summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli/test_interfaces_openvpn.py
diff options
context:
space:
mode:
authorNataliia Solomko <natalirs1985@gmail.com>2024-06-11 18:04:18 +0300
committerNataliia Solomko <natalirs1985@gmail.com>2024-06-11 18:04:18 +0300
commit0f669a22615a18c3cd8da2f65f3ed79686992320 (patch)
tree217d18dbb2a6dfa4c0b431d9196110c8a1daee99 /smoketest/scripts/cli/test_interfaces_openvpn.py
parent82607438d6df5291c581d802c7a2a98eabe084ff (diff)
downloadvyos-1x-0f669a22615a18c3cd8da2f65f3ed79686992320.tar.gz
vyos-1x-0f669a22615a18c3cd8da2f65f3ed79686992320.zip
openvpn: T5487: Remove eprecated option --cipher for server and client mode
Diffstat (limited to 'smoketest/scripts/cli/test_interfaces_openvpn.py')
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_openvpn.py20
1 files changed, 16 insertions, 4 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_openvpn.py b/smoketest/scripts/cli/test_interfaces_openvpn.py
index e1e9a4ec7..9ca661e87 100755
--- a/smoketest/scripts/cli/test_interfaces_openvpn.py
+++ b/smoketest/scripts/cli/test_interfaces_openvpn.py
@@ -164,6 +164,12 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
self.cli_commit()
self.cli_delete(path + ['shared-secret-key', 'ovpn_test'])
+ # check validate() - cannot specify "encryption cipher" in client mode
+ self.cli_set(path + ['encryption', 'cipher', 'aes192gcm'])
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ self.cli_delete(path + ['encryption', 'cipher'])
+
self.cli_set(path + ['tls', 'ca-certificate', 'ovpn_test'])
self.cli_set(path + ['tls', 'certificate', 'ovpn_test'])
@@ -191,7 +197,7 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
auth_hash = 'sha1'
self.cli_set(path + ['device-type', 'tun'])
- self.cli_set(path + ['encryption', 'cipher', 'aes256'])
+ self.cli_set(path + ['encryption', 'ncp-ciphers', 'aes256'])
self.cli_set(path + ['hash', auth_hash])
self.cli_set(path + ['mode', 'client'])
self.cli_set(path + ['persistent-tunnel'])
@@ -221,7 +227,7 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
self.assertIn(f'remote {remote_host}', config)
self.assertIn(f'persist-tun', config)
self.assertIn(f'auth {auth_hash}', config)
- self.assertIn(f'cipher AES-256-CBC', config)
+ self.assertIn(f'data-ciphers AES-256-CBC', config)
# TLS options
self.assertIn(f'ca /run/openvpn/{interface}_ca.pem', config)
@@ -328,6 +334,12 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
self.cli_commit()
self.cli_delete(path + ['tls', 'dh-params'])
+ # check validate() - cannot specify "encryption cipher" in server mode
+ self.cli_set(path + ['encryption', 'cipher', 'aes256'])
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ self.cli_delete(path + ['encryption', 'cipher'])
+
# Now test the other path with tls role passive
self.cli_set(path + ['tls', 'role', 'passive'])
# check validate() - cannot specify "tcp-active" when "tls role" is "passive"
@@ -359,7 +371,7 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
port = str(2000 + ii)
self.cli_set(path + ['device-type', 'tun'])
- self.cli_set(path + ['encryption', 'cipher', 'aes192'])
+ self.cli_set(path + ['encryption', 'ncp-ciphers', 'aes192'])
self.cli_set(path + ['hash', auth_hash])
self.cli_set(path + ['mode', 'server'])
self.cli_set(path + ['local-port', port])
@@ -404,7 +416,7 @@ class TestInterfacesOpenVPN(VyOSUnitTestSHIM.TestCase):
self.assertIn(f'persist-key', config)
self.assertIn(f'proto udp', config) # default protocol
self.assertIn(f'auth {auth_hash}', config)
- self.assertIn(f'cipher AES-192-CBC', config)
+ self.assertIn(f'data-ciphers AES-192-CBC', config)
self.assertIn(f'topology subnet', config)
self.assertIn(f'lport {port}', config)
self.assertIn(f'push "redirect-gateway def1"', config)