summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhagbard <vyosdev@derith.de>2019-02-04 12:14:26 -0800
committerhagbard <vyosdev@derith.de>2019-02-04 12:14:26 -0800
commit1a5b8f62569be1a9475ba2848da36fe2f74021b9 (patch)
tree11b4d00d147a7db4758dd2d182c3d02ce6c5d578
parent94860b853a41ce241598cb55966f4c2841cd2c1b (diff)
downloadvyos-1x-1a5b8f62569be1a9475ba2848da36fe2f74021b9.tar.gz
vyos-1x-1a5b8f62569be1a9475ba2848da36fe2f74021b9.zip
enhancement: T1225 - wireguard implement 'set int wireguard wg0 peer name disable' to disable single peers
-rw-r--r--debian/changelog6
-rw-r--r--interface-definitions/wireguard.xml8
-rwxr-xr-xsrc/conf_mode/wireguard.py42
3 files changed, 36 insertions, 20 deletions
diff --git a/debian/changelog b/debian/changelog
index 477ce8a56..6dcc90d6d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+vyos-1x (1.2.0-12) unstable; urgency=low
+
+ fixes T1225: wireguard implement 'set int wireguard wg0 peer name disable' to disable single peers
+
+ -- hagbard <vyosdev@derith.de> Mon, 04 Feb 2019 10:26:50 -0800
+
vyos-1x (1.2.0-11) unstable; urgency=low
* Fix: T1217 - cant delete wireguard wg0 interface
diff --git a/interface-definitions/wireguard.xml b/interface-definitions/wireguard.xml
index 8bfffac9d..a79152146 100644
--- a/interface-definitions/wireguard.xml
+++ b/interface-definitions/wireguard.xml
@@ -41,7 +41,7 @@
</leafNode>
<leafNode name="disable">
<properties>
- <help>disables the wireguard interface</help>
+ <help>disables peer</help>
<valueless />
</properties>
</leafNode>
@@ -82,6 +82,12 @@
<constraintErrorMessage>peer alias too long (limit 100 characters)</constraintErrorMessage>
</properties>
<children>
+ <leafNode name="disable">
+ <properties>
+ <help>disables peer</help>
+ <valueless />
+ </properties>
+ </leafNode>
<leafNode name="pubkey">
<properties>
<help>base64 encoded public key</help>
diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py
index c167366f1..e893dba47 100755
--- a/src/conf_mode/wireguard.py
+++ b/src/conf_mode/wireguard.py
@@ -104,26 +104,27 @@ def get_config():
### peers
if c.exists(cnf + ' peer'):
for p in c.list_nodes(cnf + ' peer'):
- config_data['interfaces'][intfc]['peer'].update(
+ if not c.exists(cnf + ' peer ' + p + ' disable'):
+ config_data['interfaces'][intfc]['peer'].update(
{
- p : {
+ p : {
'allowed-ips' : [],
'endpoint' : '',
'pubkey' : ''
- }
+ }
}
- )
- if c.exists(cnf + ' peer ' + p + ' pubkey'):
- config_data['interfaces'][intfc]['peer'][p]['pubkey'] = c.return_value(cnf + ' peer ' + p + ' pubkey')
- if c.exists(cnf + ' peer ' + p + ' allowed-ips'):
- config_data['interfaces'][intfc]['peer'][p]['allowed-ips'] = c.return_values(cnf + ' peer ' + p + ' allowed-ips')
- if c.exists(cnf + ' peer ' + p + ' endpoint'):
- config_data['interfaces'][intfc]['peer'][p]['endpoint'] = c.return_value(cnf + ' peer ' + p + ' endpoint')
- if c.exists(cnf + ' peer ' + p + ' persistent-keepalive'):
- config_data['interfaces'][intfc]['peer'][p]['persistent-keepalive'] = c.return_value(cnf + ' peer ' + p + ' persistent-keepalive')
- if c.exists(cnf + ' peer ' + p + ' preshared-key'):
- config_data['interfaces'][intfc]['peer'][p]['psk'] = c.return_value(cnf + ' peer ' + p + ' preshared-key')
-
+ )
+ if c.exists(cnf + ' peer ' + p + ' pubkey'):
+ config_data['interfaces'][intfc]['peer'][p]['pubkey'] = c.return_value(cnf + ' peer ' + p + ' pubkey')
+ if c.exists(cnf + ' peer ' + p + ' allowed-ips'):
+ config_data['interfaces'][intfc]['peer'][p]['allowed-ips'] = c.return_values(cnf + ' peer ' + p + ' allowed-ips')
+ if c.exists(cnf + ' peer ' + p + ' endpoint'):
+ config_data['interfaces'][intfc]['peer'][p]['endpoint'] = c.return_value(cnf + ' peer ' + p + ' endpoint')
+ if c.exists(cnf + ' peer ' + p + ' persistent-keepalive'):
+ config_data['interfaces'][intfc]['peer'][p]['persistent-keepalive'] = c.return_value(cnf + ' peer ' + p + ' persistent-keepalive')
+ if c.exists(cnf + ' peer ' + p + ' preshared-key'):
+ config_data['interfaces'][intfc]['peer'][p]['psk'] = c.return_value(cnf + ' peer ' + p + ' preshared-key')
+
return config_data
def verify(c):
@@ -238,17 +239,20 @@ def apply(c):
sl.syslog(sl.LOG_NOTICE, "setting mtu to " + mtu + " on " + intf)
subprocess.call(['ip l set mtu ' + mtu + ' dev ' + intf + ' &>/dev/null'], shell=True)
+
### persistent-keepalive
- for p in c_eff.list_nodes(intf + ' peer'):
+ for p in c['interfaces'][intf]['peer']:
val_eff = ""
val = ""
+
+ try:
+ val = c['interfaces'][intf]['peer'][p]['persistent-keepalive']
+ except KeyError:
+ pass
if c_eff.exists_effective(intf + ' peer ' + p + ' persistent-keepalive'):
val_eff = c_eff.return_effective_value(intf + ' peer ' + p + ' persistent-keepalive')
- if 'persistent-keepalive' in c['interfaces'][intf]['peer'][p]:
- val = c['interfaces'][intf]['peer'][p]['persistent-keepalive']
-
### disable keepalive
if val_eff and not val:
c['interfaces'][intf]['peer'][p]['persistent-keepalive'] = 0