summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorhagbard <vyosdev@derith.de>2019-09-09 09:32:57 -0700
committerhagbard <vyosdev@derith.de>2019-09-09 09:32:57 -0700
commitf7456361b5b94f3c69f8fa0f34f8bff0ef68f9aa (patch)
tree80046acf644f73a66edc8ff6137a08da8ed830bb /src/conf_mode
parent6f666f0a62fb98fcab800be813141f44dd1ab8a7 (diff)
downloadvyos-1x-f7456361b5b94f3c69f8fa0f34f8bff0ef68f9aa.tar.gz
vyos-1x-f7456361b5b94f3c69f8fa0f34f8bff0ef68f9aa.zip
[wireguard] - T1639: wireguard pubkey change error
- removed sudo as is already runs as root - set privte key as variable in preparation to support multiple pk's
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interface-wireguard.py15
1 files changed, 5 insertions, 10 deletions
diff --git a/src/conf_mode/interface-wireguard.py b/src/conf_mode/interface-wireguard.py
index e7b9a267f..4c0e90ca6 100755
--- a/src/conf_mode/interface-wireguard.py
+++ b/src/conf_mode/interface-wireguard.py
@@ -29,12 +29,6 @@ from vyos.ifconfig import WireGuardIf
ifname = str(os.environ['VYOS_TAGNODE_VALUE'])
intfc = WireGuardIf(ifname)
-dir = r'/config/auth/wireguard'
-pk = dir + '/private.key'
-pub = dir + '/public.key'
-psk_file = dir + '/psk'
-
-
def check_kmod():
if not os.path.exists('/sys/module/wireguard'):
sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod")
@@ -57,7 +51,8 @@ def get_config():
'state': 'enabled',
'fwmark': 0x00,
'mtu': 1420,
- 'peer': {}
+ 'peer': {},
+ 'pk' : '/config/auth/wireguard/private.key'
}
}
@@ -112,12 +107,11 @@ def get_config():
return config_data
-
def verify(c):
if not c:
return None
- if not os.path.exists(pk):
+ if not os.path.exists(c[ifname]['pk']):
raise ConfigError(
"No keys found, generate them by executing: \'run generate wireguard keypair\'")
@@ -225,7 +219,7 @@ def apply(c):
sl.LOG_NOTICE, "peer {0} pubkey changed from {1} to {2} on interface {3}".format(p, ekey, nkey, ifname))
intfc.remove_peer(ekey)
- intfc.config['private-key'] = pk
+ intfc.config['private-key'] = c[ifname]['pk']
for p in c[ifname]['peer']:
intfc.config['pubkey'] = str(c[ifname]['peer'][p]['pubkey'])
intfc.config['allowed-ips'] = (c[ifname]['peer'][p]['allowed-ips'])
@@ -249,6 +243,7 @@ def apply(c):
# preshared-key - needs to be read from a file
if 'psk' in c[ifname]['peer'][p]:
+ psk_file = '/config/auth/wireguard/psk'
old_umask = os.umask(0o077)
open(psk_file, 'w').write(str(c[ifname]['peer'][p]['psk']))
os.umask(old_umask)