diff options
author | hagbard <vyosdev@derith.de> | 2018-08-24 16:17:27 -0700 |
---|---|---|
committer | hagbard <vyosdev@derith.de> | 2018-08-24 16:17:27 -0700 |
commit | a81104c11d5f14e9cb2c0eaf2a75eaf86f667ce7 (patch) | |
tree | 92c7fbe440f5f60e5368b03be639c601ac101db1 /src/conf_mode/wireguard.py | |
parent | c2b18ceda09868ed5a98be082fd3aa4dd787348c (diff) | |
download | vyos-1x-a81104c11d5f14e9cb2c0eaf2a75eaf86f667ce7.tar.gz vyos-1x-a81104c11d5f14e9cb2c0eaf2a75eaf86f667ce7.zip |
T791: endpoint pattern doesn't need to be checked, wg returns an error message if it's not IP:port
Diffstat (limited to 'src/conf_mode/wireguard.py')
-rwxr-xr-x | src/conf_mode/wireguard.py | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py index 8d76ab105..f90379f53 100755 --- a/src/conf_mode/wireguard.py +++ b/src/conf_mode/wireguard.py @@ -133,14 +133,13 @@ def verify(c): raise ConfigError("address required for interface " + i) if not c['interfaces'][i]['peer']: raise ConfigError("peer required on interface " + i) - else: - for p in c['interfaces'][i]['peer']: - if not c['interfaces'][i]['peer'][p]['allowed-ips']: - raise ConfigError("allowed-ips required on interface " + i + " for peer " + p) - if not c['interfaces'][i]['peer'][p]['pubkey']: - raise ConfigError("pubkey from your peer is mandatory on " + i + " for peer " + p) - ### endpoint needs to be IP:port, mabey verify it here, but consider IPv6 in the pattern + for p in c['interfaces'][i]['peer']: + if not c['interfaces'][i]['peer'][p]['allowed-ips']: + raise ConfigError("allowed-ips required on interface " + i + " for peer " + p) + if not c['interfaces'][i]['peer'][p]['pubkey']: + raise ConfigError("pubkey from your peer is mandatory on " + i + " for peer " + p) + def apply(c): ### no wg config left, delete all wireguard devices on the os |