summaryrefslogtreecommitdiff
path: root/smoketest/scripts
diff options
context:
space:
mode:
authorfett0 <fernando.gmaidana@gmail.com>2024-07-31 18:21:25 +0000
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-09-09 11:42:36 +0000
commit62f5bc773ac01b25a874fea3a16b492c9659c26d (patch)
treeba859762e832197ebd1f49ec961f04d609a3e717 /smoketest/scripts
parentb2afa78d6f006e753be1fa07a640d14fe94a0b8f (diff)
downloadvyos-1x-62f5bc773ac01b25a874fea3a16b492c9659c26d.tar.gz
vyos-1x-62f5bc773ac01b25a874fea3a16b492c9659c26d.zip
OPENVPN: T6555: add server-bridge options in mode server
(cherry picked from commit 4acad3eb8d9be173b76fecafc32b0c70eae9b192)
Diffstat (limited to 'smoketest/scripts')
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_openvpn.py55
1 files changed, 55 insertions, 0 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_openvpn.py b/smoketest/scripts/cli/test_interfaces_openvpn.py
index f88d2254f..14c302960 100755
--- a/smoketest/scripts/cli/test_interfaces_openvpn.py
+++ b/smoketest/scripts/cli/test_interfaces_openvpn.py
@@ -611,5 +611,60 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
self.assertNotIn(interface, interfaces())
+ def test_openvpn_server_server_bridge(self):
+ # Create OpenVPN server interface using server-bridge.
+ # Validate configuration afterwards.
+ br_if = 'br0'
+ vtun_if = 'vtun5010'
+ auth_hash = 'sha256'
+ path = base_path + [vtun_if]
+ start_subnet = "192.168.0.100"
+ stop_subnet = "192.168.0.200"
+ mask_subnet = "255.255.255.0"
+ gw_subnet = "192.168.0.1"
+
+ self.cli_set(['interfaces', 'bridge', br_if, 'member', 'interface', vtun_if])
+ self.cli_set(path + ['device-type', 'tap'])
+ self.cli_set(path + ['encryption', 'data-ciphers', 'aes192'])
+ self.cli_set(path + ['hash', auth_hash])
+ self.cli_set(path + ['mode', 'server'])
+ self.cli_set(path + ['server', 'server-bridge', 'gateway', gw_subnet])
+ self.cli_set(path + ['server', 'server-bridge', 'start', start_subnet])
+ self.cli_set(path + ['server', 'server-bridge', 'stop', stop_subnet])
+ self.cli_set(path + ['server', 'server-bridge', 'subnet-mask', mask_subnet])
+ self.cli_set(path + ['keep-alive', 'failure-count', '5'])
+ self.cli_set(path + ['keep-alive', 'interval', '5'])
+ self.cli_set(path + ['tls', 'ca-certificate', 'ovpn_test'])
+ self.cli_set(path + ['tls', 'certificate', 'ovpn_test'])
+ self.cli_set(path + ['tls', 'dh-params', 'ovpn_test'])
+
+ self.cli_commit()
+
+
+
+ config_file = f'/run/openvpn/{vtun_if}.conf'
+ config = read_file(config_file)
+ self.assertIn(f'dev {vtun_if}', config)
+ self.assertIn(f'dev-type tap', config)
+ self.assertIn(f'proto udp', config) # default protocol
+ self.assertIn(f'auth {auth_hash}', config)
+ self.assertIn(f'data-ciphers AES-192-CBC', config)
+ self.assertIn(f'mode server', config)
+ self.assertIn(f'server-bridge {gw_subnet} {mask_subnet} {start_subnet} {stop_subnet}', config)
+ elf.assertIn(f'keepalive 5 25', config)
+
+
+
+ # TLS options
+ self.assertIn(f'ca /run/openvpn/{vtun_if}_ca.pem', config)
+ self.assertIn(f'cert /run/openvpn/{vtun_if}_cert.pem', config)
+ self.assertIn(f'key /run/openvpn/{vtun_if}_cert.key', config)
+ self.assertIn(f'dh /run/openvpn/{vtun_if}_dh.pem', config)
+
+ # check that no interface remained after deleting them
+ self.cli_delete((['interfaces', 'bridge', br_if, 'member', 'interface', vtun_if])
+ self.cli_delete(base_path)
+ self.cli_commit()
+
if __name__ == '__main__':
unittest.main(verbosity=2)