wireguard: T1853: disable peer doesn't work

author: hagbard <vyosdev@derith.de> 2019-12-05 13:56:26 -0800
committer: hagbard <vyosdev@derith.de> 2019-12-05 13:56:26 -0800
commit: fde531d3791a3d71aa27f99244d7cbb3b3625bf0 (patch)
tree: bc4a759d58a3a4ebe0fda974897fbff26065eefd /src/conf_mode
parent: c9390e9f1522cf5208dcdce59f2913639ab7fd6d (diff)
download: vyos-1x-fde531d3791a3d71aa27f99244d7cbb3b3625bf0.tar.gz
vyos-1x-fde531d3791a3d71aa27f99244d7cbb3b3625bf0.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index 013a07f32..cac911c8c 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -169,6 +169,10 @@ def get_config():
                     if key_eff != key_cfg and key_eff != None:
                         wg['peer_remove'].append(key_cfg)
 
+                # if a peer is disabled, we have to exec a remove for it's pubkey
+                else:
+                  peer_key = c.return_value('peer {peer} pubkey'.format(peer=p))
+                  wg['peer_remove'].append(peer_key)
     return wg
 
 
@@ -191,6 +195,7 @@ def verify(c):
             if not c['peer'][p]['pubkey']:
                 raise ConfigError("peer pubkey required for peer " + p)
 
+
 def apply(c):
     # no wg configs left, remove all interface from system
     # maybe move it into ifconfig.py
author	hagbard <vyosdev@derith.de>	2019-12-05 13:56:26 -0800
committer	hagbard <vyosdev@derith.de>	2019-12-05 13:56:26 -0800
commit	fde531d3791a3d71aa27f99244d7cbb3b3625bf0 (patch)
tree	bc4a759d58a3a4ebe0fda974897fbff26065eefd /src/conf_mode
parent	c9390e9f1522cf5208dcdce59f2913639ab7fd6d (diff)
download	vyos-1x-fde531d3791a3d71aa27f99244d7cbb3b3625bf0.tar.gz vyos-1x-fde531d3791a3d71aa27f99244d7cbb3b3625bf0.zip