diff options
author | Christian Breunig <christian@breunig.cc> | 2023-08-02 12:22:26 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-02 12:22:26 +0200 |
commit | ea30c0307996ec301474820bbcbf90d5eda7fda4 (patch) | |
tree | fcc31bb6f2437e8e7e8e1428166f08a3b789e4ee /smoketest/scripts/cli/test_interfaces_wireguard.py | |
parent | ad57339e9ce655823e1f8e7ad25dc5560359b8da (diff) | |
parent | fee5669514492e9543b34b3e77e08d1552dee386 (diff) | |
download | vyos-1x-ea30c0307996ec301474820bbcbf90d5eda7fda4.tar.gz vyos-1x-ea30c0307996ec301474820bbcbf90d5eda7fda4.zip |
Merge pull request #2122 from aapostoliuk/T5413
wireguard: T5413: Blocked adding the peer with the router's public key
Diffstat (limited to 'smoketest/scripts/cli/test_interfaces_wireguard.py')
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_wireguard.py | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_wireguard.py b/smoketest/scripts/cli/test_interfaces_wireguard.py index 14fc8d109..f84ce159d 100755 --- a/smoketest/scripts/cli/test_interfaces_wireguard.py +++ b/smoketest/scripts/cli/test_interfaces_wireguard.py @@ -100,5 +100,34 @@ class WireGuardInterfaceTest(VyOSUnitTestSHIM.TestCase): self.cli_delete(base_path + [interface, 'peer', 'PEER01']) self.cli_commit() + def test_wireguard_same_public_key(self): + # T2939: Create WireGuard interfaces with associated peers. + # Remove one of the configured peers. + # T4774: Test prevention of duplicate peer public keys + interface = 'wg0' + port = '12345' + privkey = 'OOjcXGfgQlAuM6q8Z9aAYduCua7pxf7UKYvIqoUPoGQ=' + pubkey_fail = 'eiVeYKq66mqKLbrZLzlckSP9voaw8jSFyVNiNTdZDjU=' + pubkey_ok = 'ebFx/1G0ti8tvuZd94sEIosAZZIznX+dBAKG/8DFm0I=' + + self.cli_set(base_path + [interface, 'address', '172.16.0.1/24']) + self.cli_set(base_path + [interface, 'private-key', privkey]) + + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'public-key', pubkey_fail]) + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'port', port]) + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'allowed-ips', '10.205.212.10/32']) + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'address', '192.0.2.1']) + + # The same pubkey as the interface wg0 + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'public-key', pubkey_ok]) + + # Commit peers + self.cli_commit() + + self.assertTrue(os.path.isdir(f'/sys/class/net/{interface}')) + if __name__ == '__main__': unittest.main(verbosity=2) |