From fa91f567b7b5f009aaaed569b3f5e5db4b638d39 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Thu, 25 Aug 2022 07:05:16 +0000 Subject: smoketest: T4643: Change openconnect default port Change openconnect port as both ocserv and sstp bind by default the same port 443 --- smoketest/configs/pki-misc | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'smoketest/configs') diff --git a/smoketest/configs/pki-misc b/smoketest/configs/pki-misc index c90226a2a..4db795565 100644 --- a/smoketest/configs/pki-misc +++ b/smoketest/configs/pki-misc @@ -59,6 +59,10 @@ vpn { } mode local } + listen-ports { + tcp 4443 + udp 4443 + } network-settings { client-ip-settings { subnet 192.168.160.0/24 -- cgit v1.2.3 From c2fc87c02dd556dd1569ff2fd81c9e2485a80459 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Fri, 26 Aug 2022 10:53:35 +0000 Subject: smoketest: T4643: Delete vpn sstp from config as we have HTTP HTTP and sstp cannot work together and in the test config 1.4-rolling-202106290839 we didnot have configurable port for such services So we shoud delete sstp from this smoketest config test In fact it is never working at all 'smoketest/configs/pki-misc' It commits without errors before but in the real life we get 3 services (https openconnect sstp) that bound the same port --- smoketest/configs/pki-misc | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'smoketest/configs') diff --git a/smoketest/configs/pki-misc b/smoketest/configs/pki-misc index 4db795565..a84723757 100644 --- a/smoketest/configs/pki-misc +++ b/smoketest/configs/pki-misc @@ -74,26 +74,6 @@ vpn { key-file /config/auth/ovpn_test_server.key } } - sstp { - authentication { - local-users { - username test { - password test - } - } - mode local - protocols mschap-v2 - } - client-ip-pool { - subnet 192.168.170.0/24 - } - gateway-address 192.168.150.1 - ssl { - ca-cert-file /config/auth/ovpn_test_ca.pem - cert-file /config/auth/ovpn_test_server.pem - key-file /config/auth/ovpn_test_server.key - } - } } -- cgit v1.2.3 From b15e550fe7d7c7f0040b10b72b24d4ba55a0a4c4 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 27 Aug 2022 08:04:20 +0200 Subject: Revert "smoketest: T4643: Delete vpn sstp from config as we have HTTP" This reverts commit c2fc87c02dd556dd1569ff2fd81c9e2485a80459. --- smoketest/configs/pki-misc | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'smoketest/configs') diff --git a/smoketest/configs/pki-misc b/smoketest/configs/pki-misc index a84723757..4db795565 100644 --- a/smoketest/configs/pki-misc +++ b/smoketest/configs/pki-misc @@ -74,6 +74,26 @@ vpn { key-file /config/auth/ovpn_test_server.key } } + sstp { + authentication { + local-users { + username test { + password test + } + } + mode local + protocols mschap-v2 + } + client-ip-pool { + subnet 192.168.170.0/24 + } + gateway-address 192.168.150.1 + ssl { + ca-cert-file /config/auth/ovpn_test_ca.pem + cert-file /config/auth/ovpn_test_server.pem + key-file /config/auth/ovpn_test_server.key + } + } } -- cgit v1.2.3 From 8458e9b0efeb4b60b15b86c0599e4b890fa3fcc8 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 27 Aug 2022 08:04:24 +0200 Subject: Revert "smoketest: T4643: Change openconnect default port" This reverts commit fa91f567b7b5f009aaaed569b3f5e5db4b638d39. --- smoketest/configs/pki-misc | 4 ---- 1 file changed, 4 deletions(-) (limited to 'smoketest/configs') diff --git a/smoketest/configs/pki-misc b/smoketest/configs/pki-misc index 4db795565..c90226a2a 100644 --- a/smoketest/configs/pki-misc +++ b/smoketest/configs/pki-misc @@ -59,10 +59,6 @@ vpn { } mode local } - listen-ports { - tcp 4443 - udp 4443 - } network-settings { client-ip-settings { subnet 192.168.160.0/24 -- cgit v1.2.3 From 94a1728ae31948e9c52ad516493087f0ec1a088b Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 27 Aug 2022 08:07:41 +0200 Subject: smoketest: T4643: create individual configs fot https service and sstp vpn --- smoketest/configs/pki-misc | 98 ---------------------------------- smoketest/configs/service-https | 55 +++++++++++++++++++ smoketest/configs/vpn-openconnect-sstp | 89 ++++++++++++++++++++++++++++++ 3 files changed, 144 insertions(+), 98 deletions(-) delete mode 100644 smoketest/configs/pki-misc create mode 100644 smoketest/configs/service-https create mode 100644 smoketest/configs/vpn-openconnect-sstp (limited to 'smoketest/configs') diff --git a/smoketest/configs/pki-misc b/smoketest/configs/pki-misc deleted file mode 100644 index c90226a2a..000000000 --- a/smoketest/configs/pki-misc +++ /dev/null @@ -1,98 +0,0 @@ -interfaces { - ethernet eth0 { - address 192.168.150.1/24 - } -} -service { - https { - certificates { - system-generated-certificate { - lifetime 365 - } - } - } -} -system { - config-management { - commit-revisions 100 - } - console { - device ttyS0 { - speed 115200 - } - } - host-name vyos - login { - user vyos { - authentication { - encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ - plaintext-password "" - } - } - } - ntp { - server time1.vyos.net { - } - server time2.vyos.net { - } - server time3.vyos.net { - } - } - syslog { - global { - facility all { - level info - } - facility protocols { - level debug - } - } - } -} -vpn { - openconnect { - authentication { - local-users { - username test { - password test - } - } - mode local - } - network-settings { - client-ip-settings { - subnet 192.168.160.0/24 - } - } - ssl { - ca-cert-file /config/auth/ovpn_test_ca.pem - cert-file /config/auth/ovpn_test_server.pem - key-file /config/auth/ovpn_test_server.key - } - } - sstp { - authentication { - local-users { - username test { - password test - } - } - mode local - protocols mschap-v2 - } - client-ip-pool { - subnet 192.168.170.0/24 - } - gateway-address 192.168.150.1 - ssl { - ca-cert-file /config/auth/ovpn_test_ca.pem - cert-file /config/auth/ovpn_test_server.pem - key-file /config/auth/ovpn_test_server.key - } - } -} - - -// Warning: Do not remove the following line. -// vyos-config-version: "bgp@1:broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@2:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@6:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:policy@1:pppoe-server@5:pptp@2:qos@1:quagga@9:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrf@2:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" -// Release version: 1.4-rolling-202106290839 diff --git a/smoketest/configs/service-https b/smoketest/configs/service-https new file mode 100644 index 000000000..d478d5731 --- /dev/null +++ b/smoketest/configs/service-https @@ -0,0 +1,55 @@ +interfaces { + ethernet eth0 { + address 192.168.150.1/24 + } +} +service { + https { + certificates { + system-generated-certificate { + lifetime 365 + } + } + } +} +system { + config-management { + commit-revisions 100 + } + console { + device ttyS0 { + speed 115200 + } + } + host-name vyos + login { + user vyos { + authentication { + encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ + plaintext-password "" + } + } + } + ntp { + server time1.vyos.net { + } + server time2.vyos.net { + } + server time3.vyos.net { + } + } + syslog { + global { + facility all { + level info + } + facility protocols { + level debug + } + } + } +} + +// Warning: Do not remove the following line. +// vyos-config-version: "bgp@1:broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@2:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@6:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:policy@1:pppoe-server@5:pptp@2:qos@1:quagga@9:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrf@2:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" +// Release version: 1.4-rolling-202106290839 diff --git a/smoketest/configs/vpn-openconnect-sstp b/smoketest/configs/vpn-openconnect-sstp new file mode 100644 index 000000000..45e6dd9b2 --- /dev/null +++ b/smoketest/configs/vpn-openconnect-sstp @@ -0,0 +1,89 @@ +interfaces { + ethernet eth0 { + address 192.168.150.1/24 + } +} +system { + config-management { + commit-revisions 100 + } + console { + device