diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-12-30 13:12:57 +0100 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2023-12-30 13:12:57 +0100 |
| commit | 1e46cd606d9d87226fe0400bf3a53bda360808d8 (patch) | |
| tree | 3c652831a42a7cf5a6b989d3a80d8e23c1ec9d17 | |
| parent | 6ba91d40b54a319a7d8d6d7dd6012ab1e4439bc4 (diff) | |
| download | vyos-1x-1e46cd606d9d87226fe0400bf3a53bda360808d8.tar.gz vyos-1x-1e46cd606d9d87226fe0400bf3a53bda360808d8.zip | |
ipsec: T1210: extend remote-access smoketest with IP pool configuration
This extends commit 1a84c4d0e ("ipsec: T1210: add smoketest for remote-access
(road-warrior) users") in a way that also the IPv4 pool and its DNS servers get
validated. There is no separate IPv6 test, as both address families behave
the same way when configuring these.
| -rwxr-xr-x | smoketest/scripts/cli/test_vpn_ipsec.py | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py index deefce935..6f811000f 100755 --- a/smoketest/scripts/cli/test_vpn_ipsec.py +++ b/smoketest/scripts/cli/test_vpn_ipsec.py @@ -549,7 +549,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): def test_07_ikev2_road_warrior(self): - # Enable PKI + # This is a known to be good configuration for Microsoft Windows 10 and Apple iOS 17 self.setupPKI() ike_group = 'IKE-RW' @@ -564,6 +564,9 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): eap_lifetime = '3600' local_id = 'ipsec.vyos.net' + name_servers = ['172.16.254.100', '172.16.254.101'] + prefix = '172.16.250.0/28' + # IKE self.cli_set(base_path + ['ike-group', ike_group, 'key-exchange', 'ikev2']) self.cli_set(base_path + ['ike-group', ike_group, 'lifetime', ike_lifetime]) @@ -609,8 +612,9 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'local-address', local_address]) self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'pool', ip_pool_name]) - self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'name-server', '172.16.254.100']) - self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'prefix', '172.16.250.0/28']) + for ns in name_servers: + self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'name-server', ns]) + self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'prefix', prefix]) self.cli_commit() @@ -649,11 +653,18 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): for line in swanctl_secrets_lines: self.assertIn(line, swanctl_conf) + swanctl_pool_lines = [ + f'{ip_pool_name}', + f'addrs = {prefix}', + f'dns = {",".join(name_servers)}', + ] + for line in swanctl_pool_lines: + self.assertIn(line, swanctl_conf) + # Check Root CA, Intermediate CA and Peer cert/key pair is present self.assertTrue(os.path.exists(os.path.join(CA_PATH, f'{ca_name}_1.pem'))) self.assertTrue(os.path.exists(os.path.join(CERT_PATH, f'{peer_name}.pem'))) - # Disable PKI self.tearDownPKI() if __name__ == '__main__': |