diff options
Diffstat (limited to 'smoketest')
-rw-r--r-- | smoketest/scripts/cli/base_accel_ppp_test.py | 177 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_bridge.py | 37 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_macsec.py | 2 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_wireguard.py | 38 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_nat.py | 3 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_service_pppoe-server.py | 220 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_system_ntp.py | 8 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_vpn_sstp.py | 63 |
8 files changed, 457 insertions, 91 deletions
diff --git a/smoketest/scripts/cli/base_accel_ppp_test.py b/smoketest/scripts/cli/base_accel_ppp_test.py new file mode 100644 index 000000000..cf401b0d8 --- /dev/null +++ b/smoketest/scripts/cli/base_accel_ppp_test.py @@ -0,0 +1,177 @@ +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os +import re +import unittest + +from configparser import ConfigParser + +from vyos.configsession import ConfigSession +from vyos.configsession import ConfigSessionError +from vyos.util import cmd +from vyos.util import get_half_cpus +from vyos.util import process_named_running +from vyos.validate import is_ipv4 + +class BasicAccelPPPTest: + class BaseTest(unittest.TestCase): + + def setUp(self): + self.session = ConfigSession(os.getpid()) + self._gateway = '192.0.2.1' + + # ensure we can also run this test on a live system - so lets clean + # out the current configuration :) + self.session.delete(self._base_path) + + def tearDown(self): + self.session.delete(self._base_path) + self.session.commit() + del self.session + + def set(self, path): + self.session.set(self._base_path + path) + + def basic_config(self): + # PPPoE local auth mode requires local users to be configured! + self.set(['authentication', 'local-users', 'username', 'vyos', 'password', 'vyos']) + self.set(['authentication', 'mode', 'local']) + self.set(['gateway-address', self._gateway]) + + def verify(self, conf): + self.assertEqual(conf['core']['thread-count'], str(get_half_cpus())) + + def test_name_servers(self): + """ Verify proper Name-Server configuration for IPv4 and IPv6 """ + self.basic_config() + + nameserver = ['192.0.2.1', '192.0.2.2', '2001:db8::1'] + for ns in nameserver: + self.set(['name-server', ns]) + + # commit changes + self.session.commit() + + # Validate configuration values + conf = ConfigParser(allow_no_value=True, delimiters='=') + conf.read(self._config_file) + + # IPv4 and IPv6 nameservers must be checked individually + for ns in nameserver: + if is_ipv4(ns): + self.assertIn(ns, [conf['dns']['dns1'], conf['dns']['dns2']]) + else: + self.assertEqual(conf['ipv6-dns'][ns], None) + + def test_authentication_local(self): + """ Test configuration of local authentication """ + self.basic_config() + + # upload / download limit + user = 'test' + password = 'test2' + static_ip = '100.100.100.101' + upload = '5000' + download = '10000' + + self.set(['authentication', 'local-users', 'username', user, 'password', password]) + self.set(['authentication', 'local-users', 'username', user, 'static-ip', static_ip]) + self.set(['authentication', 'local-users', 'username', user, 'rate-limit', 'upload', upload]) + + # upload rate-limit requires also download rate-limit + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.set(['authentication', 'local-users', 'username', user, 'rate-limit', 'download', download]) + + # commit changes + self.session.commit() + + # Validate configuration values + conf = ConfigParser(allow_no_value=True, delimiters='=') + conf.read(self._config_file) + + # check proper path to chap-secrets file + self.assertEqual(conf['chap-secrets']['chap-secrets'], self._chap_secrets) + + # basic verification + self.verify(conf) + + # check local users + tmp = cmd(f'sudo cat {self._chap_secrets}') + regex = f'{user}\s+\*\s+{password}\s+{static_ip}\s+{download}/{upload}' + tmp = re.findall(regex, tmp) + self.assertTrue(tmp) + + # Check for running process + self.assertTrue(process_named_running(self._process_name)) + + def test_authentication_radius(self): + """ Test configuration of RADIUS authentication for PPPoE server """ + self.basic_config() + + radius_server = '192.0.2.22' + radius_key = 'secretVyOS' + radius_port = '2000' + radius_port_acc = '3000' + + self.set(['authentication', 'mode', 'radius']) + self.set(['authentication', 'radius', 'server', radius_server, 'key', radius_key]) + self.set(['authentication', 'radius', 'server', radius_server, 'port', radius_port]) + self.set(['authentication', 'radius', 'server', radius_server, 'acct-port', radius_port_acc]) + + coa_server = '4.4.4.4' + coa_key = 'testCoA' + self.set(['authentication', 'radius', 'dynamic-author', 'server', coa_server]) + self.set(['authentication', 'radius', 'dynamic-author', 'key', coa_key]) + + nas_id = 'VyOS-PPPoE' + nas_ip = '7.7.7.7' + self.set(['authentication', 'radius', 'nas-identifier', nas_id]) + self.set(['authentication', 'radius', 'nas-ip-address', nas_ip]) + + source_address = '1.2.3.4' + self.set(['authentication', 'radius', 'source-address', source_address]) + + # commit changes + self.session.commit() + + # Validate configuration values + conf = ConfigParser(allow_no_value=True, delimiters='=') + conf.read(self._config_file) + + # basic verification + self.verify(conf) + + # check auth + self.assertTrue(conf['radius'].getboolean('verbose')) + self.assertEqual(conf['radius']['acct-timeout'], '3') + self.assertEqual(conf['radius']['timeout'], '3') + self.assertEqual(conf['radius']['max-try'], '3') + + self.assertEqual(conf['radius']['dae-server'], f'{coa_server}:1700,{coa_key}') + self.assertEqual(conf['radius']['nas-identifier'], nas_id) + self.assertEqual(conf['radius']['nas-ip-address'], nas_ip) + self.assertEqual(conf['radius']['bind'], source_address) + + server = conf['radius']['server'].split(',') + self.assertEqual(radius_server, server[0]) + self.assertEqual(radius_key, server[1]) + self.assertEqual(f'auth-port={radius_port}', server[2]) + self.assertEqual(f'acct-port={radius_port_acc}', server[3]) + self.assertEqual(f'req-limit=0', server[4]) + self.assertEqual(f'fail-time=0', server[5]) + + # Check for running process + self.assertTrue(process_named_running(self._process_name)) diff --git a/smoketest/scripts/cli/test_interfaces_bridge.py b/smoketest/scripts/cli/test_interfaces_bridge.py index bc0bb69c6..a1359680b 100755 --- a/smoketest/scripts/cli/test_interfaces_bridge.py +++ b/smoketest/scripts/cli/test_interfaces_bridge.py @@ -18,6 +18,8 @@ import os import unittest from base_interfaces_test import BasicInterfaceTest +from glob import glob +from netifaces import interfaces from vyos.ifconfig import Section class BridgeInterfaceTest(BasicInterfaceTest.BaseTest): @@ -44,6 +46,7 @@ class BridgeInterfaceTest(BasicInterfaceTest.BaseTest): self._options['br0'].append(f'member interface {member}') def test_add_remove_member(self): + """ Add member interfaces to bridge and set STP cost/priority """ for interface in