diff options
author | khramshinr <khramshinr@gmail.com> | 2024-02-06 17:35:27 +0700 |
---|---|---|
committer | khramshinr <khramshinr@gmail.com> | 2024-02-06 17:36:38 +0700 |
commit | e697ed1e7fd5c33f8082b2f4f96c42fc822ec9a5 (patch) | |
tree | d3942ebffdefcdbe656c577c4bd47c94ddeff85a | |
parent | da465d26b524fb26e0e9085e80a3ccaa6435eaa9 (diff) | |
download | vyos-1x-e697ed1e7fd5c33f8082b2f4f96c42fc822ec9a5.tar.gz vyos-1x-e697ed1e7fd5c33f8082b2f4f96c42fc822ec9a5.zip |
vpn: T3843: l2tp configuration not cleared after delete
vpn: T5926: IPSEC does not apply after l2tp configuration was changed
added dependency between l2tp and ipsec conf
added test for apply config to swanctl
-rw-r--r-- | data/config-mode-dependencies/vyos-1x.json | 3 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_vpn_l2tp.py | 41 | ||||
-rwxr-xr-x | src/conf_mode/vpn_l2tp.py | 10 |
3 files changed, 51 insertions, 3 deletions
diff --git a/data/config-mode-dependencies/vyos-1x.json b/data/config-mode-dependencies/vyos-1x.json index 4fd94d895..b62603e34 100644 --- a/data/config-mode-dependencies/vyos-1x.json +++ b/data/config-mode-dependencies/vyos-1x.json @@ -29,6 +29,9 @@ "openconnect": ["vpn_openconnect"], "sstp": ["vpn_sstp"] }, + "vpn_l2tp": { + "ipsec": ["vpn_ipsec"] + }, "qos": { "bonding": ["interfaces_bonding"], "bridge": ["interfaces_bridge"], diff --git a/smoketest/scripts/cli/test_vpn_l2tp.py b/smoketest/scripts/cli/test_vpn_l2tp.py index 3d9d94f52..e253f0e49 100755 --- a/smoketest/scripts/cli/test_vpn_l2tp.py +++ b/smoketest/scripts/cli/test_vpn_l2tp.py @@ -54,6 +54,47 @@ class TestVPNL2TPServer(BasicAccelPPPTest.TestCase): self.assertEqual(conf['modules']['auth_mschap_v2'], None) + def test_vpn_l2tp_dependence_ipsec_swanctl(self): + # Test config vpn for tasks T3843 and T5926 + + base_path = ['vpn', 'l2tp', 'remote-access'] + # make precondition + self.cli_set(['interfaces', 'dummy', 'dum0', 'address', '203.0.113.1/32']) + self.cli_set(['vpn', 'ipsec', 'interface', 'dum0']) + + self.cli_commit() + # check ipsec apply to swanctl + self.assertEqual('', cmd('echo vyos | sudo -S swanctl -L ')) + + self.cli_set(base_path + ['authentication', 'local-users', 'username', 'foo', 'password', 'bar']) + self.cli_set(base_path + ['authentication', 'mode', 'local']) + self.cli_set(base_path + ['authentication', 'protocols', 'chap']) + self.cli_set(base_path + ['client-ip-pool', 'first', 'range', '10.200.100.100-10.200.100.110']) + self.cli_set(base_path + ['description', 'VPN - REMOTE']) + self.cli_set(base_path + ['name-server', '1.1.1.1']) + self.cli_set(base_path + ['ipsec-settings', 'authentication', 'mode', 'pre-shared-secret']) + self.cli_set(base_path + ['ipsec-settings', 'authentication', 'pre-shared-secret', 'SeCret']) + self.cli_set(base_path + ['ipsec-settings', 'ike-lifetime', '8600']) + self.cli_set(base_path + ['ipsec-settings', 'lifetime', '3600']) + self.cli_set(base_path + ['outside-address', '203.0.113.1']) + self.cli_set(base_path + ['gateway-address', '203.0.113.1']) + + self.cli_commit() + + # check l2tp apply to swanctl + self.assertTrue('l2tp_remote_access:' in cmd('echo vyos | sudo -S swanctl -L ')) + + self.cli_delete(['vpn', 'l2tp']) + self.cli_commit() + + # check l2tp apply to swanctl after delete config + self.assertEqual('', cmd('echo vyos | sudo -S swanctl -L ')) + + # need to correct tearDown test + self.basic_config() + self.cli_set(base_path + ['authentication', 'protocols', 'chap']) + self.cli_commit() + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py index 36b3d2a30..4ca717814 100755 --- a/src/conf_mode/vpn_l2tp.py +++ b/src/conf_mode/vpn_l2tp.py @@ -19,6 +19,7 @@ import os from sys import exit from vyos.config import Config +from vyos.configdep import call_dependents, set_dependents from vyos.configdict import get_accel_dict from vyos.template import render from vyos.utils.process import call @@ -42,6 +43,9 @@ def get_config(config=None): else: conf = Config() base = ['vpn', 'l2tp', 'remote-access'] + + set_dependents('ipsec', conf) + if not conf.exists(base): return None @@ -94,10 +98,10 @@ def apply(l2tp): for file in [l2tp_chap_secrets, l2tp_conf]: if os.path.exists(file): os.unlink(file) + else: + call('systemctl restart accel-ppp@l2tp.service') - return None - - call('systemctl restart accel-ppp@l2tp.service') + call_dependents() if __name__ == '__main__': |