diff options
| author | hagbard-01 <39653662+hagbard-01@users.noreply.github.com> | 2018-09-03 08:24:56 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-09-03 08:24:56 -0700 |
| commit | d31d16d38c191a8973d79302b108db7276aef7fd (patch) | |
| tree | a4208622bfd8f49ec1c75cc07c0ae46fde13049a /src/op_mode | |
| parent | c49ec1392ba68a20af13c21f8a739d7b1dbc4906 (diff) | |
| parent | d6679e21bc58a37195b518e6b51bc7a50df1b947 (diff) | |
| download | vyos-1x-d31d16d38c191a8973d79302b108db7276aef7fd.tar.gz vyos-1x-d31d16d38c191a8973d79302b108db7276aef7fd.zip | |
Merge pull request #49 from hagbard-01/current
T793: wireguard: implement fwmark, pre-shared key
Diffstat (limited to 'src/op_mode')
| -rwxr-xr-x | src/op_mode/wireguard.py (renamed from src/op_mode/wireguard_key.py) | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/src/op_mode/wireguard_key.py b/src/op_mode/wireguard.py index 811cff1ca..14ee66aaf 100755 --- a/src/op_mode/wireguard_key.py +++ b/src/op_mode/wireguard.py @@ -19,18 +19,18 @@ import argparse import os import sys -import syslog as sl import subprocess +import syslog as sl from vyos import ConfigError dir = r'/config/auth/wireguard' pk = dir + '/private.key' pub = dir + '/public.key' +psk = dir + '/preshared.key' -### check_kmod may be removed in the future, -### once it's loaded automatically def check_kmod(): + """ check if kmod is loaded, if not load it """ if not os.path.exists('/sys/module/wireguard'): sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod") if os.system('sudo modprobe wireguard') != 0: @@ -38,6 +38,7 @@ def check_kmod(): raise ConfigError("modprobe wireguard failed") def generate_keypair(): + """ generates a keypair which is stored in /config/auth/wireguard """ ret = subprocess.call(['wg genkey | tee ' + pk + '|wg pubkey > ' + pub], shell=True) if ret != 0: raise ConfigError("wireguard key-pair generation failed") @@ -45,18 +46,20 @@ def generate_keypair(): sl.syslog(sl.LOG_NOTICE, "new keypair wireguard key generated in " + dir) def genkey(): - ### if umask 077 makes trouble, 027 will work + """ helper function to check, regenerate the keypair """ old_umask = os.umask(0o077) if os.path.exists(pk) and os.path.exists(pub): - choice = input("You have a wireguard key-pair already, do you want to re-generate? [y/n] ") + choice = input("You already have a wireguard key-pair already, do you want to re-generate? [y/n] ") if choice == 'y' or choice == 'Y': generate_keypair() else: - os.mkdir(dir) + if not os.path.exists(dir): + os.mkdir(dir) generate_keypair() os.umask(old_umask) def showkey(key): + """ helper function to show privkey or pubkey """ if key == "pub": if os.path.exists(pub): print ( open(pub).read().strip() ) @@ -69,6 +72,10 @@ def showkey(key): else: print("no private key found") +def genpsk(): + """ generates a preshared key and shows it on stdout, it's stroed only in the config """ + subprocess.call(['wg genpsk'], shell=True) + if __name__ == '__main__': check_kmod() @@ -76,6 +83,7 @@ if __name__ == '__main__': parser.add_argument('--genkey', action="store_true", help='generate key-pair') parser.add_argument('--showpub', action="store_true", help='shows public key') parser.add_argument('--showpriv', action="store_true", help='shows private key') + parser.add_argument('--genpsk', action="store_true", help='generates preshared-key') args = parser.parse_args() try: @@ -85,6 +93,8 @@ if __name__ == '__main__': showkey("pub") if args.showpriv: showkey("pk") + if args.genpsk: + genpsk() except ConfigError as e: print(e) |