self._interfaces: base = self._base_path + [interface] self.session.set(base + ['stp']) @@ -59,12 +62,46 @@ class BridgeInterfaceTest(BasicInterfaceTest.BaseTest): cost += 1 priority += 1 + # commit config self.session.commit() + # check member interfaces are added on the bridge + bridge_members = [] + for tmp in glob(f'/sys/class/net/{interface}/lower_*'): + bridge_members.append(os.path.basename(tmp).replace('lower_', '')) + + for member in self._members: + self.assertIn(member, bridge_members) + + # delete all members for interface in self._interfaces: self.session.delete(self._base_path + [interface, 'member']) self.session.commit() + def test_vlan_members(self): + """ T2945: ensure that VIFs are not dropped from bridge """ + + self.session.set(['interfaces', 'ethernet', 'eth0', 'vif', '300']) + self.session.set(['interfaces', 'bridge', 'br0', 'member', 'interface', 'eth0.300']) + self.session.commit() + + # member interface must be assigned to the bridge + self.assertTrue(os.path.exists('/sys/class/net/br0/lower_eth0.300')) + + # add second bridge member + self.session.set(['interfaces', 'ethernet', 'eth0', 'vif', '400']) + self.session.commit() + + # member interface must still be assigned to the bridge + self.assertTrue(os.path.exists('/sys/class/net/br0/lower_eth0.300')) + + # remove VLAN interfaces + self.session.delete(['interfaces', 'ethernet', 'eth0', 'vif', '300']) + self.session.delete(['interfaces', 'ethernet', 'eth0', 'vif', '400']) + self.session.commit() + + if __name__ == '__main__': unittest.main() + diff --git a/smoketest/scripts/cli/test_interfaces_macsec.py b/smoketest/scripts/cli/test_interfaces_macsec.py index 6d1be86ba..177d2b946 100755 --- a/smoketest/scripts/cli/test_interfaces_macsec.py +++ b/smoketest/scripts/cli/test_interfaces_macsec.py @@ -105,7 +105,7 @@ class MACsecInterfaceTest(BasicInterfaceTest.BaseTest): # Check for running process self.assertTrue(process_named_running('wpa_supplicant')) - def test_mandatory_toptions(self): + def test_mandatory_options(self): interface = 'macsec1' self.session.set(self._base_path + [interface]) diff --git a/smoketest/scripts/cli/test_interfaces_wireguard.py b/smoketest/scripts/cli/test_interfaces_wireguard.py index 0c32a4696..726405780 100755 --- a/smoketest/scripts/cli/test_interfaces_wireguard.py +++ b/smoketest/scripts/cli/test_interfaces_wireguard.py @@ -38,10 +38,8 @@ class WireGuardInterfaceTest(unittest.TestCase): self.session.commit() del self.session - def test_peer_setup(self): - """ - Create WireGuard interfaces with associated peers - """ + def test_peer(self): + """ Create WireGuard interfaces with associated peers """ for intf in self._interfaces: peer = 'foo-' + intf psk = 'u2xdA70hkz0S1CG0dZlOh0aq2orwFXRIVrKo4DCvHgM=' @@ -64,5 +62,37 @@ class WireGuardInterfaceTest(unittest.TestCase): self.assertTrue(os.path.isdir(f'/sys/class/net/{intf}')) + + def test_add_remove_peer(self): + """ Create WireGuard interfaces with associated peers. Remove one of + the configured peers. Bug reported as T2939 """ + interface = 'wg0' + port = '12345' + pubkey_1 = 'n1CUsmR0M2LUUsyicBd6blZICwUqqWWHbu4ifZ2/9gk=' + pubkey_2 = 'ebFx/1G0ti8tvuZd94sEIosAZZIznX+dBAKG/8DFm0I=' + + self.session.set(base_path + [interface, 'address', '172.16.0.1/24']) + + self.session.set(base_path + [interface, 'peer', 'PEER01', 'pubkey', pubkey_1]) + self.session.set(base_path + [interface, 'peer', 'PEER01', 'port', port]) + self.session.set(base_path + [interface, 'peer', 'PEER01', 'allowed-ips', '10.205.212.10/32']) + self.session.set(base_path + [interface, 'peer', 'PEER01', 'address', '192.0.2.1']) + + self.session.set(base_path + [interface, 'peer', 'PEER02', 'pubkey', pubkey_2]) + self.session.set(base_path + [interface, 'peer', 'PEER02', 'port', port]) + self.session.set(base_path + [interface, 'peer', 'PEER02', 'allowed-ips', '10.205.212.11/32']) + self.session.set(base_path + [interface, 'peer', 'PEER02', 'address', '192.0.2.2']) + + # Commit peers + self.session.commit() + + self.assertTrue(os.path.isdir(f'/sys/class/net/{interface}')) + + # Delete second peer + self.session.delete(base_path + [interface, 'peer', 'PEER01']) + self.session.commit() + + + if __name__ == '__main__': unittest.main() diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py index b06fa239d..5c7c66840 100755 --- a/smoketest/scripts/cli/test_nat.py +++ b/smoketest/scripts/cli/test_nat.py @@ -56,11 +56,10 @@ class TestNAT(unittest.TestCase): nftable_json = json.loads(tmp) condensed_json = jmespath.search(snat_pattern, nftable_json)[0] - self.assertEqual(condensed_json['comment'], 'DST-NAT-1') + self.assertEqual(condensed_json['comment'], 'SRC-NAT-1') self.assertEqual(condensed_json['address']['network'], network.split('/')[0]) self.assertEqual(str(condensed_json['address']['prefix']), network.split('/')[1]) - def test_validation(self): """ T2813: Ensure translation address is specified """ self.session.set(source_path + ['rule', '100', 'outbound-interface', 'eth0']) diff --git a/smoketest/scripts/cli/test_service_pppoe-server.py b/smoketest/scripts/cli/test_service_pppoe-server.py index 3a6b12ef4..f0c71e2de 100755 --- a/smoketest/scripts/cli/test_service_pppoe-server.py +++ b/smoketest/scripts/cli/test_service_pppoe-server.py @@ -17,41 +17,39 @@ import os import unittest +from base_accel_ppp_test import BasicAccelPPPTest + from configparser import ConfigParser -from vyos.configsession import ConfigSession from vyos.configsession import ConfigSessionError from vyos.util import process_named_running +from vyos.util import cmd -process_name = 'accel-pppd' -base_path = ['service', 'pppoe-server'] local_if = ['interfaces', 'dummy', 'dum667'] -pppoe_conf = '/run/accel-pppd/pppoe.conf' ac_name = 'ACN' -subnet = '172.18.0.0/24' -gateway = '192.0.2.1' -nameserver = '9.9.9.9' -mtu = '1492' + interface = 'eth0' -class TestServicePPPoEServer(unittest.TestCase): +class TestServicePPPoEServer(BasicAccelPPPTest.BaseTest): def setUp(self): - self.session = ConfigSession(os.getpid()) - # ensure we can also run this test on a live system - so lets clean - # out the current configuration :) - self.session.delete(base_path) + self._base_path = ['service', 'pppoe-server'] + self._process_name = 'accel-pppd' + self._config_file = '/run/accel-pppd/pppoe.conf' + self._chap_secrets = '/run/accel-pppd/pppoe.chap-secrets' + + super().setUp() def tearDown(self): - self.session.delete(base_path) self.session.delete(local_if) - self.session.commit() - del self.session + super().tearDown() def verify(self, conf): + mtu = '1492' + # validate some common values in the configuration - for tmp in ['log_syslog', 'pppoe', 'chap-secrets', 'ippool', 'ipv6pool', - 'ipv6_nd', 'ipv6_dhcp', 'auth_mschap_v2', 'auth_mschap_v1', - 'auth_chap_md5', 'auth_pap', 'shaper']: + for tmp in ['log_syslog', 'pppoe', 'ippool', + 'auth_mschap_v2', 'auth_mschap_v1', 'auth_chap_md5', + 'auth_pap', 'shaper']: # Settings without values provide None self.assertEqual(conf['modules'][tmp], None) @@ -60,108 +58,176 @@ class