git: 172a8241c9c9 - main - ifconfig: wg: stop requiring peer endpoints
Kyle Evans
kevans at FreeBSD.org
Tue Mar 9 11:17:54 UTC 2021
The branch main has been updated by kevans:
URL: https://cgit.FreeBSD.org/src/commit/?id=172a8241c9c9a7273a78ad73a32501d3a01afd28
commit 172a8241c9c9a7273a78ad73a32501d3a01afd28
Author: Kyle Evans <kevans at FreeBSD.org>
AuthorDate: 2021-03-08 01:04:24 +0000
Commit: Kyle Evans <kevans at FreeBSD.org>
CommitDate: 2021-03-09 11:16:42 +0000
ifconfig: wg: stop requiring peer endpoints
The way that wireguard is designed does not actually require all peers
to have endpoints. In an architecture that might mimic a traditional
VPN server <-> client, the wg interface on a server would have a number
of peers without set endpoints -- the expectation is that the "clients"
will connect to the "server" peer, which will authenticate the
connection as a known peer and learn the endpoint from there.
MFC after: 3 days
Discussed with: decke, grehan (independently)
---
sbin/ifconfig/ifwg.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/sbin/ifconfig/ifwg.c b/sbin/ifconfig/ifwg.c
index a2b22d2dfbef..105ee7ac31d1 100644
--- a/sbin/ifconfig/ifwg.c
+++ b/sbin/ifconfig/ifwg.c
@@ -400,8 +400,6 @@ peerfinish(int s, void *arg)
errx(1, "failed to allocate nvl_array");
if (!nvlist_exists_binary(nvl_params, "public-key"))
errx(1, "must specify a public-key for adding peer");
- if (!nvlist_exists_binary(nvl_params, "endpoint"))
- errx(1, "must specify an endpoint for adding peer");
if (allowed_ips_count == 0)
errx(1, "must specify at least one range of allowed-ips to add a peer");
More information about the dev-commits-src-main
mailing list