summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli
diff options
context:
space:
mode:
Diffstat (limited to 'smoketest/scripts/cli')
-rw-r--r--smoketest/scripts/cli/base_accel_ppp_test.py177
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_bridge.py37
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_macsec.py2
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_wireguard.py38
-rwxr-xr-xsmoketest/scripts/cli/test_nat.py3
-rwxr-xr-xsmoketest/scripts/cli/test_service_pppoe-server.py220
-rwxr-xr-xsmoketest/scripts/cli/test_system_ntp.py8
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_sstp.py63
8 files changed, 457 insertions, 91 deletions
diff --git a/smoketest/scripts/cli/base_accel_ppp_test.py b/smoketest/scripts/cli/base_accel_ppp_test.py
new file mode 100644
index 000000000..cf401b0d8
--- /dev/null
+++ b/smoketest/scripts/cli/base_accel_ppp_test.py
@@ -0,0 +1,177 @@
+# Copyright (C) 2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import re
+import unittest
+
+from configparser import ConfigParser
+
+from vyos.configsession import ConfigSession
+from vyos.configsession import ConfigSessionError
+from vyos.util import cmd
+from vyos.util import get_half_cpus
+from vyos.util import process_named_running
+from vyos.validate import is_ipv4
+
+class BasicAccelPPPTest:
+ class BaseTest(unittest.TestCase):
+
+ def setUp(self):
+ self.session = ConfigSession(os.getpid())
+ self._gateway = '192.0.2.1'
+
+ # ensure we can also run this test on a live system - so lets clean
+ # out the current configuration :)
+ self.session.delete(self._base_path)
+
+ def tearDown(self):
+ self.session.delete(self._base_path)
+ self.session.commit()
+ del self.session
+
+ def set(self, path):
+ self.session.set(self._base_path + path)
+
+ def basic_config(self):
+ # PPPoE local auth mode requires local users to be configured!
+ self.set(['authentication', 'local-users', 'username', 'vyos', 'password', 'vyos'])
+ self.set(['authentication', 'mode', 'local'])
+ self.set(['gateway-address', self._gateway])
+
+ def verify(self, conf):
+ self.assertEqual(conf['core']['thread-count'], str(get_half_cpus()))
+
+ def test_name_servers(self):
+ """ Verify proper Name-Server configuration for IPv4 and IPv6 """
+ self.basic_config()
+
+ nameserver = ['192.0.2.1', '192.0.2.2', '2001:db8::1']
+ for ns in nameserver:
+ self.set(['name-server', ns])
+
+ # commit changes
+ self.session.commit()
+
+ # Validate configuration values
+ conf = ConfigParser(allow_no_value=True, delimiters='=')
+ conf.read(self._config_file)
+
+ # IPv4 and IPv6 nameservers must be checked individually
+ for ns in nameserver:
+ if is_ipv4(ns):
+ self.assertIn(ns, [conf['dns']['dns1'], conf['dns']['dns2']])
+ else:
+ self.assertEqual(conf['ipv6-dns'][ns], None)
+
+ def test_authentication_local(self):
+ """ Test configuration of local authentication """
+ self.basic_config()
+
+ # upload / download limit
+ user = 'test'
+ password = 'test2'
+ static_ip = '100.100.100.101'
+ upload = '5000'
+ download = '10000'
+
+ self.set(['authentication', 'local-users', 'username', user, 'password', password])
+ self.set(['authentication', 'local-users', 'username', user, 'static-ip', static_ip])
+ self.set(['authentication', 'local-users', 'username', user, 'rate-limit', 'upload', upload])
+
+ # upload rate-limit requires also download rate-limit
+ with self.assertRaises(ConfigSessionError):
+ self.session.commit()
+ self.set(['authentication', 'local-users', 'username', user, 'rate-limit', 'download', download])
+
