Skip to content
Permalink
Browse files

[wireguard] - T1639: wireguard pubkey change error

  - removed sudo as is already runs as root
  - set privte key as variable in preparation to support multiple
    pk's
  • Loading branch information...
hagbard-01 committed Sep 9, 2019
1 parent 6f666f0 commit f7456361b5b94f3c69f8fa0f34f8bff0ef68f9aa
Showing with 7 additions and 12 deletions.
  1. +2 −2 python/vyos/ifconfig.py
  2. +5 −10 src/conf_mode/interface-wireguard.py
@@ -1349,7 +1349,7 @@ def update(self):
# fmask permission check?
pass

cmd = "sudo wg set {} ".format(self._ifname)
cmd = "wg set {} ".format(self._ifname)
cmd += "listen-port {} ".format(self.config['port'])
cmd += "fwmark {} ".format(str(self.config['fwmark']))
cmd += "private-key {} ".format(self.config['private-key'])
@@ -1380,7 +1380,7 @@ def remove_peer(self, peerkey):
Giving it a readable name is a vyos feature, to remove a peer the pubkey
and the interface is needed, to remove the entry.
"""
cmd = "sudo wg set {0} peer {1} remove".format(
cmd = "wg set {0} peer {1} remove".format(
self._ifname, str(peerkey))
self._cmd(cmd)

@@ -29,12 +29,6 @@
ifname = str(os.environ['VYOS_TAGNODE_VALUE'])
intfc = WireGuardIf(ifname)

dir = r'/config/auth/wireguard'
pk = dir + '/private.key'
pub = dir + '/public.key'
psk_file = dir + '/psk'


def check_kmod():
if not os.path.exists('/sys/module/wireguard'):
sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod")
@@ -57,7 +51,8 @@ def get_config():
'state': 'enabled',
'fwmark': 0x00,
'mtu': 1420,
'peer': {}
'peer': {},
'pk' : '/config/auth/wireguard/private.key'
}
}

@@ -112,12 +107,11 @@ def get_config():

return config_data


def verify(c):
if not c:
return None

if not os.path.exists(pk):
if not os.path.exists(c[ifname]['pk']):
raise ConfigError(
"No keys found, generate them by executing: \'run generate wireguard keypair\'")

@@ -225,7 +219,7 @@ def apply(c):
sl.LOG_NOTICE, "peer {0} pubkey changed from {1} to {2} on interface {3}".format(p, ekey, nkey, ifname))
intfc.remove_peer(ekey)

intfc.config['private-key'] = pk
intfc.config['private-key'] = c[ifname]['pk']
for p in c[ifname]['peer']:
intfc.config['pubkey'] = str(c[ifname]['peer'][p]['pubkey'])
intfc.config['allowed-ips'] = (c[ifname]['peer'][p]['allowed-ips'])
@@ -249,6 +243,7 @@ def apply(c):

# preshared-key - needs to be read from a file
if 'psk' in c[ifname]['peer'][p]:
psk_file = '/config/auth/wireguard/psk'
old_umask = os.umask(0o077)
open(psk_file, 'w').write(str(c[ifname]['peer'][p]['psk']))
os.umask(old_umask)

0 comments on commit f745636

Please sign in to comment.
You can’t perform that action at this time.