diff options
| author | Kyle Evans <kevans@FreeBSD.org> | 2021-03-08 01:04:24 +0000 |
|---|---|---|
| committer | Kyle Evans <kevans@FreeBSD.org> | 2021-03-09 11:16:42 +0000 |
| commit | 172a8241c9c9a7273a78ad73a32501d3a01afd28 (patch) | |
| tree | 7ec66167dae721880925162cbd581d32550b92ba | |
| parent | 1ae20f7c70ea16fa8b702e409030e170df4f5c13 (diff) | |
| download | src-172a8241c9c9a7273a78ad73a32501d3a01afd28.tar.gz src-172a8241c9c9a7273a78ad73a32501d3a01afd28.zip | |
ifconfig: wg: stop requiring peer endpoints
The way that wireguard is designed does not actually require all peers
to have endpoints. In an architecture that might mimic a traditional
VPN server <-> client, the wg interface on a server would have a number
of peers without set endpoints -- the expectation is that the "clients"
will connect to the "server" peer, which will authenticate the
connection as a known peer and learn the endpoint from there.
MFC after: 3 days
Discussed with: decke, grehan (independently)
| -rw-r--r-- | sbin/ifconfig/ifwg.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/sbin/ifconfig/ifwg.c b/sbin/ifconfig/ifwg.c index a2b22d2dfbef..105ee7ac31d1 100644 --- a/sbin/ifconfig/ifwg.c +++ b/sbin/ifconfig/ifwg.c @@ -400,8 +400,6 @@ peerfinish(int s, void *arg) errx(1, "failed to allocate nvl_array"); if (!nvlist_exists_binary(nvl_params, "public-key")) errx(1, "must specify a public-key for adding peer"); - if (!nvlist_exists_binary(nvl_params, "endpoint")) - errx(1, "must specify an endpoint for adding peer"); if (allowed_ips_count == 0) errx(1, "must specify at least one range of allowed-ips to add a peer"); |