+ # commit changes
+ self.session.commit()
+
+ # Validate configuration values
+ conf = ConfigParser(allow_no_value=True, delimiters='=')
+ conf.read(self._config_file)
+
+ # check proper path to chap-secrets file
+ self.assertEqual(conf['chap-secrets']['chap-secrets'], self._chap_secrets)
+
+ # basic verification
+ self.verify(conf)
+
+ # check local users
+ tmp = cmd(f'sudo cat {self._chap_secrets}')
+ regex = f'{user}\s+\*\s+{password}\s+{static_ip}\s+{download}/{upload}'
+ tmp = re.findall(regex, tmp)
+ self.assertTrue(tmp)
+
+ # Check for running process
+ self.assertTrue(process_named_running(self._process_name))
+
+ def test_authentication_radius(self):
+ """ Test configuration of RADIUS authentication for PPPoE server """
+ self.basic_config()
+
+ radius_server = '192.0.2.22'
+ radius_key = 'secretVyOS'
+ radius_port = '2000'
+ radius_port_acc = '3000'
+
+ self.set(['authentication', 'mode', 'radius'])
+ self.set(['authentication', 'radius', 'server', radius_server, 'key', radius_key])
+ self.set(['authentication', 'radius', 'server', radius_server, 'port', radius_port])
+ self.set(['authentication', 'radius', 'server', radius_server, 'acct-port', radius_port_acc])
+
+ coa_server = '4.4.4.4'
+ coa_key = 'testCoA'
+ self.set(['authentication', 'radius', 'dynamic-author', 'server', coa_server])
+ self.set(['authentication', 'radius', 'dynamic-author', 'key', coa_key])
+
+ nas_id = 'VyOS-PPPoE'
+ nas_ip = '7.7.7.7'
+ self.set(['authentication', 'radius', 'nas-identifier', nas_id])
+ self.set(['authentication', 'radius', 'nas-ip-address', nas_ip])
+
+ source_address = '1.2.3.4'
+ self.set(['authentication', 'radius', 'source-address', source_address])
+
+ # commit changes
+ self.session.commit()
+
+ # Validate configuration values
+ conf = ConfigParser(allow_no_value=True, delimiters='=')
+ conf.read(self._config_file)
+
+ # basic verification
+ self.verify(conf)
+
+ # check auth
+ self.assertTrue(conf['radius'].getboolean('verbose'))
+ self.assertEqual(conf['radius']['acct-timeout'], '3')
+ self.assertEqual(conf['radius']['timeout'], '3')
+ self.assertEqual(conf['radius']['max-try'], '3')
+
+ self.assertEqual(conf['radius']['dae-server'], f'{coa_server}:1700,{coa_key}')
+ self.assertEqual(conf['radius']['nas-identifier'], nas_id)
+ self.assertEqual(conf['radius']['nas-ip-address'], nas_ip)
+ self.assertEqual(conf['radius']['bind'], source_address)
+
+ server = conf['radius']['server'].split(',')
+ self.assertEqual(radius_server, server[0])
+ self.assertEqual(radius_key, server[1])
+ self.assertEqual(f'auth-port={radius_port}', server[2])
+ self.assertEqual(f'acct-port={radius_port_acc}', server[3])
+ self.assertEqual(f'req-limit=0', server[4])
+ self.assertEqual(f'fail-time=0', server[5])
+
+ # Check for running process
+ self.assertTrue(process_named_running(self._process_name))
diff --git a/smoketest/scripts/cli/test_interfaces_bridge.py b/smoketest/scripts/cli/test_interfaces_bridge.py
index bc0bb69c6..a1359680b 100755
--- a/smoketest/scripts/cli/test_interfaces_bridge.py
+++ b/smoketest/scripts/cli/test_interfaces_bridge.py
@@ -18,6 +18,8 @@ import os
import unittest
from base_interfaces_test import BasicInterfaceTest
+from glob import glob
+from netifaces import interfaces
from vyos.ifconfig import Section
class BridgeInterfaceTest(BasicInterfaceTest.BaseTest):
@@ -44,6 +46,7 @@ class BridgeInterfaceTest(BasicInterfaceTest.BaseTest):
self._options['br0'].append(f'member interface {member}')
def test_add_remove_member(self):
+ """ Add member interfaces to bridge and set STP cost/priority """
for interface in self._interfaces:
base = self._base_path + [interface]
self.session.set(base + ['stp'])
@@ -59,12 +62,46 @@ class BridgeInterfaceTest(BasicInterfaceTest.BaseTest):
cost += 1
priority += 1
+ # commit config
self.session.commit()
+ # check member interfaces are added on the bridge
+ bridge_members = []
+ for tmp in glob(f'/sys/class/net/{interface}/lower_*'):
+ bridge_members.append(os.path.basename(tmp).replace('lower_', ''))
+
+ for member in self._members:
+ self.assertIn(member, bridge_members)
+
+ # delete all members
for interface in self._interfaces:
self.session.delete(self._base_path + [interface, 'member'])
self.session.commit()
+ def test_vlan_members(self):
+ """ T2945: ensure that VIFs are not dropped from bridge """
+
+ self.session.set(['interfaces', 'ethernet', 'eth0', 'vif', '300'])
+ self.session.set(['interfaces', 'bridge', 'br0', 'member', 'interface', 'eth0.300'])
+ self.session.commit()
+
+ # member interface must be assigned to the bridge
+ self.assertTrue(os.path.exists('/sys/class/net/br0/lower_eth0.300'))
+
+ # add second bridge member
+ self.session.set(['interfaces', 'ethernet', 'eth0', 'vif', '400'])
+ self.session.commit()
+
+ # member interface must still be assigned to the bridge
+ self.assertTrue(os.path.exists('/sys/class/net/br0/lower_eth0.300'))
+
+ # remove VLAN interfaces
+ self.session.delete(['interfaces', 'ethernet', 'eth0', 'vif', '300'])
+ self.session.delete(['interfaces', 'ethernet', 'eth0', 'vif', '400'])
+ self.session.commit()
+
+
if __name__ == '__main__':
unittest.main()
+
diff --git a/smoketest/scripts/cli/test_interfaces_macsec.py b/smoketest/scripts/cli/test_interfaces_macsec.py
index 6d1be86ba..177d2b946 100755
--- a/smoketest/scripts/cli/test_interfaces_macsec.py
+++ b/smoketest/scripts/cli/test_interfaces_macsec.py
@@ -105,7 +105,7 @@ class MACsecInterfaceTest(BasicInterfaceTest.BaseTest):
# Check for running process
self.assertTrue(process_named_running('wpa_supplicant'))
- def test_mandatory_toptions(self):
+ def test_mandatory_options(self):
interface = 'macsec1'
self.session.set(self._base_path + [interface])
diff --git a/smoketest/scripts/cli/test_interfaces_wireguard.py b/smoketest/scripts/cli/test_interfaces_wireguard.py
index 0c32a4696..726405780 100755
--- a/smoketest/scripts/cli/test_interfaces_wireguard.py
+++ b/smoketest/scripts/cli/test_interfaces_wireguard.py
@@ -38,10 +38,8 @@ class WireGuardInterfaceTest(unittest.TestCase):
self.session.commit()
del self.session
- def test_peer_setup(self):
- """
- Create WireGuard interfaces with associated peers
- """
+ def test_peer(self):
+ """ Create WireGuard interfaces with associated peers """
for intf in self._interfaces:
peer = 'foo-' + intf
psk = 'u2xdA70hkz0S1CG0dZlOh0aq2orwFXRIVrKo4DCvHgM='
@@ -64,5 +62,37 @@ class WireGuardInterfaceTest(unittest.TestCase):
self.assertTrue(os.path.isdir(f'/sys/class/net/{intf}'))
+
+ def test_add_remove_peer(self):
+ """ Create WireGuard interfaces with associated peers. Remove one of
+ the configured peers. Bug reported as T2939 """
+ interface = 'wg0'
+ port = '12345'
+ pubkey_1 = 'n1CUsmR0M2LUUsyicBd6blZICwUqqWWHbu4ifZ2/9gk='
+ pubkey_2 = 'ebFx/1G0ti8tvuZd94sEIosAZZIznX+dBAKG/8DFm0I='
+
+ self.session.set(base_path + [interface, 'address', '172.16.0.1/24'])
+
+ self.session.set(base_path + [interface, 'peer', 'PEER01', 'pubkey', pubkey_1])
+ self.session.set(base_path + [interface, 'peer', 'PEER01', 'port', port])
+ self.session.set(base_path + [interface, 'peer', 'PEER01', 'allowed-ips', '10.205.212.10/32'])
