2 files changed, 43 insertions, 24 deletions

diff --git a/Cargo.lock b/Cargo.lock
index 97aa6395c3..09f2f70f42 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -434,6 +434,7 @@ dependencies = [
  "base64 0.13.1",
  "blake2",
  "chacha20poly1305",
+ "etherparse",
  "eyre",
  "hex",
  "hmac",
@@ -1186,6 +1187,15 @@ dependencies = [
 ]
 
 [[package]]
+name = "etherparse"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "827292ea592108849932ad8e30218f8b1f21c0dfd0696698a18b5d0aed62d990"
+dependencies = [
+ "arrayvec",
+]
+
+[[package]]
 name = "event-listener"
 version = "5.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
diff --git a/talpid-wireguard/src/boringtun/mod.rs b/talpid-wireguard/src/boringtun/mod.rs
index 50b60e613b..b7a1f77b9f 100644
--- a/talpid-wireguard/src/boringtun/mod.rs
+++ b/talpid-wireguard/src/boringtun/mod.rs
@@ -12,10 +12,7 @@ use ipnetwork::IpNetwork;
 #[cfg(target_os = "android")]
 use std::os::fd::AsRawFd;
 use std::{
-    future::Future,
-    ops::Deref,
-    path::Path,
-    sync::{Arc, Mutex},
+    future::Future, net::IpAddr, ops::Deref, path::Path, sync::{Arc, Mutex}
 };
 use talpid_tunnel::tun_provider::{Tun, TunProvider};
 use talpid_tunnel_config_client::DaitaSettings;
@@ -196,30 +193,42 @@ async fn set_boringtun_config(tx: &mut ConfigTx, config: &Config) {
         set_cmd.fwmark = config.fwmark;
     }
 
-    for peer in config.peers() {
-        let mut boring_peer = Peer::builder()
-            .public_key(*peer.public_key.as_bytes())
-            .endpoint(peer.endpoint)
-            .allowed_ip(
-                peer.allowed_ips
-                    .iter()
-                    .map(|net| AllowedIP {
-                        addr: net.ip(),
-                        cidr: net.prefix(),
-                    })
-                    .collect(),
-            )
-            .build();
-
-        if let Some(psk) = &peer.psk {
-            boring_peer.preshared_key = Some(SetUnset::Set((*psk.as_bytes()).into()));
-        }
+    let mut boring_peer = Peer::builder()
+        .public_key(*config.entry_peer.public_key.as_bytes())
+        .endpoint(config.entry_peer.endpoint)
+        .allowed_ip(
+            config.entry_peer.allowed_ips
+                .iter()
+                .map(|net| AllowedIP {
+                    addr: net.ip(),
+                    cidr: net.prefix(),
+                })
+                .collect(),
+        )
+        .build();
 
-        let boring_peer = SetPeer::builder().peer(boring_peer).build();
+    if let Some(exit) = &config.exit_peer {
+        boring_peer.exit_hop = Some(
+            ExitPeer::builder()
+                .endpoint(exit.endpoint)
+                // TODO
+                .tunnel_ip(*match config.tunnel.addresses.iter().find(|addr| addr.is_ipv4()).unwrap() {
+                    IpAddr::V4(ip) => ip,
+                    _ => unimplemented!(),
+                })
+                .public_key(*exit.public_key.as_bytes())
+                .build()
+        );
+    }
 
-        set_cmd.peers.push(boring_peer);
+    if let Some(psk) = &config.entry_peer.psk {
+        boring_peer.preshared_key = Some(SetUnset::Set((*psk.as_bytes()).into()));
     }
 
+    let boring_peer = SetPeer::builder().peer(boring_peer).build();
+
+    set_cmd.peers.push(boring_peer);
+
     tx.send(set_cmd)
         .await
         .expect("Failed to configure boringtun");