summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli/test_vpn_ipsec.py
AgeCommit message (Collapse)Author
2022-04-25smoketest: bugfix on proper inheritance levels for classmethodChristian Poessinger
2022-02-22Merge pull request #1230 from sever-sever/T1856Christian Poessinger
ipsec: T1856: Ability to set SA life bytes and packets
2022-02-20ipsec: T3948: Add CLI site-to-site peer connection-type noneViacheslav Hletenko
set vpn ipsec site-to-site peer 192.0.2.14 connection-type none
2022-02-20ipsec: T1856: Ability to set SA life bytes and packetsViacheslav Hletenko
set vpn ipsec esp-group grp-ESP life-bytes '100000' set vpn ipsec esp-group grp-ESP life-packets '2000000'
2022-02-19vpn: T4254: Add cisco_flexvpn and install_virtual_ip_on optionsViacheslav Hletenko
Ability to set Cisco FlexVPN vendor ID payload: charon.cisco_flexvpn charon.install_virtual_ip_on swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z set vpn ipsec options flexvpn set vpn ipsec options virtual-ip set vpn ipsec options interface tunX set vpn ipsec site-to-site peer x.x.x.x virtual-address x.x.x.x
2021-12-31smoketest: ipsec: T4126: verify configured priorityChristian Poessinger
2021-12-31smoketest: ipsec: make use of setUpClass()Christian Poessinger
2021-11-21smoketest: ipsec: T4010: fix dmvpn template profile rekey_timeChristian Poessinger
Commit d75403f78aef0 ("dmvpn: T4010: Fix template ipsec profile rekey_time") fixed an issue where the old IKE life_time config option was used. This no longer exists and us named rekey_time for IKE. This commit fixes the expected smoketest result.
2021-09-21smoketest: ipsec: T1441: adjust to latest VTI/XFRM interface changesChristian Poessinger
Commit d768aee9 ("ipsec: T1441: Clean up vti-up-down script for XFRM interfaces") removed a parameter from the updown scripts which is no longer necessary as XFRM interfaces are superior to VTI interfaces b/c they use dynamic endpoints by default.
2021-09-18smoketest: ipsec: only delete nhrp path where it is usedChristian Poessinger
2021-09-18ipsec: vti: T3831: avoid usinf xfrm if_id 0 - implement shift by oneChristian Poessinger
The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. This means that a vti0 named interface will pull in all traffic and others will stop working. Thus we simply shift the key by one to also support a vti0 interface.
2021-08-19smoketest: ipsec: T3764: extend testcases for IKE/ESP lifetimeChristian Poessinger
2021-07-17ipsec: T2816: migrate "ipsec interfaces" to "interface"Christian Poessinger
2021-07-03ipsec: T2816: rework IKE and ESP key assignmentChristian Poessinger
Commit 2d79a500 ("ipsec: T2816: add Jinja2 converter for ESP/IKE groups to string") added a Jinja2 helper function which can be used to transform VyOS CLI ESP and IKE key proposals into a strongSwan compatible string cipher. This commit changes the IPSec implementation to make use of this new Jinja2 filter fubction/Python helper. This is required base work for better automated tests (smoketests) but also for an IKEv2 road-warrior setup.
2021-07-02smoketest: ipam: add site2site x509 auth testcaseChristian Poessinger
2021-07-02smoketest: ipsec: place peer local-address into variableChristian Poessinger
2021-07-02smoketest: ipsec: IKE and ESP settings can be done one time in setUp()Christian Poessinger
2021-06-30smoketest: ipsec: add more re-usable variable definitions throughout the testChristian Poessinger
2021-06-26Revert "ipsec: T3643: move swanctl.conf to /run"Christian Poessinger
This reverts commit 95bbbb8bed92a60a320ff255c8b8656145f3c540.
2021-06-24ipsec: T3643: move swanctl.conf to /runChristian Poessinger
This is the completion of commit 50a742b5 ("IPSec: T3643: Fix path for swanctl.conf file") that moves the generated swanctl file from non-volatile to a volatile (tmpfs backed) storage like we do for all out configuration files. Thus it is ensured after a reboot or service deprecation there are no accidential leftovers from previous configurations stored on the system.
2021-06-15ipsec: T2816: T645: T3613: Migrated IPsec to swanctl, includes multiple ↵sarthurdev
selectors, and selectors with VTI.
2021-06-13smoketest: ipsec: T1501: Use VLAN in smoketest to avoid lease from QEMU ↵sarthurdev
built-in DHCP server
2021-06-12smoketest: ipsec: T1501: Add smoketest for failed dhcp-interface scenariosarthurdev
2021-06-07smoketest: ipsec: chmod +x testcaseChristian Poessinger
2021-05-28ipsec: T2816: IPSec python rework, includes DMVPN and VTI supportSimon