+ self.session.set(base_path + [interface, 'peer', 'PEER01', 'address', '192.0.2.1'])
+
+ self.session.set(base_path + [interface, 'peer', 'PEER02', 'pubkey', pubkey_2])
+ self.session.set(base_path + [interface, 'peer', 'PEER02', 'port', port])
+ self.session.set(base_path + [interface, 'peer', 'PEER02', 'allowed-ips', '10.205.212.11/32'])
+ self.session.set(base_path + [interface, 'peer', 'PEER02', 'address', '192.0.2.2'])
+
+ # Commit peers
+ self.session.commit()
+
+ self.assertTrue(os.path.isdir(f'/sys/class/net/{interface}'))
+
+ # Delete second peer
+ self.session.delete(base_path + [interface, 'peer', 'PEER01'])
+ self.session.commit()
+
+
+
if __name__ == '__main__':
unittest.main()
diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py
index b06fa239d..5c7c66840 100755
--- a/smoketest/scripts/cli/test_nat.py
+++ b/smoketest/scripts/cli/test_nat.py
@@ -56,11 +56,10 @@ class TestNAT(unittest.TestCase):
nftable_json = json.loads(tmp)
condensed_json = jmespath.search(snat_pattern, nftable_json)[0]
- self.assertEqual(condensed_json['comment'], 'DST-NAT-1')
+ self.assertEqual(condensed_json['comment'], 'SRC-NAT-1')
self.assertEqual(condensed_json['address']['network'], network.split('/')[0])
self.assertEqual(str(condensed_json['address']['prefix']), network.split('/')[1])
-
def test_validation(self):
""" T2813: Ensure translation address is specified """
self.session.set(source_path + ['rule', '100', 'outbound-interface', 'eth0'])
diff --git a/smoketest/scripts/cli/test_service_pppoe-server.py b/smoketest/scripts/cli/test_service_pppoe-server.py
index 3a6b12ef4..f0c71e2de 100755
--- a/smoketest/scripts/cli/test_service_pppoe-server.py
+++ b/smoketest/scripts/cli/test_service_pppoe-server.py
@@ -17,41 +17,39 @@
import os
import unittest
+from base_accel_ppp_test import BasicAccelPPPTest
+
from configparser import ConfigParser
-from vyos.configsession import ConfigSession
from vyos.configsession import ConfigSessionError
from vyos.util import process_named_running
+from vyos.util import cmd
-process_name = 'accel-pppd'
-base_path = ['service', 'pppoe-server']
local_if = ['interfaces', 'dummy', 'dum667']
-pppoe_conf = '/run/accel-pppd/pppoe.conf'
ac_name = 'ACN'
-subnet = '172.18.0.0/24'
-gateway = '192.0.2.1'
-nameserver = '9.9.9.9'
-mtu = '1492'
+
interface = 'eth0'
-class TestServicePPPoEServer(unittest.TestCase):
+class TestServicePPPoEServer(BasicAccelPPPTest.BaseTest):
def setUp(self):
- self.session = ConfigSession(os.getpid())
- # ensure we can also run this test on a live system - so lets clean
- # out the current configuration :)
- self.session.delete(base_path)
+ self._base_path = ['service', 'pppoe-server']
+ self._process_name = 'accel-pppd'
+ self._config_file = '/run/accel-pppd/pppoe.conf'
+ self._chap_secrets = '/run/accel-pppd/pppoe.chap-secrets'
+
+ super().setUp()
def tearDown(self):
- self.session.delete(base_path)
self.session.delete(local_if)
- self.session.commit()
- del self.session
+ super().tearDown()
def verify(self, conf):
+ mtu = '1492'
+
# validate some common values in the configuration
- for tmp in ['log_syslog', 'pppoe', 'chap-secrets', 'ippool', 'ipv6pool',
- 'ipv6_nd', 'ipv6_dhcp', 'auth_mschap_v2', 'auth_mschap_v1',
- 'auth_chap_md5', 'auth_pap', 'shaper']:
+ for tmp in ['log_syslog', 'pppoe', 'ippool',
+ 'auth_mschap_v2', 'auth_mschap_v1', 'auth_chap_md5',
+ 'auth_pap', 'shaper']:
# Settings without values provide None
self.assertEqual(conf['modules'][tmp], None)
@@ -60,108 +58,176 @@ class TestServicePPPoEServer(unittest.TestCase):
