summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorhagbard <vyosdev@derith.de>2019-09-09 11:55:54 -0700
committerhagbard <vyosdev@derith.de>2019-09-10 10:28:29 -0700
commit1017c8103f12ebd6db4f250d8a154571fff32db1 (patch)
tree35620af3f240db61f44e861af6107c1cfeb81dca /src/conf_mode
parentf7456361b5b94f3c69f8fa0f34f8bff0ef68f9aa (diff)
downloadvyos-1x-1017c8103f12ebd6db4f250d8a154571fff32db1.tar.gz
vyos-1x-1017c8103f12ebd6db4f250d8a154571fff32db1.zip
[wireguard]: T1572 - Wireguard keyPair per interface
- param key location added in op-mode script - param delkey and listkey implemented in op-mode script - param delkey implemented in op-mode script - generate and store named keys - interface implementation tu use cli option 'private-key'
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interface-wireguard.py11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/conf_mode/interface-wireguard.py b/src/conf_mode/interface-wireguard.py
index 4c0e90ca6..0f9e66aa6 100755
--- a/src/conf_mode/interface-wireguard.py
+++ b/src/conf_mode/interface-wireguard.py
@@ -29,6 +29,9 @@ from vyos.ifconfig import WireGuardIf
ifname = str(os.environ['VYOS_TAGNODE_VALUE'])
intfc = WireGuardIf(ifname)
+kdir = r'/config/auth/wireguard'
+
+
def check_kmod():
if not os.path.exists('/sys/module/wireguard'):
sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod")
@@ -52,7 +55,7 @@ def get_config():
'fwmark': 0x00,
'mtu': 1420,
'peer': {},
- 'pk' : '/config/auth/wireguard/private.key'
+ 'pk': '{}/private.key'.format(kdir)
}
}
@@ -77,6 +80,9 @@ def get_config():
ifname + ' description')
if c.exists(ifname + ' mtu'):
config_data[ifname]['mtu'] = c.return_value(ifname + ' mtu')
+ if c.exists(ifname + ' private-key'):
+ config_data[ifname]['pk'] = "{0}/{1}/private.key".format(
+ kdir, c.return_value(ifname + ' private-key'))
if c.exists(ifname + ' peer'):
for p in c.list_nodes(ifname + ' peer'):
if not c.exists(ifname + ' peer ' + p + ' disable'):
@@ -107,13 +113,14 @@ def get_config():
return config_data
+
def verify(c):
if not c:
return None
if not os.path.exists(c[ifname]['pk']):
raise ConfigError(
- "No keys found, generate them by executing: \'run generate wireguard keypair\'")
+ "No keys found, generate them by executing: \'run generate wireguard [keypair|named-keypairs]\'")
if c[ifname]['status'] != 'delete':
if not c[ifname]['addr']: