diff options
author | Thomas Haller <thaller@redhat.com> | 2019-03-01 09:02:20 +0100 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2019-03-07 22:22:39 +0100 |
commit | 7864bb84eeed1b7f1c7e02acdf6a8daeec76b84c (patch) | |
tree | f41d30de1bd38c88c1c6f17068eb3a55480bb7b2 /src/devices/nm-device-wireguard.c | |
parent | bf365e9762dfcb2cd0f9f557b19c8cf541854de1 (diff) | |
download | NetworkManager-7864bb84eeed1b7f1c7e02acdf6a8daeec76b84c.tar.gz |
wireguard: update TODO list for WireGuard devices
(cherry picked from commit 3990c92fbf4789d8de2264b39f9d1b690f5dd4d5)
Diffstat (limited to 'src/devices/nm-device-wireguard.c')
-rw-r--r-- | src/devices/nm-device-wireguard.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/devices/nm-device-wireguard.c b/src/devices/nm-device-wireguard.c index ab30cd3174..0fc12817df 100644 --- a/src/devices/nm-device-wireguard.c +++ b/src/devices/nm-device-wireguard.c @@ -37,9 +37,6 @@ _LOG_DECLARE_SELF(NMDeviceWireGuard); /*****************************************************************************/ -/* TODO: ensure externally-managed works. Both after start of NM and - * when adding a wg link with NM running. */ - /* TODO: activate profile with peer preshared-key-flags=2. On first activation, the secret is * requested (good). Enter it and connect. Reactivate the profile, now there is no password * prompt, as the secret is cached (good??). */ @@ -47,7 +44,15 @@ _LOG_DECLARE_SELF(NMDeviceWireGuard); /* TODO: unlike for other VPNs, we don't inject a direct route to the peers. That means, * you might get a routing sceneraio where the peer (VPN server) is reachable via the VPN. * How we handle adding routes to external gateway for other peers, has severe issues -* as well. I think the only solution is https://www.wireguard.com/netns/#improving-the-classic-solutions */ + * as well. We may use policy-routing like wg-quick does. See also disussions at + * https://www.wireguard.com/netns/#improving-the-classic-solutions */ + +/* TODO: honor the TTL of DNS to determine when to retry resolving endpoints. */ + +/* TODO: when we get multiple IP addresses when resolving a peer endpoint. We currently + * just take the first from GAI. We should only accept AAAA/IPv6 if we also have a suitable + * IPv6 address. The problem is, that we have to recheck that when IP addressing on other + * interfaces changes. This makes it almost too cumbersome to implement. */ /*****************************************************************************/ |