self.assertTrue(conf['pppoe'].getboolean('verbose'))
self.assertTrue(conf['pppoe']['interface'], interface)
- # check configured subnet
- self.assertEqual(conf['ip-pool'][subnet], None)
- self.assertEqual(conf['ip-pool']['gw-ip-address'], gateway)
-
# check ppp
self.assertTrue(conf['ppp'].getboolean('verbose'))
self.assertTrue(conf['ppp'].getboolean('check-ip'))
- self.assertEqual(conf['ppp']['min-mtu'], mtu)
self.assertEqual(conf['ppp']['mtu'], mtu)
self.assertEqual(conf['ppp']['lcp-echo-interval'], '30')
self.assertEqual(conf['ppp']['lcp-echo-timeout'], '0')
self.assertEqual(conf['ppp']['lcp-echo-failure'], '3')
+ super().verify(conf)
+
def basic_config(self):
self.session.set(local_if + ['address', '192.0.2.1/32'])
- self.session.set(base_path + ['access-concentrator', ac_name])
- self.session.set(base_path + ['authentication', 'mode', 'local'])
- self.session.set(base_path + ['client-ip-pool', 'subnet', subnet])
- self.session.set(base_path + ['name-server', nameserver])
- self.session.set(base_path + ['interface', interface])
- self.session.set(base_path + ['local-ip', gateway])
+ self.set(['access-concentrator', ac_name])
+ self.set(['interface', interface])
+
+ super().basic_config()
- def test_local_auth(self):
+ def test_ppp_options(self):
""" Test configuration of local authentication for PPPoE server """
self.basic_config()
- # authentication
- self.session.set(base_path + ['authentication', 'local-users', 'username', 'vyos', 'password', 'vyos'])
- self.session.set(base_path + ['authentication', 'mode', 'local'])
+
# other settings
- self.session.set(base_path + ['ppp-options', 'ccp'])
- self.session.set(base_path + ['ppp-options', 'mppe', 'require'])
- self.session.set(base_path + ['limits', 'connection-limit', '20/min'])
+ mppe = 'require'
+ self.set(['ppp-options', 'ccp'])
+ self.set(['ppp-options', 'mppe', mppe])
+ self.set(['limits', 'connection-limit', '20/min'])
+
+ # min-mtu
+ min_mtu = '1400'
+ self.set(['ppp-options', 'min-mtu', min_mtu])
+
+ # mru
+ mru = '9000'
+ self.set(['ppp-options', 'mru', mru])
# commit changes
self.session.commit()
# Validate configuration values
- conf = ConfigParser(allow_no_value=True)
- conf.read(pppoe_conf)
+ conf = ConfigParser(allow_no_value=True, delimiters='=')
+ conf.read(self._config_file)
# basic verification
self.verify(conf)
- # check auth
- self.assertEqual(conf['chap-secrets']['chap-secrets'], '/run/accel-pppd/pppoe.chap-secrets')
- self.assertEqual(conf['chap-secrets']['gw-ip-address'], gateway)
+ self.assertEqual(conf['chap-secrets']['gw-ip-address'], self._gateway)
+
+ # check ppp
+ self.assertEqual(conf['ppp']['mppe'], mppe)
+ self.assertEqual(conf['ppp']['min-mtu'], min_mtu)
+ self.assertEqual(conf['ppp']['mru'], mru)
- # check pado
- self.assertEqual(conf['ppp']['mppe'], 'require')
self.assertTrue(conf['ppp'].getboolean('ccp'))
# check other settings
self.assertEqual(conf['connlimit']['limit'], '20/min')
# Check for running process
- self.assertTrue(process_named_running(process_name))
+ self.assertTrue(process_named_running(self._process_name))
+
+ def test_authentication_protocols(self):
+ """ Test configuration of local authentication for PPPoE server """
+ self.basic_config()
+
+ # explicitly test mschap-v2 - no special reason
+ self.set( ['authentication', 'protocols', 'mschap-v2'])
+
+ # commit changes
+ self.session.commit()
+
+ # Validate configuration values
+ conf = ConfigParser(allow_no_value=True)
+ conf.read(self._config_file)
- def test_radius_auth(self):