TestServicePPPoEServer(unittest.TestCase): self.assertTrue(conf['pppoe'].getboolean('verbose')) self.assertTrue(conf['pppoe']['interface'], interface) - # check configured subnet - self.assertEqual(conf['ip-pool'][subnet], None) - self.assertEqual(conf['ip-pool']['gw-ip-address'], gateway) - # check ppp self.assertTrue(conf['ppp'].getboolean('verbose')) self.assertTrue(conf['ppp'].getboolean('check-ip')) - self.assertEqual(conf['ppp']['min-mtu'], mtu) self.assertEqual(conf['ppp']['mtu'], mtu) self.assertEqual(conf['ppp']['lcp-echo-interval'], '30') self.assertEqual(conf['ppp']['lcp-echo-timeout'], '0') self.assertEqual(conf['ppp']['lcp-echo-failure'], '3') + super().verify(conf) + def basic_config(self): self.session.set(local_if + ['address', '192.0.2.1/32']) - self.session.set(base_path + ['access-concentrator', ac_name]) - self.session.set(base_path + ['authentication', 'mode', 'local']) - self.session.set(base_path + ['client-ip-pool', 'subnet', subnet]) - self.session.set(base_path + ['name-server', nameserver]) - self.session.set(base_path + ['interface', interface]) - self.session.set(base_path + ['local-ip', gateway]) + self.set(['access-concentrator', ac_name]) + self.set(['interface', interface]) + + super().basic_config() - def test_local_auth(self): + def test_ppp_options(self): """ Test configuration of local authentication for PPPoE server """ self.basic_config() - # authentication - self.session.set(base_path + ['authentication', 'local-users', 'username', 'vyos', 'password', 'vyos']) - self.session.set(base_path + ['authentication', 'mode', 'local']) + # other settings - self.session.set(base_path + ['ppp-options', 'ccp']) - self.session.set(base_path + ['ppp-options', 'mppe', 'require']) - self.session.set(base_path + ['limits', 'connection-limit', '20/min']) + mppe = 'require' + self.set(['ppp-options', 'ccp']) + self.set(['ppp-options', 'mppe', mppe]) + self.set(['limits', 'connection-limit', '20/min']) + + # min-mtu + min_mtu = '1400' + self.set(['ppp-options', 'min-mtu', min_mtu]) + + # mru + mru = '9000' + self.set(['ppp-options', 'mru', mru]) # commit changes self.session.commit() # Validate configuration values - conf = ConfigParser(allow_no_value=True) - conf.read(pppoe_conf) + conf = ConfigParser(allow_no_value=True, delimiters='=') + conf.read(self._config_file) # basic verification self.verify(conf) - # check auth - self.assertEqual(conf['chap-secrets']['chap-secrets'], '/run/accel-pppd/pppoe.chap-secrets') - self.assertEqual(conf['chap-secrets']['gw-ip-address'], gateway) + self.assertEqual(conf['chap-secrets']['gw-ip-address'], self._gateway) + + # check ppp + self.assertEqual(conf['ppp']['mppe'], mppe) + self.assertEqual(conf['ppp']['min-mtu'], min_mtu) + self.assertEqual(conf['ppp']['mru'], mru) - # check pado - self.assertEqual(conf['ppp']['mppe'], 'require') self.assertTrue(conf['ppp'].getboolean('ccp')) # check other settings self.assertEqual(conf['connlimit']['limit'], '20/min') # Check for running process - self.assertTrue(process_named_running(process_name)) + self.assertTrue(process_named_running(self._process_name)) + + def test_authentication_protocols(self): + """ Test configuration of local authentication for PPPoE server """ + self.basic_config() + + # explicitly test mschap-v2 - no special reason + self.set( ['authentication', 'protocols', 'mschap-v2']) + + # commit changes + self.session.commit() + + # Validate configuration values + conf = ConfigParser(allow_no_value=True) + conf.read(self._config_file) - def test_radius_auth(self): - """ Test configuration of RADIUS