diff options
author | Thomas Haller <thaller@redhat.com> | 2019-03-01 09:02:20 +0100 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2019-03-07 10:22:44 +0100 |
commit | 61bb0822020c4218843e9526239e50c15b4c945a (patch) | |
tree | d0374a50d6c433eee8f8470d7dc078547d6d8560 | |
parent | 988eddac98280cd562feecd98d397fffbac3f076 (diff) | |
download | NetworkManager-61bb0822020c4218843e9526239e50c15b4c945a.tar.gz |
wireguard: update TODO list for WireGuard devicesth/wireguard-import
-rw-r--r-- | src/devices/nm-device-wireguard.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/devices/nm-device-wireguard.c b/src/devices/nm-device-wireguard.c index ab30cd3174..0fc12817df 100644 --- a/src/devices/nm-device-wireguard.c +++ b/src/devices/nm-device-wireguard.c @@ -37,9 +37,6 @@ _LOG_DECLARE_SELF(NMDeviceWireGuard); /*****************************************************************************/ -/* TODO: ensure externally-managed works. Both after start of NM and - * when adding a wg link with NM running. */ - /* TODO: activate profile with peer preshared-key-flags=2. On first activation, the secret is * requested (good). Enter it and connect. Reactivate the profile, now there is no password * prompt, as the secret is cached (good??). */ @@ -47,7 +44,15 @@ _LOG_DECLARE_SELF(NMDeviceWireGuard); /* TODO: unlike for other VPNs, we don't inject a direct route to the peers. That means, * you might get a routing sceneraio where the peer (VPN server) is reachable via the VPN. * How we handle adding routes to external gateway for other peers, has severe issues -* as well. I think the only solution is https://www.wireguard.com/netns/#improving-the-classic-solutions */ + * as well. We may use policy-routing like wg-quick does. See also disussions at + * https://www.wireguard.com/netns/#improving-the-classic-solutions */ + +/* TODO: honor the TTL of DNS to determine when to retry resolving endpoints. */ + +/* TODO: when we get multiple IP addresses when resolving a peer endpoint. We currently + * just take the first from GAI. We should only accept AAAA/IPv6 if we also have a suitable + * IPv6 address. The problem is, that we have to recheck that when IP addressing on other + * interfaces changes. This makes it almost too cumbersome to implement. */ /*****************************************************************************/ |