summaryrefslogtreecommitdiff
path: root/smoketest/scripts
diff options
context:
space:
mode:
authorLucas Christian <lucas@lucasec.com>2024-07-03 23:14:45 -0700
committerLucas Christian <lucas@lucasec.com>2024-07-26 18:26:30 -0700
commit376e2d898f26c13a31f80d877f4e2621fd6efb0f (patch)
tree8537e50f3c62b4dc880af60b57c4ccce612bdf44 /smoketest/scripts
parent4d2c89dcd50d3c158dc76ac5ab843dd66105bc02 (diff)
downloadvyos-1x-376e2d898f26c13a31f80d877f4e2621fd6efb0f.tar.gz
vyos-1x-376e2d898f26c13a31f80d877f4e2621fd6efb0f.zip
T5873: vpn ipsec: re-write of ipsec updown hook
Diffstat (limited to 'smoketest/scripts')
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_vti.py3
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_ipsec.py19
2 files changed, 18 insertions, 4 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_vti.py b/smoketest/scripts/cli/test_interfaces_vti.py
index 871ac650b..8d90ca5ad 100755
--- a/smoketest/scripts/cli/test_interfaces_vti.py
+++ b/smoketest/scripts/cli/test_interfaces_vti.py
@@ -39,7 +39,8 @@ class VTIInterfaceTest(BasicInterfaceTest.TestCase):
self.cli_commit()
- # VTI interface are always down and only brought up by IPSec
+ # VTI interfaces are default down and only brought up when an
+ # IPSec connection is configured to use them
for intf in self._interfaces:
self.assertTrue(is_intf_addr_assigned(intf, addr))
self.assertEqual(Interface(intf).get_admin_state(), 'down')
diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py
index 2674b37b6..3b8687b93 100755
--- a/smoketest/scripts/cli/test_vpn_ipsec.py
+++ b/smoketest/scripts/cli/test_vpn_ipsec.py
@@ -20,6 +20,7 @@ import unittest
from base_vyostest_shim import VyOSUnitTestSHIM
from vyos.configsession import ConfigSessionError
+from vyos.ifconfig import Interface
from vyos.utils.process import process_named_running
from vyos.utils.file import read_file
@@ -140,6 +141,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
self.cli_delete(base_path)
self.cli_delete(tunnel_path)
+ self.cli_delete(vti_path)
self.cli_commit()
# Check for no longer running process
@@ -342,6 +344,12 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
for line in swanctl_secrets_lines:
self.assertRegex(swanctl_conf, fr'{line}')
+ # Site-to-site interfaces should start out as 'down'
+ self.assertEqual(Interface(vti).get_admin_state(), 'down')
+
+ # Disable PKI
+ self.tearDownPKI()
+
def test_dmvpn(self):
tunnel_if = 'tun100'
@@ -478,9 +486,6 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
self.assertTrue(os.path.exists(os.path.join(CA_PATH, f'{int_ca_name}.pem')))
self.assertTrue(os.path.exists(os.path.join(CERT_PATH, f'{peer_name}.pem')))
- # There is only one VTI test so no need to delete this globally in tearDown()
- self.cli_delete(vti_path)
-
# Disable PKI
self.tearDownPKI()
@@ -1340,6 +1345,14 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
self.assertTrue(os.path.exists(os.path.join(CA_PATH, f'{ca_name}.pem')))
self.assertTrue(os.path.exists(os.path.join(CERT_PATH, f'{peer_name}.pem')))
+ # Remote access interfaces should be set to 'up' during configure
+ self.assertEqual(Interface(vti).get_admin_state(), 'up')
+
+ # Delete the connection to verify the VTI interfaces is taken down
+ self.cli_delete(base_path + ['remote-access', 'connection', conn_name])
+ self.cli_commit()
+ self.assertEqual(Interface(vti).get_admin_state(), 'down')
+
self.tearDownPKI()
if __name__ == '__main__':