- """ Test configuration of RADIUS authentication for PPPoE server """
- radius_server = '192.0.2.22'
- radius_key = 'secretVyOS'
- radius_port = '2000'
- radius_port_acc = '3000'
+ self.assertEqual(conf['modules']['auth_mschap_v2'], None)
+ # Check for running process
+ self.assertTrue(process_named_running(self._process_name))
+
+ def test_client_ip_pool(self):
+ """ Test configuration of IPv6 client pools """
self.basic_config()
- self.session.set(base_path + ['authentication', 'radius', 'server', radius_server, 'key', radius_key])
- self.session.set(base_path + ['authentication', 'radius', 'server', radius_server, 'port', radius_port])
- self.session.set(base_path + ['authentication', 'radius', 'server', radius_server, 'acct-port', radius_port_acc])
- self.session.set(base_path + ['authentication', 'mode', 'radius'])
+
+ subnet = '172.18.0.0/24'
+ self.set(['client-ip-pool', 'subnet', subnet])
+
+ start = '192.0.2.10'
+ stop = '192.0.2.20'
+ start_stop = f'{start}-{stop}'
+ self.set(['client-ip-pool', 'start', start])
+ self.set(['client-ip-pool', 'stop', stop])
# commit changes
self.session.commit()
# Validate configuration values
conf = ConfigParser(allow_no_value=True)
- conf.read(pppoe_conf)
+ conf.read(self._config_file)
+
+ # check configured subnet
+ self.assertEqual(conf['ip-pool'][subnet], None)
+ self.assertEqual(conf['ip-pool'][start_stop], None)
+ self.assertEqual(conf['ip-pool']['gw-ip-address'], self._gateway)
+
+ # Check for running process
+ self.assertTrue(process_named_running(self._process_name))
- # basic verification
- self.verify(conf)
- # check auth
- self.assertTrue(conf['radius'].getboolean('verbose'))
- self.assertTrue(conf['radius']['acct-timeout'], '3')
- self.assertTrue(conf['radius']['timeout'], '3')
- self.assertTrue(conf['radius']['max-try'], '3')
- self.assertTrue(conf['radius']['gw-ip-address'], gateway)
-
- server = conf['radius']['server'].split(',')
- self.assertEqual(radius_server, server[0])
- self.assertEqual(radius_key, server[1])
- self.assertEqual(f'auth-port={radius_port}', server[2])
- self.assertEqual(f'acct-port={radius_port_acc}', server[3])
- self.assertEqual(f'req-limit=0', server[4])
- self.assertEqual(f'fail-time=0', server[5])
-
- # check defaults
- self.assertEqual(conf['ppp']['mppe'], 'prefer')
- self.assertFalse(conf['ppp'].getboolean('ccp'))
+ def test_client_ipv6_pool(self):
+ """ Test configuration of IPv6 client pools """
+ self.basic_config()
+
+ # Enable IPv6
+ allow_ipv6 = 'allow'
+ random = 'random'
+ self.set(['ppp-options', 'ipv6', allow_ipv6])
+ self.set(['ppp-options', 'ipv6-intf-id', random])
+ self.set(['ppp-options', 'ipv6-accept-peer-intf-id'])
+ self.set(['ppp-options', 'ipv6-peer-intf-id', random])
+
+ prefix = '2001:db8:ffff::/64'
+ prefix_mask = '128'
+ client_prefix = f'{prefix},{prefix_mask}'
+ self.set(['client-ipv6-pool', 'prefix', prefix, 'mask', prefix_mask])
+
+ delegate_prefix = '2001:db8::/40'
+ delegate_mask = '56'
+ self.set(['client-ipv6-pool', 'delegate', delegate_prefix, 'delegation-prefix', delegate_mask])
+
+ # commit changes
+ self.session.commit()
+
+ # Validate configuration values
+ conf = ConfigParser(allow_no_value=True, delimiters='=')
+ conf.read(self._config_file)
+
+ for tmp in ['ipv6pool', 'ipv6_nd', 'ipv6_dhcp']:
+ self.assertEqual(conf['modules'][tmp], None)
+
+ self.assertEqual(conf['ppp']['ipv6'], allow_ipv6)
+ self.assertEqual(conf['ppp']['ipv6-intf-id'], random)
+ self.assertEqual(conf['ppp']['ipv6-peer-intf-id'], random)
+ self.assertTrue(conf['ppp'].getboolean('ipv6-accept-peer-intf-id'))
