git: 172a8241c9c9 - main - ifconfig: wg: stop requiring peer endpoints

[Kyle Evans]

The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=172a8241c9c9a7273a78ad73a32501d3a01afd28

commit 172a8241c9c9a7273a78ad73a32501d3a01afd28
Author:     Kyle Evans <kevans at FreeBSD.org>
AuthorDate: 2021-03-08 01:04:24 +0000
Commit:     Kyle Evans <kevans at FreeBSD.org>
CommitDate: 2021-03-09 11:16:42 +0000

    ifconfig: wg: stop requiring peer endpoints
    
    The way that wireguard is designed does not actually require all peers
    to have endpoints. In an architecture that might mimic a traditional
    VPN server <-> client, the wg interface on a server would have a number
    of peers without set endpoints -- the expectation is that the "clients"
    will connect to the "server" peer, which will authenticate the
    connection as a known peer and learn the endpoint from there.
    
    MFC after:      3 days
    Discussed with: decke, grehan (independently)
---
 sbin/ifconfig/ifwg.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/sbin/ifconfig/ifwg.c b/sbin/ifconfig/ifwg.c
index a2b22d2dfbef..105ee7ac31d1 100644
--- a/sbin/ifconfig/ifwg.c
+++ b/sbin/ifconfig/ifwg.c
@@ -400,8 +400,6 @@ peerfinish(int s, void *arg)
 		errx(1, "failed to allocate nvl_array");
 	if (!nvlist_exists_binary(nvl_params, "public-key"))
 		errx(1, "must specify a public-key for adding peer");
-	if (!nvlist_exists_binary(nvl_params, "endpoint"))
-		errx(1, "must specify an endpoint for adding peer");
 	if (allowed_ips_count == 0)
 		errx(1, "must specify at least one range of allowed-ips to add a peer");