diff options
author | hagbard <vyosdev@derith.de> | 2018-08-17 18:25:25 +0000 |
---|---|---|
committer | hagbard <vyosdev@derith.de> | 2018-08-17 18:25:25 +0000 |
commit | 85a80fe59443a91b66185a06e192f99bec30af68 (patch) | |
tree | 78bf3ab4237a28f0cadc8e684abeee8462349eb4 /src/conf_mode | |
parent | aa5f4da1a18eeec1dba9bed3c1d7896605ac51ee (diff) | |
download | vyos-1x-85a80fe59443a91b66185a06e192f99bec30af68.tar.gz vyos-1x-85a80fe59443a91b66185a06e192f99bec30af68.zip |
T427: endpoint is only required for client mode, it's now an optional parameter
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/wireguard.py | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py index 3426acbe3..dda5c4d8a 100755 --- a/src/conf_mode/wireguard.py +++ b/src/conf_mode/wireguard.py @@ -135,8 +135,6 @@ def verify(c): for p in c['interfaces'][i]['peer']: if not c['interfaces'][i]['peer'][p]['allowed-ips']: raise ConfigError("allowed-ips required on interface " + i + " for peer " + p) -# if not c['interfaces'][i]['peer'][p]['endpoint']: -# raise ConfigError("endpoint required on interface " + i + " for peer " + p) ### eventually check allowed-ips (if it's an ip and valid CIDR or so) ### endpoint needs to be IP:port @@ -205,14 +203,19 @@ def configure_interface(c, intf): cmd = "wg set " + intf + \ " listen-port " + c['interfaces'][intf]['lport'] + \ " private-key " + pk + \ - " peer " + p + \ - " endpoint " + c['interfaces'][intf]['peer'][p]['endpoint'] + " peer " + p cmd += " allowed-ips " + for ap in c['interfaces'][intf]['peer'][p]['allowed-ips']: if ap != c['interfaces'][intf]['peer'][p]['allowed-ips'][-1]: cmd += ap + "," else: cmd += ap + + ## endpoint is only required if wg runs as client + if c['interfaces'][intf]['peer'][p]['endpoint']: + cmd += " endpoint " + c['interfaces'][intf]['peer'][p]['endpoint'] + sl.syslog(sl.LOG_NOTICE, "sudo " + cmd) subprocess.call([ 'sudo ' + cmd], shell=True) |