+
+ self.assertEqual(conf['ipv6-pool'][client_prefix], None)
+ self.assertEqual(conf['ipv6-pool']['delegate'], f'{delegate_prefix},{delegate_mask}')
# Check for running process
- self.assertTrue(process_named_running(process_name))
+ self.assertTrue(process_named_running(self._process_name))
+
+
+ def test_authentication_radius(self):
+ radius_called_sid = 'ifname:mac'
+ radius_acct_interim_jitter = '9'
+
+ self.set(['authentication', 'radius', 'called-sid-format', radius_called_sid])
+ self.set(['authentication', 'radius', 'acct-interim-jitter', radius_acct_interim_jitter])
+
+ # run common tests
+ super().test_authentication_radius()
+
+ # Validate configuration values
+ conf = ConfigParser(allow_no_value=True, delimiters='=')
+ conf.read(self._config_file)
+
+ # Validate configuration
+ self.assertEqual(conf['radius']['called-sid'], radius_called_sid)
+ self.assertEqual(conf['radius']['acct-interim-jitter'], radius_acct_interim_jitter)
+
if __name__ == '__main__':
unittest.main()
diff --git a/smoketest/scripts/cli/test_system_ntp.py b/smoketest/scripts/cli/test_system_ntp.py
index 2a7c64870..4f62b62d5 100755
--- a/smoketest/scripts/cli/test_system_ntp.py
+++ b/smoketest/scripts/cli/test_system_ntp.py
@@ -70,10 +70,6 @@ class TestSystemNTP(unittest.TestCase):
def test_ntp_clients(self):
""" Test the allowed-networks statement """
- listen_address = ['127.0.0.1', '::1']
- for listen in listen_address:
- self.session.set(base_path + ['listen-address', listen])
-
networks = ['192.0.2.0/24', '2001:db8:1000::/64']
for network in networks:
self.session.set(base_path + ['allow-clients', 'address', network])
@@ -99,9 +95,7 @@ class TestSystemNTP(unittest.TestCase):
# Check listen address
tmp = get_config_value('interface')
- test = ['ignore wildcard']
- for listen in listen_address:
- test.append(f'listen {listen}')
+ test = ['ignore wildcard', 'listen 127.0.0.1', 'listen ::1']
self.assertEqual(tmp, test)
# Check for running process
diff --git a/smoketest/scripts/cli/test_vpn_sstp.py b/smoketest/scripts/cli/test_vpn_sstp.py
new file mode 100755
index 000000000..83be4c248
--- /dev/null
+++ b/smoketest/scripts/cli/test_vpn_sstp.py
@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import unittest
+
+from base_accel_ppp_test import BasicAccelPPPTest
+from vyos.util import cmd
+
+process_name = 'accel-pppd'
+ca_cert = '/tmp/ca.crt'
+ssl_cert = '/tmp/server.crt'
+ssl_key = '/tmp/server.key'
+
+class TestVPNSSTPServer(BasicAccelPPPTest.BaseTest):
+ def setUp(self):
+ self._base_path = ['vpn', 'sstp']
+ self._process_name = 'accel-pppd'
+ self._config_file = '/run/accel-pppd/sstp.conf'
+ self._chap_secrets = '/run/accel-pppd/sstp.chap-secrets'
+
+ super().setUp()
+
+ def tearDown(self):
+ super().tearDown()
+
+ def basic_config(self):
+ # SSL is mandatory
+ self.set(['ssl', 'ca-cert-file', ca_cert])
+ self.set(['ssl', 'cert-file', ssl_cert])
+ self.set(['ssl', 'key-file', ssl_key])
+ self.set(['client-ip-pool', 'subnet', '192.0.2.0/24'])
+
+ super().basic_config()
+
+if __name__ == '__main__':
+ # Our SSL certificates need a subject ...
+ subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos/' \
+ 'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/'
+
+ # Generate mandatory SSL certificate
+ tmp = f'openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 '\
+ f'-keyout {ssl_key} -out {ssl_cert} -subj {subject}'
+ cmd(tmp)
+
+ # Generate "CA"
+ tmp = f'openssl req -new -x509 -key {ssl_key} -out {ca_cert} '\
+ f'-subj {subject}'
+ cmd(tmp)
+
+ unittest.main()