From 85a80fe59443a91b66185a06e192f99bec30af68 Mon Sep 17 00:00:00 2001 From: hagbard Date: Fri, 17 Aug 2018 18:25:25 +0000 Subject: T427: endpoint is only required for client mode, it's now an optional parameter --- src/conf_mode/wireguard.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py index 3426acbe3..dda5c4d8a 100755 --- a/src/conf_mode/wireguard.py +++ b/src/conf_mode/wireguard.py @@ -135,8 +135,6 @@ def verify(c): for p in c['interfaces'][i]['peer']: if not c['interfaces'][i]['peer'][p]['allowed-ips']: raise ConfigError("allowed-ips required on interface " + i + " for peer " + p) -# if not c['interfaces'][i]['peer'][p]['endpoint']: -# raise ConfigError("endpoint required on interface " + i + " for peer " + p) ### eventually check allowed-ips (if it's an ip and valid CIDR or so) ### endpoint needs to be IP:port @@ -205,14 +203,19 @@ def configure_interface(c, intf): cmd = "wg set " + intf + \ " listen-port " + c['interfaces'][intf]['lport'] + \ " private-key " + pk + \ - " peer " + p + \ - " endpoint " + c['interfaces'][intf]['peer'][p]['endpoint'] + " peer " + p cmd += " allowed-ips " + for ap in c['interfaces'][intf]['peer'][p]['allowed-ips']: if ap != c['interfaces'][intf]['peer'][p]['allowed-ips'][-1]: cmd += ap + "," else: cmd += ap + + ## endpoint is only required if wg runs as client + if c['interfaces'][intf]['peer'][p]['endpoint']: + cmd += " endpoint " + c['interfaces'][intf]['peer'][p]['endpoint'] + sl.syslog(sl.LOG_NOTICE, "sudo " + cmd) subprocess.call([ 'sudo ' + cmd], shell=True) -- cgit v1.2.3