I noticed that after creating a wireguard config, and connecting a peer to my vyos, then disabling the peer from the configuration. does not disconnect that peer.
in fact, I tried to disable the whole wg interface and re-enabling it (I was thinking it will resync the configuration to disable the peer, and it did cause disconnection of the peer while the interface is disabled) however, once it is enabled back, the disabled peer also connected back no issue.
this means that the disable parameter in peers of wireguard interface basically doesn’t do anything. which I think is very high security risk.
FYI I’m running a nightly build:
Any feedback on the issue is appreciated