From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 3139B1FF141 for ; Fri, 13 Feb 2026 15:36:28 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C02CE7096; Fri, 13 Feb 2026 15:37:02 +0100 (CET) From: Christoph Heiss To: pve-devel@lists.proxmox.com Subject: [PATCH proxmox v2 8/8] wireguard: make per-peer preshared key optional Date: Fri, 13 Feb 2026 15:36:01 +0100 Message-ID: <20260213143601.1424613-9-c.heiss@proxmox.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260213143601.1424613-1-c.heiss@proxmox.com> References: <20260213143601.1424613-1-c.heiss@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1770993399496 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.051 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record WEIRD_PORT 0.001 Uses non-standard port number for HTTP Message-ID-Hash: 5PXANTYENOHG2UBTH6NCVZUEIO4KZ6IJ X-Message-ID-Hash: 5PXANTYENOHG2UBTH6NCVZUEIO4KZ6IJ X-MailFrom: c.heiss@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Stefan Hanreich Authored-by: Stefan Hanreich Signed-off-by: Christoph Heiss --- Changes v1 -> v2: * no changes proxmox-wireguard/src/lib.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/proxmox-wireguard/src/lib.rs b/proxmox-wireguard/src/lib.rs index facdeb99..7ff25357 100644 --- a/proxmox-wireguard/src/lib.rs +++ b/proxmox-wireguard/src/lib.rs @@ -159,7 +159,7 @@ pub struct WireGuardPeer { /// Additional key preshared between two peers. Adds an additional layer of symmetric-key /// cryptography to be mixed into the already existing public-key cryptography, for /// post-quantum resistance. - pub preshared_key: PresharedKey, + pub preshared_key: Option, /// List of IPv4/v6 CIDRs from which incoming traffic for this peer is allowed and to which /// outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for /// matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses. @@ -257,7 +257,7 @@ mod tests { }, peers: vec![WireGuardPeer { public_key: mock_private_key(1).public_key(), - preshared_key: mock_preshared_key(1), + preshared_key: Some(mock_preshared_key(1)), allowed_ips: vec![Cidr::new_v4(Ipv4Addr::new(192, 168, 0, 0), 24).unwrap()], endpoint: Some("foo.example.com:51820".parse().unwrap()), persistent_keepalive: Some(25), @@ -292,21 +292,21 @@ PersistentKeepalive = 25 peers: vec![ WireGuardPeer { public_key: mock_private_key(1).public_key(), - preshared_key: mock_preshared_key(1), + preshared_key: Some(mock_preshared_key(1)), allowed_ips: vec![Cidr::new_v4(Ipv4Addr::new(192, 168, 0, 0), 24).unwrap()], endpoint: Some("foo.example.com:51820".parse().unwrap()), persistent_keepalive: None, }, WireGuardPeer { public_key: mock_private_key(2).public_key(), - preshared_key: mock_preshared_key(2), + preshared_key: Some(mock_preshared_key(2)), allowed_ips: vec![Cidr::new_v4(Ipv4Addr::new(192, 168, 1, 0), 24).unwrap()], endpoint: None, persistent_keepalive: Some(25), }, WireGuardPeer { public_key: mock_private_key(3).public_key(), - preshared_key: mock_preshared_key(3), + preshared_key: Some(mock_preshared_key(3)), allowed_ips: vec![Cidr::new_v4(Ipv4Addr::new(192, 168, 2, 0), 24).unwrap()], endpoint: None, persistent_keepalive: None, -- 2.52.0