diff options
author | Alexander Chernavin <achernavin@netgate.com> | 2022-09-01 13:42:56 +0000 |
---|---|---|
committer | Matthew Smith <mgsmith@netgate.com> | 2022-09-27 16:15:54 +0000 |
commit | 31ce1a63c07a079c4d06a80a0e51d3ee0154d796 (patch) | |
tree | 6dad408bcb393a8b8660046c9f14faba7fee4344 /test/test_ipsec_tun_if_esp.py | |
parent | 05554c6e98f5bd088543f7b33aabc9b215d55cd0 (diff) |
wireguard: stop sending handshakes when wg intf is down
Type: fix
Currently, when a wg interface is administratively disabled initially or
during operation, handshake packets continue to be sent. Data packets
stop being sent because routes pointing to the wg interface will not be
used. But data keys remain.
With this fix, when a wg interface is administratively disabled during
peer creation, avoid connection initialization to the peer. Data keys
and timers should be empty at this point. When a wg interface is
disabled during operation, disable all peers (i.e. stop all timers,
clear data keys, etc.). Thus, state should be identical in both cases.
When a wg interface is administratively enabled, enable all peers (i.e.
get ready to exchange data packets and initiate a connection). Also,
cover these scenarios with tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ie9a620077e55d519d21b0abc8c0d3c87b378bca3
Diffstat (limited to 'test/test_ipsec_tun_if_esp.py')
0 files changed, 0 insertions, 0 deletions