From 85a80fe59443a91b66185a06e192f99bec30af68 Mon Sep 17 00:00:00 2001
From: hagbard <vyosdev@derith.de>
Date: Fri, 17 Aug 2018 18:25:25 +0000
Subject: T427: endpoint is only required for client mode, it's now an optional
 parameter

---
 src/conf_mode/wireguard.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py
index 3426acbe3..dda5c4d8a 100755
--- a/src/conf_mode/wireguard.py
+++ b/src/conf_mode/wireguard.py
@@ -135,8 +135,6 @@ def verify(c):
         for p in c['interfaces'][i]['peer']:
           if not c['interfaces'][i]['peer'][p]['allowed-ips']:
             raise ConfigError("allowed-ips required on interface " + i + " for peer " + p)
-#      if not c['interfaces'][i]['peer'][p]['endpoint']:
-#        raise ConfigError("endpoint required on interface " + i + " for peer " + p)
 
     ### eventually check allowed-ips (if it's an ip and valid CIDR or so)
     ### endpoint needs to be IP:port
@@ -205,14 +203,19 @@ def configure_interface(c, intf):
     cmd = "wg set " + intf + \
           " listen-port " + c['interfaces'][intf]['lport'] + \
           " private-key " + pk + \
-          " peer " + p + \
-          " endpoint " + c['interfaces'][intf]['peer'][p]['endpoint'] 
+          " peer " + p 
     cmd += " allowed-ips "
+
   for ap in c['interfaces'][intf]['peer'][p]['allowed-ips']:
     if ap != c['interfaces'][intf]['peer'][p]['allowed-ips'][-1]:
       cmd += ap + ","
     else:
       cmd += ap
+
+  ## endpoint is only required if wg runs as client
+  if c['interfaces'][intf]['peer'][p]['endpoint']:
+    cmd += " endpoint " + c['interfaces'][intf]['peer'][p]['endpoint']
+
   sl.syslog(sl.LOG_NOTICE, "sudo " + cmd)
   subprocess.call([ 'sudo ' + cmd], shell=True)
 
-- 
cgit v1.2.3