summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli/test_vpn_ipsec.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-07-01 21:47:12 +0200
committerChristian Poessinger <christian@poessinger.com>2021-07-02 18:15:59 +0200
commit9c54629086172be2721f8ac8cd085f396c70515b (patch)
tree5e73dd154026ef40c47aa3ce32c012f93149d3e6 /smoketest/scripts/cli/test_vpn_ipsec.py
parent7f97e165a8f3ece96943a7656c88c1d1fc562d42 (diff)
downloadvyos-1x-9c54629086172be2721f8ac8cd085f396c70515b.tar.gz
vyos-1x-9c54629086172be2721f8ac8cd085f396c70515b.zip
smoketest: ipsec: place peer local-address into variable
Diffstat (limited to 'smoketest/scripts/cli/test_vpn_ipsec.py')
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_ipsec.py18
1 files changed, 10 insertions, 8 deletions
diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py
index ec1c2765e..b18e391ec 100755
--- a/smoketest/scripts/cli/test_vpn_ipsec.py
+++ b/smoketest/scripts/cli/test_vpn_ipsec.py
@@ -86,12 +86,14 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + ['ike-group', ike_group, 'key-exchange', 'ikev2'])
# Site to site
+ local_address = '192.0.2.10'
peer_base_path = base_path + ['site-to-site', 'peer', peer_ip]
+
self.cli_set(peer_base_path + ['authentication', 'mode', 'pre-shared-secret'])
self.cli_set(peer_base_path + ['authentication', 'pre-shared-secret', secret])
self.cli_set(peer_base_path + ['ike-group', ike_group])
self.cli_set(peer_base_path + ['default-esp-group', esp_group])
- self.cli_set(peer_base_path + ['local-address', '192.0.2.10'])
+ self.cli_set(peer_base_path + ['local-address', local_address])
self.cli_set(peer_base_path + ['tunnel', '1', 'protocol', 'tcp'])
self.cli_set(peer_base_path + ['tunnel', '1', 'local', 'prefix', '172.16.10.0/24'])
self.cli_set(peer_base_path + ['tunnel', '1', 'local', 'prefix', '172.16.11.0/24'])
@@ -109,7 +111,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
f'auth = psk',
f'proposals = aes128-sha1-modp1024',
f'esp_proposals = aes128-sha1-modp1024',
- f'local_addrs = 192.0.2.10 # dhcp:no',
+ f'local_addrs = {local_address} # dhcp:no',
f'remote_addrs = {peer_ip}',
f'mode = tunnel',
f'local_ts = 172.16.10.0/24[tcp/443],172.16.11.0/24[tcp/443]',
@@ -119,7 +121,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
self.assertIn(line, swanctl_conf)
swanctl_secrets_lines = [
- f'id-local = 192.0.2.10 # dhcp:no',
+ f'id-local = {local_address} # dhcp:no',
f'id-remote = {peer_ip}',
f'secret = "{secret}"'
]
@@ -128,10 +130,10 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
def test_03_site_to_site_vti(self):
- # VTI interface
+ local_address = '192.0.2.10'
vti = 'vti10'
+ # VTI interface
self.cli_set(vti_path + [vti, 'address', '10.1.1.1/24'])
-
self.cli_set(base_path + ['ike-group', ike_group, 'key-exchange', 'ikev2'])
# Site to site
@@ -140,7 +142,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
self.cli_set(peer_base_path + ['authentication', 'pre-shared-secret', secret])
self.cli_set(peer_base_path + ['ike-group', ike_group])
self.cli_set(peer_base_path + ['default-esp-group', esp_group])
- self.cli_set(peer_base_path + ['local-address', '192.0.2.10'])
+ self.cli_set(peer_base_path + ['local-address', local_address])
self.cli_set(peer_base_path + ['tunnel', '1', 'local', 'prefix', '172.16.10.0/24'])
self.cli_set(peer_base_path + ['tunnel', '1', 'local', 'prefix', '172.16.11.0/24'])
self.cli_set(peer_base_path + ['tunnel', '1', 'remote', 'prefix', '172.17.10.0/24'])
@@ -156,7 +158,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
f'auth = psk',
f'proposals = aes128-sha1-modp1024',
f'esp_proposals = aes128-sha1-modp1024',
- f'local_addrs = 192.0.2.10 # dhcp:no',
+ f'local_addrs = {local_address} # dhcp:no',
f'remote_addrs = {peer_ip}',
f'mode = tunnel',
f'local_ts = 172.16.10.0/24,172.16.11.0/24',
@@ -169,7 +171,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
self.assertIn(line, swanctl_conf)
swanctl_secrets_lines = [
- f'id-local = 192.0.2.10 # dhcp:no',
+ f'id-local = {local_address} # dhcp:no',
f'id-remote = {peer_ip}',
f'secret = "{secret}"'
]