diff options
| author | sskaje <sskaje@gmail.com> | 2024-11-20 03:40:34 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-19 21:40:34 +0200 |
| commit | 2419c2f42b12604aac6ac2e32bac977e91ae8bc0 (patch) | |
| tree | f6a20cbb6e9c81fc77cd2647b5b6d7407d21f105 /src/conf_mode | |
| parent | 8f76c96cb4d7132b7654aa5f37e8ab49fa2e137a (diff) | |
| download | vyos-1x-2419c2f42b12604aac6ac2e32bac977e91ae8bc0.tar.gz vyos-1x-2419c2f42b12604aac6ac2e32bac977e91ae8bc0.zip | |
T6490: Allow creation of wireguard interfaces without requiring peers (#4194)
* T6490: Allow creation of wireguard interfaces without requiring peers
Diffstat (limited to 'src/conf_mode')
| -rwxr-xr-x | src/conf_mode/interfaces_wireguard.py | 36 |
1 files changed, 17 insertions, 19 deletions
diff --git a/src/conf_mode/interfaces_wireguard.py b/src/conf_mode/interfaces_wireguard.py index 7abdfdbfa..b6fd6b0b2 100755 --- a/src/conf_mode/interfaces_wireguard.py +++ b/src/conf_mode/interfaces_wireguard.py @@ -70,9 +70,6 @@ def verify(wireguard): if 'private_key' not in wireguard: raise ConfigError('Wireguard private-key not defined') - if 'peer' not in wireguard: - raise ConfigError('At least one Wireguard peer is required!') - if 'port' in wireguard and 'port_changed' in wireguard: listen_port = int(wireguard['port']) if check_port_availability('0.0.0.0', listen_port, 'udp') is not True: @@ -80,28 +77,29 @@ def verify(wireguard): 'cannot be used for the interface!') # run checks on individual configured WireGuard peer - public_keys = [] - for tmp in wireguard['peer']: - peer = wireguard['peer'][tmp] + if 'peer' in wireguard: + public_keys = [] + for tmp in wireguard['peer']: + peer = wireguard['peer'][tmp] - if 'allowed_ips' not in peer: - raise ConfigError(f'Wireguard allowed-ips required for peer "{tmp}"!') + if 'allowed_ips' not in peer: + raise ConfigError(f'Wireguard allowed-ips required for peer "{tmp}"!') - if 'public_key' not in peer: - raise ConfigError(f'Wireguard public-key required for peer "{tmp}"!') + if 'public_key' not in peer: + raise ConfigError(f'Wireguard public-key required for peer "{tmp}"!') - if ('address' in peer and 'port' not in peer) or ('port' in peer and 'address' not in peer): - raise ConfigError('Both Wireguard port and address must be defined ' - f'for peer "{tmp}" if either one of them is set!') + if ('address' in peer and 'port' not in peer) or ('port' in peer and 'address' not in peer): + raise ConfigError('Both Wireguard port and address must be defined ' + f'for peer "{tmp}" if either one of them is set!') - if peer['public_key'] in public_keys: - raise ConfigError(f'Duplicate public-key defined on peer "{tmp}"') + if peer['public_key'] in public_keys: + raise ConfigError(f'Duplicate public-key defined on peer "{tmp}"') - if 'disable' not in peer: - if is_wireguard_key_pair(wireguard['private_key'], peer['public_key']): - raise ConfigError(f'Peer "{tmp}" has the same public key as the interface "{wireguard["ifname"]}"') + if 'disable' not in peer: + if is_wireguard_key_pair(wireguard['private_key'], peer['public_key']): + raise ConfigError(f'Peer "{tmp}" has the same public key as the interface "{wireguard["ifname"]}"') - public_keys.append(peer['public_key']) + public_keys.append(peer['public_key']) def generate(wireguard): return None |