces-wireguard.xml.in +++ b/interface-definitions/interfaces-wireguard.xml.in @@ -19,6 +19,7 @@ #include <include/address-ipv4-ipv6.xml.i> #include <include/interface-description.xml.i> #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> <leafNode name="port"> <properties> <help>Local port to listen for incoming connections</help> diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 2f609d602..585045863 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -41,7 +41,8 @@ default_config_data = { 'mtu': 1420, 'peer': [], 'peer_remove': [], # stores public keys of peers to remove - 'pk': f'{kdir}/default/private.key' + 'pk': f'{kdir}/default/private.key', + 'vrf': '' } def _check_kmod(): @@ -111,6 +112,10 @@ def get_config(): if conf.exists('mtu'): wg['mtu'] = int(conf.return_value(['mtu'])) + # retrieve VRF instance + if conf.exists('vrf'): + wg['vrf'] = conf.return_value('vrf') + # private key if conf.exists(['private-key']): wg['pk'] = "{0}/{1}/private.key".format( @@ -191,6 +196,10 @@ def verify(wg): 'is a member of bridge "{1}"!'.format(interface, bridge)) return None + vrf_name = wg['vrf'] + if vrf_name and vrf_name not in interfaces(): + raise ConfigError(f'VRF "{vrf_name}" does not exist') + if not os.path.exists(wg['pk']): raise ConfigError('No keys found, generate them by executing:\n' \ '"run generate wireguard [keypair|named-keypairs]"') @@ -248,6 +257,9 @@ def apply(wg): # update interface description used e.g. within SNMP w.set_alias(wg['description']) + # assign/remove VRF + w.set_vrf(wg['vrf']) + # remove peers for pub_key in wg['peer_remove']: w.remove_peer(pub_key) |