diff options
| author | Stepan Henek <stepan.henek@nic.cz> | 2021-04-25 23:32:29 +0200 |
|---|---|---|
| committer | Paul Spooren <mail@aparcar.org> | 2021-10-18 12:14:36 -1000 |
| commit | c4e994011f56d30e031705c16c6b5c498c530852 (patch) | |
| tree | cfcca3ea674f645e639cd2caef5b589ac189f4ef /package/network/utils | |
| parent | dbb0019cbef43c6ce5d02a52bfe662d2217ce603 (diff) | |
| download | upstream-c4e994011f56d30e031705c16c6b5c498c530852.tar.gz upstream-c4e994011f56d30e031705c16c6b5c498c530852.tar.bz2 upstream-c4e994011f56d30e031705c16c6b5c498c530852.zip | |
wireguard-tools: add uci option to disable wireguard peers
Right now when I want to temporarily disable wg peer I need to delete
the entire peer section. This is not such a good solution because I
loose the previous configuration of the peer.
This patch adds `disabled` option to peer config which causes that
the config section is ignored.
Signed-off-by: Stepan Henek <stepan.henek@nic.cz>
[use $(AUTORELEASE)]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Diffstat (limited to 'package/network/utils')
| -rw-r--r-- | package/network/utils/wireguard-tools/Makefile | 2 | ||||
| -rw-r--r-- | package/network/utils/wireguard-tools/files/wireguard.sh | 7 | ||||
| -rw-r--r-- | package/network/utils/wireguard-tools/files/wireguard_watchdog | 8 |
3 files changed, 16 insertions, 1 deletions
diff --git a/package/network/utils/wireguard-tools/Makefile b/package/network/utils/wireguard-tools/Makefile index 11372f2331..717ec2bbb1 100644 --- a/package/network/utils/wireguard-tools/Makefile +++ b/package/network/utils/wireguard-tools/Makefile @@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=wireguard-tools PKG_VERSION:=1.0.20210424 -PKG_RELEASE:=1 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=wireguard-tools-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-tools/snapshot/ diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh index 63261aea71..2e6d74bc91 100644 --- a/package/network/utils/wireguard-tools/files/wireguard.sh +++ b/package/network/utils/wireguard-tools/files/wireguard.sh @@ -26,6 +26,7 @@ proto_wireguard_init_config() { proto_wireguard_setup_peer() { local peer_config="$1" + local disabled local public_key local preshared_key local allowed_ips @@ -34,6 +35,7 @@ proto_wireguard_setup_peer() { local endpoint_port local persistent_keepalive + config_get_bool disabled "${peer_config}" "disabled" 0 config_get public_key "${peer_config}" "public_key" config_get preshared_key "${peer_config}" "preshared_key" config_get allowed_ips "${peer_config}" "allowed_ips" @@ -42,6 +44,11 @@ proto_wireguard_setup_peer() { config_get endpoint_port "${peer_config}" "endpoint_port" config_get persistent_keepalive "${peer_config}" "persistent_keepalive" + if [ "${disabled}" -eq 1 ]; then + # skip disabled peers + return 0 + fi + if [ -z "$public_key" ]; then echo "Skipping peer config $peer_config because public key is not defined." return 0 diff --git a/package/network/utils/wireguard-tools/files/wireguard_watchdog b/package/network/utils/wireguard-tools/files/wireguard_watchdog index c0a5a0aa33..0126f699bb 100644 --- a/package/network/utils/wireguard-tools/files/wireguard_watchdog +++ b/package/network/utils/wireguard-tools/files/wireguard_watchdog @@ -17,6 +17,7 @@ check_peer_activity() { local cfg=$1 local iface=$2 + local disabled local public_key local endpoint_host local endpoint_port @@ -24,9 +25,16 @@ check_peer_activity() { local last_handshake local idle_seconds + config_get_bool disabled "${cfg}" "disabled" 0 config_get public_key "${cfg}" "public_key" config_get endpoint_host "${cfg}" "endpoint_host" config_get endpoint_port "${cfg}" "endpoint_port" + + if [ "${disabled}" -eq 1 ]; then + # skip disabled peers + return 0 + fi + persistent_keepalive=$(wg show ${iface} persistent-keepalive | grep ${public_key} | awk '{print $2}') # only process peers with endpoints and keepalive set |