authentication for PPPoE server """ - radius_server = '192.0.2.22' - radius_key = 'secretVyOS' - radius_port = '2000' - radius_port_acc = '3000' + self.assertEqual(conf['modules']['auth_mschap_v2'], None) + # Check for running process + self.assertTrue(process_named_running(self._process_name)) + + def test_client_ip_pool(self): + """ Test configuration of IPv6 client pools """ self.basic_config() - self.session.set(base_path + ['authentication', 'radius', 'server', radius_server, 'key', radius_key]) - self.session.set(base_path + ['authentication', 'radius', 'server', radius_server, 'port', radius_port]) - self.session.set(base_path + ['authentication', 'radius', 'server', radius_server, 'acct-port', radius_port_acc]) - self.session.set(base_path + ['authentication', 'mode', 'radius']) + + subnet = '172.18.0.0/24' + self.set(['client-ip-pool', 'subnet', subnet]) + + start = '192.0.2.10' + stop = '192.0.2.20' + start_stop = f'{start}-{stop}' + self.set(['client-ip-pool', 'start', start]) + self.set(['client-ip-pool', 'stop', stop]) # commit changes self.session.commit() # Validate configuration values conf = ConfigParser(allow_no_value=True) - conf.read(pppoe_conf) + conf.read(self._config_file) + + # check configured subnet + self.assertEqual(conf['ip-pool'][subnet], None) + self.assertEqual(conf['ip-pool'][start_stop], None) + self.assertEqual(conf['ip-pool']['gw-ip-address'], self._gateway) + + # Check for running process + self.assertTrue(process_named_running(self._process_name)) - # basic verification - self.verify(conf) - # check auth - self.assertTrue(conf['radius'].getboolean('verbose')) - self.assertTrue(conf['radius']['acct-timeout'], '3') - self.assertTrue(conf['radius']['timeout'], '3') - self.assertTrue(conf['radius']['max-try'], '3') - self.assertTrue(conf['radius']['gw-ip-address'], gateway) - - server = conf['radius']['server'].split(',') - self.assertEqual(radius_server, server[0]) - self.assertEqual(radius_key, server[1]) - self.assertEqual(f'auth-port={radius_port}', server[2]) - self.assertEqual(f'acct-port={radius_port_acc}', server[3]) - self.assertEqual(f'req-limit=0', server[4]) - self.assertEqual(f'fail-time=0', server[5]) - - # check defaults - self.assertEqual(conf['ppp']['mppe'], 'prefer') - self.assertFalse(conf['ppp'].getboolean('ccp')) + def test_client_ipv6_pool(self): + """ Test configuration of IPv6 client pools """ + self.basic_config() + + # Enable IPv6 + allow_ipv6 = 'allow' + random = 'random' + self.set(['ppp-options', 'ipv6', allow_ipv6]) + self.set(['ppp-options', 'ipv6-intf-id', random]) + self.set(['ppp-options', 'ipv6-accept-peer-intf-id']) + self.set(['ppp-options', 'ipv6-peer-intf-id', random]) + + prefix = '2001:db8:ffff::/64' + prefix_mask = '128' + client_prefix = f'{prefix},{prefix_mask}' + self.set(['client-ipv6-pool', 'prefix', prefix, 'mask', prefix_mask]) + + delegate_prefix = '2001:db8::/40' + delegate_mask = '56' + self.set(['client-ipv6-pool', 'delegate', delegate_prefix, 'delegation-prefix', delegate_mask]) + + # commit changes + self.session.commit() + + # Validate configuration values + conf = ConfigParser(allow_no_value=True, delimiters='=') + conf.read(self._config_file) + + for tmp in ['ipv6pool', 'ipv6_nd', 'ipv6_dhcp']: + self.assertEqual(conf['modules'][tmp], None) + + self.assertEqual(conf['ppp']['ipv6'], allow_ipv6) + self.assertEqual(conf['ppp']['ipv6-intf-id'], random) + self.assertEqual(conf['ppp']['ipv6-peer-intf-id'], random) + self.assertTrue(conf['ppp'].getboolean('ipv6-accept-peer-intf-id')) + + self.assertEqual(conf['ipv6-pool'][client_prefix], None) + self.assertEqual(conf['ipv6-pool']['delegate'], f'{delegate_prefix},{delegate_mask}') # Check