diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-10-30 15:17:04 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-10-30 15:17:04 +0100 |
commit | 720e88a0c811dab462cabb803517439971c166fd (patch) | |
tree | 78de8ad80f0ffdc41a93f07ebea0d0ff6dd1d74a /smoketest/scripts/cli | |
parent | d5dfdb5bac8da6ac6ad745547a642ae8a69ab3b7 (diff) | |
download | vyos-1x-720e88a0c811dab462cabb803517439971c166fd.tar.gz vyos-1x-720e88a0c811dab462cabb803517439971c166fd.zip |
smoketest: openvpn: test site2site mode verify() steps
Diffstat (limited to 'smoketest/scripts/cli')
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_openvpn.py | 46 |
1 files changed, 44 insertions, 2 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_openvpn.py b/smoketest/scripts/cli/test_interfaces_openvpn.py index 7d1581bf0..99f44e76d 100755 --- a/smoketest/scripts/cli/test_interfaces_openvpn.py +++ b/smoketest/scripts/cli/test_interfaces_openvpn.py @@ -54,12 +54,12 @@ def get_vrf(interface): class TestInterfacesOpenVPN(unittest.TestCase): def setUp(self): self.session = ConfigSession(os.getpid()) - self.session.set(['interfaces', 'dummy', 'dum1328', 'address', '192.0.2.1/24']) + self.session.set(['interfaces', 'dummy', 'dum1301', 'address', '192.0.2.1/32']) self.session.set(['vrf', 'name', vrf_name, 'table', '12345']) def tearDown(self): self.session.delete(base_path) - self.session.delete(['interfaces', 'dummy', 'dum1328']) + self.session.delete(['interfaces', 'dummy', 'dum1301']) self.session.delete(['vrf', 'name', vrf_name]) self.session.commit() del self.session @@ -255,6 +255,48 @@ class TestInterfacesOpenVPN(unittest.TestCase): interface = f'vtun{ii}' self.assertNotIn(interface, interfaces()) + def test_site2site_verify(self): + """ Create one OpenVPN site2site interface and check required verify() stages """ + interface = 'vtun5000' + path = base_path + [interface] + + self.session.set(path + ['mode', 'site-to-site']) + + # check validate() - encryption ncp-ciphers cannot be specified in site-to-site mode + self.session.set(path + ['encryption', 'ncp-ciphers', 'aes192gcm']) + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.delete(path + ['encryption']) + + # check validate() - must specify "local-address" or add interface to bridge + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.set(path + ['local-address', '10.0.0.1']) + + # check validate() - cannot specify more than 1 IPv4 local-address + self.session.set(path + ['local-address', '10.0.0.2']) + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.delete(path + ['local-address', '10.0.0.2']) + + # check validate() - IPv4 "local-address" requires IPv4 "remote-address" + # or IPv4 "local-address subnet" + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.set(path + ['remote-address', '192.168.0.1']) + + # check validate() - Cannot specify more than 1 IPv4 "remote-address" + self.session.set(path + ['remote-address', '192.168.0.2']) + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.delete(path + ['remote-address', '192.168.0.2']) + + # check validate() - Must specify one of "shared-secret-key-file" and "tls" + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.set(path + ['shared-secret-key-file', s2s_key]) + + self.session.commit() def test_site2site_interfaces(self): """ Create two OpenVPN site-to-site interfaces """ |