summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-06-23 16:27:29 +0200
committerChristian Poessinger <christian@poessinger.com>2020-06-23 16:27:29 +0200
commit289f513c3babca73f2ab8504b6b235ca0afa1ae5 (patch)
tree35aadf7d58ac09686c53fa2b9b94c7bff92a6a84 /src/conf_mode
parent70d45cdec4263a0eff1146656ae8e8012ab125b6 (diff)
downloadvyos-1x-289f513c3babca73f2ab8504b6b235ca0afa1ae5.tar.gz
vyos-1x-289f513c3babca73f2ab8504b6b235ca0afa1ae5.zip
wireguard: T2632: support PSK on multiple peers
It was not possible to configure two WG peers with both utilized a pre-shared key. This has been corrected. WG psk can only be read from a file when starting the interface. The code for creating this temporary file has been moved into the ifconfig.WireGuardIf() class. Tested with: ============ set interfaces wireguard wg0 address '192.0.2.0/31' set interfaces wireguard wg0 peer one allowed-ips '0.0.0.0/0' set interfaces wireguard wg0 peer one preshared-key 'e+SIIUcrnrSDHhbTtpjwKhSlSdUALA5ZvoCjfQXcvmA=' set interfaces wireguard wg0 peer one pubkey '/qQGAQ2HfLSZBSCpdgps04r9wRlK7bSFraCH9+MScmw=' set interfaces wireguard wg0 peer two allowed-ips '0.0.0.0/0' set interfaces wireguard wg0 peer two pubkey '/qQGAQ2HfLSZBSCpdgfooor9wRlK7bSFraCH9+MScmw='
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interfaces-wireguard.py9
1 files changed, 2 insertions, 7 deletions
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index ab3e073ae..c24c9a7ce 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -275,7 +275,7 @@ def apply(wg):
# peer pubkey
# setting up the wg interface
- w.config['private-key'] = c['pk']
+ w.config['private_key'] = c['pk']
for peer in wg['peer']:
# peer pubkey
@@ -300,13 +300,8 @@ def apply(wg):
if peer['persistent_keepalive']:
w.config['keepalive'] = peer['persistent_keepalive']
- # maybe move it into ifconfig.py
- # preshared-key - needs to be read from a file
if peer['psk']:
- psk_file = '/config/auth/wireguard/psk'
- with open(psk_file, 'w') as f:
- f.write(peer['psk'])
- w.config['psk'] = psk_file
+ w.config['psk'] = peer['psk']
w.update()