for running process - self.assertTrue(process_named_running(process_name)) + self.assertTrue(process_named_running(self._process_name)) + + + def test_authentication_radius(self): + radius_called_sid = 'ifname:mac' + radius_acct_interim_jitter = '9' + + self.set(['authentication', 'radius', 'called-sid-format', radius_called_sid]) + self.set(['authentication', 'radius', 'acct-interim-jitter', radius_acct_interim_jitter]) + + # run common tests + super().test_authentication_radius() + + # Validate configuration values + conf = ConfigParser(allow_no_value=True, delimiters='=') + conf.read(self._config_file) + + # Validate configuration + self.assertEqual(conf['radius']['called-sid'], radius_called_sid) + self.assertEqual(conf['radius']['acct-interim-jitter'], radius_acct_interim_jitter) + if __name__ == '__main__': unittest.main() diff --git a/smoketest/scripts/cli/test_system_ntp.py b/smoketest/scripts/cli/test_system_ntp.py index 2a7c64870..4f62b62d5 100755 --- a/smoketest/scripts/cli/test_system_ntp.py +++ b/smoketest/scripts/cli/test_system_ntp.py @@ -70,10 +70,6 @@ class TestSystemNTP(unittest.TestCase): def test_ntp_clients(self): """ Test the allowed-networks statement """ - listen_address = ['127.0.0.1', '::1'] - for listen in listen_address: - self.session.set(base_path + ['listen-address', listen]) - networks = ['192.0.2.0/24', '2001:db8:1000::/64'] for network in networks: self.session.set(base_path + ['allow-clients', 'address', network]) @@ -99,9 +95,7 @@ class TestSystemNTP(unittest.TestCase): # Check listen address tmp = get_config_value('interface') - test = ['ignore wildcard'] - for listen in listen_address: - test.append(f'listen {listen}') + test = ['ignore wildcard', 'listen 127.0.0.1', 'listen ::1'] self.assertEqual(tmp, test) # Check for running process diff --git a/smoketest/scripts/cli/test_vpn_sstp.py b/smoketest/scripts/cli/test_vpn_sstp.py new file mode 100755 index 000000000..83be4c248 --- /dev/null +++ b/smoketest/scripts/cli/test_vpn_sstp.py @@ -0,0 +1,63 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import unittest + +from base_accel_ppp_test import BasicAccelPPPTest +from vyos.util import cmd + +process_name = 'accel-pppd' +ca_cert = '/tmp/ca.crt' +ssl_cert = '/tmp/server.crt' +ssl_key = '/tmp/server.key' + +class TestVPNSSTPServer(BasicAccelPPPTest.BaseTest): + def setUp(self): + self._base_path = ['vpn', 'sstp'] + self._process_name = 'accel-pppd' + self._config_file = '/run/accel-pppd/sstp.conf' + self._chap_secrets = '/run/accel-pppd/sstp.chap-secrets' + + super().setUp() + + def tearDown(self): + super().tearDown() + + def basic_config(self): + # SSL is mandatory + self.set(['ssl', 'ca-cert-file', ca_cert]) + self.set(['ssl', 'cert-file', ssl_cert]) + self.set(['ssl', 'key-file', ssl_key]) + self.set(['client-ip-pool', 'subnet', '192.0.2.0/24']) + + super().basic_config() + +if __name__ == '__main__': + # Our SSL certificates need a subject ... + subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos/' \ + 'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/' + + # Generate mandatory SSL certificate + tmp = f'openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 '\ + f'-keyout {ssl_key} -out {ssl_cert} -subj {subject}' + cmd(tmp) + + # Generate "CA" + tmp = f'openssl req -new -x509 -key {ssl_key} -out {ca_cert} '\ + f'-subj {subject}' + cmd(tmp) + + unittest.main() |