ttyS0 { + speed 115200 + } + } + host-name vyos + login { + user vyos { + authentication { + encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ + plaintext-password "" + } + } + } + ntp { + server time1.vyos.net { + } + server time2.vyos.net { + } + server time3.vyos.net { + } + } + syslog { + global { + facility all { + level info + } + facility protocols { + level debug + } + } + } +} +vpn { + openconnect { + authentication { + local-users { + username test { + password test + } + } + mode local + } + network-settings { + client-ip-settings { + subnet 192.168.160.0/24 + } + } + ssl { + ca-cert-file /config/auth/ovpn_test_ca.pem + cert-file /config/auth/ovpn_test_server.pem + key-file /config/auth/ovpn_test_server.key + } + } + sstp { + authentication { + local-users { + username test { + password test + } + } + mode local + protocols mschap-v2 + } + client-ip-pool { + subnet 192.168.170.0/24 + } + gateway-address 192.168.150.1 + ssl { + ca-cert-file /config/auth/ovpn_test_ca.pem + cert-file /config/auth/ovpn_test_server.pem + key-file /config/auth/ovpn_test_server.key + } + } +} + + +// Warning: Do not remove the following line. +// vyos-config-version: "bgp@1:broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@2:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@6:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:policy@1:pppoe-server@5:pptp@2:qos@1:quagga@9:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrf@2:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" +// Release version: 1.4-rolling-202106290839 -- cgit v1.2.3 From d42991a4c4ec9c6920ae1a8990f7a63cde9bdbea Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 28 Aug 2022 08:39:39 +0200 Subject: smoketest: T4643: bind sstp service to port 8443 --- smoketest/configs/vpn-openconnect-sstp | 1 + 1 file changed, 1 insertion(+) (limited to 'smoketest/configs') diff --git a/smoketest/configs/vpn-openconnect-sstp b/smoketest/configs/vpn-openconnect-sstp index 45e6dd9b2..59a26f501 100644 --- a/smoketest/configs/vpn-openconnect-sstp +++ b/smoketest/configs/vpn-openconnect-sstp @@ -75,6 +75,7 @@ vpn { subnet 192.168.170.0/24 } gateway-address 192.168.150.1 + port 8443 ssl { ca-cert-file /config/auth/ovpn_test_ca.pem cert-file /config/auth/ovpn_test_server.pem -- cgit v1.2.3 From cc5a19dcbff071117437608d9ae93c734514010a Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 29 Aug 2022 06:35:59 +0200 Subject: smoketest: config: drop almost empty https service test --- smoketest/configs/service-https | 55 ----------------------------------------- 1 file changed, 55 deletions(-) delete mode 100644 smoketest/configs/service-https (limited to 'smoketest/configs') diff --git a/smoketest/configs/service-https b/smoketest/configs/service-https deleted file mode 100644 index d478d5731..000000000 --- a/smoketest/configs/service-https +++ /dev/null @@ -1,55 +0,0 @@ -interfaces { - ethernet eth0 { - address 192.168.150.1/24 - } -} -service { - https { - certificates { - system-generated-certificate { - lifetime 365 - } - } - } -} -system { - config-management { - commit-revisions 100 - } - console { - device ttyS0 { - speed 115200 - } - } - host-name vyos - login { - user vyos { - authentication { - encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ - plaintext-password "" - } - } - } - ntp { - server time1.vyos.net { - } - server time2.vyos.net { - } - server time3.vyos.net { - } - } - syslog { - global { - facility all { - level info - } - facility protocols { - level debug - } - } - } -} - -// Warning: Do not remove the following line. -// vyos-config-version: "bgp@1:broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@2:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@6:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:policy@1:pppoe-server@5:pptp@2:qos@1:quagga@9:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrf@2:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" -// Release version: 1.4-rolling-202106290839 -- cgit v1.2.3