aboutsummaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authorKyle Evans <kevans@FreeBSD.org>2021-03-08 01:04:24 +0000
committerKyle Evans <kevans@FreeBSD.org>2021-03-09 11:16:42 +0000
commit172a8241c9c9a7273a78ad73a32501d3a01afd28 (patch)
tree7ec66167dae721880925162cbd581d32550b92ba /sbin
parent1ae20f7c70ea16fa8b702e409030e170df4f5c13 (diff)
downloadsrc-172a8241c9c9a7273a78ad73a32501d3a01afd28.tar.gz
src-172a8241c9c9a7273a78ad73a32501d3a01afd28.zip
ifconfig: wg: stop requiring peer endpoints
The way that wireguard is designed does not actually require all peers to have endpoints. In an architecture that might mimic a traditional VPN server <-> client, the wg interface on a server would have a number of peers without set endpoints -- the expectation is that the "clients" will connect to the "server" peer, which will authenticate the connection as a known peer and learn the endpoint from there. MFC after: 3 days Discussed with: decke, grehan (independently)
Diffstat (limited to 'sbin')
-rw-r--r--sbin/ifconfig/ifwg.c2
1 files changed, 0 insertions, 2 deletions
diff --git a/sbin/ifconfig/ifwg.c b/sbin/ifconfig/ifwg.c
index a2b22d2dfbef..105ee7ac31d1 100644
--- a/sbin/ifconfig/ifwg.c
+++ b/sbin/ifconfig/ifwg.c
@@ -400,8 +400,6 @@ peerfinish(int s, void *arg)
errx(1, "failed to allocate nvl_array");
if (!nvlist_exists_binary(nvl_params, "public-key"))
errx(1, "must specify a public-key for adding peer");
- if (!nvlist_exists_binary(nvl_params, "endpoint"))
- errx(1, "must specify an endpoint for adding peer");
if (allowed_ips_count == 0)
errx(1, "must specify at least one range of allowed-ips to add a peer");