diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-11-02 20:37:57 +0100 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2023-11-02 21:11:18 +0100 |
| commit | 2fc8738bc9c2fb6364a22d86079e8635cee91949 (patch) | |
| tree | e1176a37b2857ca1fb185c72315378d6598a188c /python | |
| parent | cb2f72dbd10a11f99913cc60044460f18381f770 (diff) | |
| download | vyos-1x-2fc8738bc9c2fb6364a22d86079e8635cee91949.tar.gz vyos-1x-2fc8738bc9c2fb6364a22d86079e8635cee91949.zip | |
wireguard: T5707: remove previously deconfigured peer
Changing the public key of a peer (updating the key material) left the old
WireGuard peer in place, as the key removal command used the new key.
WireGuard only supports peer removal based on the configured public-key, by
deleting the entire interface this is the shortcut instead of parsing out all
peers and removing them one by one.
Peer reconfiguration will always come with a short downtime while the WireGuard
interface is recreated.
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/ifconfig/wireguard.py | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py index 4aac103ec..5704f8b64 100644 --- a/python/vyos/ifconfig/wireguard.py +++ b/python/vyos/ifconfig/wireguard.py @@ -167,11 +167,6 @@ class WireGuardIf(Interface): interface setup code and provide a single point of entry when workin on any interface. """ - # remove no longer associated peers first - if 'peer_remove' in config: - for peer, public_key in config['peer_remove'].items(): - self._cmd(f'wg set {self.ifname} peer {public_key} remove') - tmp_file = NamedTemporaryFile('w') tmp_file.write(config['private_key']) tmp_file.flush() |