diff options
author | Christian Breunig <christian@breunig.cc> | 2023-12-30 13:12:57 +0100 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2023-12-30 13:12:57 +0100 |
commit | 1e46cd606d9d87226fe0400bf3a53bda360808d8 (patch) | |
tree | 3c652831a42a7cf5a6b989d3a80d8e23c1ec9d17 /smoketest/scripts/cli/test_vpn_ipsec.py | |
parent | 6ba91d40b54a319a7d8d6d7dd6012ab1e4439bc4 (diff) | |
download | vyos-1x-1e46cd606d9d87226fe0400bf3a53bda360808d8.tar.gz vyos-1x-1e46cd606d9d87226fe0400bf3a53bda360808d8.zip |
ipsec: T1210: extend remote-access smoketest with IP pool configuration
This extends commit 1a84c4d0e ("ipsec: T1210: add smoketest for remote-access
(road-warrior) users") in a way that also the IPv4 pool and its DNS servers get
validated. There is no separate IPv6 test, as both address families behave
the same way when configuring these.
Diffstat (limited to 'smoketest/scripts/cli/test_vpn_ipsec.py')
-rwxr-xr-x | smoketest/scripts/cli/test_vpn_ipsec.py | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py index deefce935..6f811000f 100755 --- a/smoketest/scripts/cli/test_vpn_ipsec.py +++ b/smoketest/scripts/cli/test_vpn_ipsec.py @@ -549,7 +549,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): def test_07_ikev2_road_warrior(self): - # Enable PKI + # This is a known to be good configuration for Microsoft Windows 10 and Apple iOS 17 self.setupPKI() ike_group = 'IKE-RW' @@ -564,6 +564,9 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): eap_lifetime = '3600' local_id = 'ipsec.vyos.net' + name_servers = ['172.16.254.100', '172.16.254.101'] + prefix = '172.16.250.0/28' + # IKE self.cli_set(base_path + ['ike-group', ike_group, 'key-exchange', 'ikev2']) self.cli_set(base_path + ['ike-group', ike_group, 'lifetime', ike_lifetime]) @@ -609,8 +612,9 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'local-address', local_address]) self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'pool', ip_pool_name]) - self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'name-server', '172.16.254.100']) - self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'prefix', '172.16.250.0/28']) + for ns in name_servers: + self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'name-server', ns]) + self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'prefix', prefix]) self.cli_commit() @@ -649,11 +653,18 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): for line in swanctl_secrets_lines: self.assertIn(line, swanctl_conf) + swanctl_pool_lines = [ + f'{ip_pool_name}', + f'addrs = {prefix}', + f'dns = {",".join(name_servers)}', + ] + for line in swanctl_pool_lines: + self.assertIn(line, swanctl_conf) + # Check Root CA, Intermediate CA and Peer cert/key pair is present self.assertTrue(os.path.exists(os.path.join(CA_PATH, f'{ca_name}_1.pem'))) self.assertTrue(os.path.exists(os.path.join(CERT_PATH, f'{peer_name}.pem'))) - # Disable PKI self.tearDownPKI() if __name__ == '__main__': |