summaryrefslogtreecommitdiff
path: root/src/conf_mode/wireguard.py
diff options
context:
space:
mode:
authorhagbard <vyosdev@derith.de>2018-08-24 16:17:27 -0700
committerhagbard <vyosdev@derith.de>2018-08-24 16:17:27 -0700
commita81104c11d5f14e9cb2c0eaf2a75eaf86f667ce7 (patch)
tree92c7fbe440f5f60e5368b03be639c601ac101db1 /src/conf_mode/wireguard.py
parentc2b18ceda09868ed5a98be082fd3aa4dd787348c (diff)
downloadvyos-1x-a81104c11d5f14e9cb2c0eaf2a75eaf86f667ce7.tar.gz
vyos-1x-a81104c11d5f14e9cb2c0eaf2a75eaf86f667ce7.zip
T791: endpoint pattern doesn't need to be checked, wg returns an error message if it's not IP:port
Diffstat (limited to 'src/conf_mode/wireguard.py')
-rwxr-xr-xsrc/conf_mode/wireguard.py13
1 files changed, 6 insertions, 7 deletions
diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py
index 8d76ab105..f90379f53 100755
--- a/src/conf_mode/wireguard.py
+++ b/src/conf_mode/wireguard.py
@@ -133,14 +133,13 @@ def verify(c):
raise ConfigError("address required for interface " + i)
if not c['interfaces'][i]['peer']:
raise ConfigError("peer required on interface " + i)
- else:
- for p in c['interfaces'][i]['peer']:
- if not c['interfaces'][i]['peer'][p]['allowed-ips']:
- raise ConfigError("allowed-ips required on interface " + i + " for peer " + p)
- if not c['interfaces'][i]['peer'][p]['pubkey']:
- raise ConfigError("pubkey from your peer is mandatory on " + i + " for peer " + p)
- ### endpoint needs to be IP:port, mabey verify it here, but consider IPv6 in the pattern
+ for p in c['interfaces'][i]['peer']:
+ if not c['interfaces'][i]['peer'][p]['allowed-ips']:
+ raise ConfigError("allowed-ips required on interface " + i + " for peer " + p)
+ if not c['interfaces'][i]['peer'][p]['pubkey']:
+ raise ConfigError("pubkey from your peer is mandatory on " + i + " for peer " + p)
+
def apply(c):
### no wg config left, delete all wireguard devices on the os