summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-12-30 13:12:57 +0100
committerChristian Breunig <christian@breunig.cc>2023-12-30 13:12:57 +0100
commit1e46cd606d9d87226fe0400bf3a53bda360808d8 (patch)
tree3c652831a42a7cf5a6b989d3a80d8e23c1ec9d17
parent6ba91d40b54a319a7d8d6d7dd6012ab1e4439bc4 (diff)
downloadvyos-1x-1e46cd606d9d87226fe0400bf3a53bda360808d8.tar.gz
vyos-1x-1e46cd606d9d87226fe0400bf3a53bda360808d8.zip
ipsec: T1210: extend remote-access smoketest with IP pool configuration
This extends commit 1a84c4d0e ("ipsec: T1210: add smoketest for remote-access (road-warrior) users") in a way that also the IPv4 pool and its DNS servers get validated. There is no separate IPv6 test, as both address families behave the same way when configuring these.
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_ipsec.py19
1 files changed, 15 insertions, 4 deletions
diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py
index deefce935..6f811000f 100755
--- a/smoketest/scripts/cli/test_vpn_ipsec.py
+++ b/smoketest/scripts/cli/test_vpn_ipsec.py
@@ -549,7 +549,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
def test_07_ikev2_road_warrior(self):
- # Enable PKI
+ # This is a known to be good configuration for Microsoft Windows 10 and Apple iOS 17
self.setupPKI()
ike_group = 'IKE-RW'
@@ -564,6 +564,9 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
eap_lifetime = '3600'
local_id = 'ipsec.vyos.net'
+ name_servers = ['172.16.254.100', '172.16.254.101']
+ prefix = '172.16.250.0/28'
+
# IKE
self.cli_set(base_path + ['ike-group', ike_group, 'key-exchange', 'ikev2'])
self.cli_set(base_path + ['ike-group', ike_group, 'lifetime', ike_lifetime])
@@ -609,8 +612,9 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'local-address', local_address])
self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'pool', ip_pool_name])
- self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'name-server', '172.16.254.100'])
- self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'prefix', '172.16.250.0/28'])
+ for ns in name_servers:
+ self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'name-server', ns])
+ self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'prefix', prefix])
self.cli_commit()
@@ -649,11 +653,18 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
for line in swanctl_secrets_lines:
self.assertIn(line, swanctl_conf)
+ swanctl_pool_lines = [
+ f'{ip_pool_name}',
+ f'addrs = {prefix}',
+ f'dns = {",".join(name_servers)}',
+ ]
+ for line in swanctl_pool_lines:
+ self.assertIn(line, swanctl_conf)
+
# Check Root CA, Intermediate CA and Peer cert/key pair is present
self.assertTrue(os.path.exists(os.path.join(CA_PATH, f'{ca_name}_1.pem')))
self.assertTrue(os.path.exists(os.path.join(CERT_PATH, f'{peer_name}.pem')))
- # Disable PKI
self.tearDownPKI()
if __name__ == '__main__':