summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorhagbard <vyosdev@derith.de>2018-08-17 18:25:25 +0000
committerhagbard <vyosdev@derith.de>2018-08-17 18:25:25 +0000
commit85a80fe59443a91b66185a06e192f99bec30af68 (patch)
tree78bf3ab4237a28f0cadc8e684abeee8462349eb4 /src/conf_mode
parentaa5f4da1a18eeec1dba9bed3c1d7896605ac51ee (diff)
downloadvyos-1x-85a80fe59443a91b66185a06e192f99bec30af68.tar.gz
vyos-1x-85a80fe59443a91b66185a06e192f99bec30af68.zip
T427: endpoint is only required for client mode, it's now an optional parameter
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/wireguard.py11
1 files changed, 7 insertions, 4 deletions
diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py
index 3426acbe3..dda5c4d8a 100755
--- a/src/conf_mode/wireguard.py
+++ b/src/conf_mode/wireguard.py
@@ -135,8 +135,6 @@ def verify(c):
for p in c['interfaces'][i]['peer']:
if not c['interfaces'][i]['peer'][p]['allowed-ips']:
raise ConfigError("allowed-ips required on interface " + i + " for peer " + p)
-# if not c['interfaces'][i]['peer'][p]['endpoint']:
-# raise ConfigError("endpoint required on interface " + i + " for peer " + p)
### eventually check allowed-ips (if it's an ip and valid CIDR or so)
### endpoint needs to be IP:port
@@ -205,14 +203,19 @@ def configure_interface(c, intf):
cmd = "wg set " + intf + \
" listen-port " + c['interfaces'][intf]['lport'] + \
" private-key " + pk + \
- " peer " + p + \
- " endpoint " + c['interfaces'][intf]['peer'][p]['endpoint']
+ " peer " + p
cmd += " allowed-ips "
+
for ap in c['interfaces'][intf]['peer'][p]['allowed-ips']:
if ap != c['interfaces'][intf]['peer'][p]['allowed-ips'][-1]:
cmd += ap + ","
else:
cmd += ap
+
+ ## endpoint is only required if wg runs as client
+ if c['interfaces'][intf]['peer'][p]['endpoint']:
+ cmd += " endpoint " + c['interfaces'][intf]['peer'][p]['endpoint']
+
sl.syslog(sl.LOG_NOTICE, "sudo " + cmd)
subprocess.call([ 'sudo ' + cmd], shell=True)