diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-06-24 18:53:02 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-06-24 18:54:25 +0200 |
| commit | 39174c079ab5ed824c694b92954b506ffc3dab17 (patch) | |
| tree | c2f59354879d12af2853c18a5644a7be15889923 | |
| parent | d4ed1b0602f1a96cd5b5104268c1a1155c042062 (diff) | |
| download | vyos-1x-39174c079ab5ed824c694b92954b506ffc3dab17.tar.gz vyos-1x-39174c079ab5ed824c694b92954b506ffc3dab17.zip | |
wireguard: T2632: add quotes when passing allowed-ips
Commit 289f513 ("wireguard: T2632: support PSK on multiple peers") introduced
a regression when multiple allowed-ips have been configured. They were not
properly quoted when passing them down to the wg binary.
| -rw-r--r-- | python/vyos/ifconfig/wireguard.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py index a90a66ac3..62ca57ca2 100644 --- a/python/vyos/ifconfig/wireguard.py +++ b/python/vyos/ifconfig/wireguard.py @@ -201,7 +201,10 @@ class WireGuardIf(Interface): cmd += ' private-key {private_key}'.format(**self.config) cmd += ' peer {pubkey}'.format(**self.config) cmd += ' persistent-keepalive {keepalive}'.format(**self.config) - cmd += ' allowed-ips {}'.format(', '.join(self.config['allowed-ips'])) + # allowed-ips must be properly quoted else the interface can't be properly + # created as the wg utility will tread multiple IP addresses as command + # parameters + cmd += ' allowed-ips "{}"'.format(','.join(self.config['allowed-ips'])) if self.config['endpoint']: cmd += ' endpoint "{endpoint}"'.format(**self.config) |