summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-04-08 21:17:31 +0200
committerChristian Poessinger <christian@poessinger.com>2020-04-08 21:20:41 +0200
commitae80fdac76f2cb411cfd1f246e8aff3dbb37e528 (patch)
treee0a0998612a7fff69bf2ed9eab4e292d385864ab /src/conf_mode
parent038add76f9bc74c112b8733c5a7537f87d301769 (diff)
downloadvyos-1x-ae80fdac76f2cb411cfd1f246e8aff3dbb37e528.tar.gz
vyos-1x-ae80fdac76f2cb411cfd1f246e8aff3dbb37e528.zip
wireguard: T2247: add VRF support
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interfaces-wireguard.py14
1 files changed, 13 insertions, 1 deletions
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index 2f609d602..585045863 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -41,7 +41,8 @@ default_config_data = {
'mtu': 1420,
'peer': [],
'peer_remove': [], # stores public keys of peers to remove
- 'pk': f'{kdir}/default/private.key'
+ 'pk': f'{kdir}/default/private.key',
+ 'vrf': ''
}
def _check_kmod():
@@ -111,6 +112,10 @@ def get_config():
if conf.exists('mtu'):
wg['mtu'] = int(conf.return_value(['mtu']))
+ # retrieve VRF instance
+ if conf.exists('vrf'):
+ wg['vrf'] = conf.return_value('vrf')
+
# private key
if conf.exists(['private-key']):
wg['pk'] = "{0}/{1}/private.key".format(
@@ -191,6 +196,10 @@ def verify(wg):
'is a member of bridge "{1}"!'.format(interface, bridge))
return None
+ vrf_name = wg['vrf']
+ if vrf_name and vrf_name not in interfaces():
+ raise ConfigError(f'VRF "{vrf_name}" does not exist')
+
if not os.path.exists(wg['pk']):
raise ConfigError('No keys found, generate them by executing:\n' \
'"run generate wireguard [keypair|named-keypairs]"')
@@ -248,6 +257,9 @@ def apply(wg):
# update interface description used e.g. within SNMP
w.set_alias(wg['description'])
+ # assign/remove VRF
+ w.set_vrf(wg['vrf'])
+
# remove peers
for pub_key in wg['peer_remove']:
w.remove_peer(pub_key)