diff options
author | Lucas Christian <lucas@lucasec.com> | 2024-07-03 23:14:45 -0700 |
---|---|---|
committer | Lucas Christian <lucas@lucasec.com> | 2024-07-26 18:26:30 -0700 |
commit | 376e2d898f26c13a31f80d877f4e2621fd6efb0f (patch) | |
tree | 8537e50f3c62b4dc880af60b57c4ccce612bdf44 /smoketest/scripts | |
parent | 4d2c89dcd50d3c158dc76ac5ab843dd66105bc02 (diff) | |
download | vyos-1x-376e2d898f26c13a31f80d877f4e2621fd6efb0f.tar.gz vyos-1x-376e2d898f26c13a31f80d877f4e2621fd6efb0f.zip |
T5873: vpn ipsec: re-write of ipsec updown hook
Diffstat (limited to 'smoketest/scripts')
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_vti.py | 3 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_vpn_ipsec.py | 19 |
2 files changed, 18 insertions, 4 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_vti.py b/smoketest/scripts/cli/test_interfaces_vti.py index 871ac650b..8d90ca5ad 100755 --- a/smoketest/scripts/cli/test_interfaces_vti.py +++ b/smoketest/scripts/cli/test_interfaces_vti.py @@ -39,7 +39,8 @@ class VTIInterfaceTest(BasicInterfaceTest.TestCase): self.cli_commit() - # VTI interface are always down and only brought up by IPSec + # VTI interfaces are default down and only brought up when an + # IPSec connection is configured to use them for intf in self._interfaces: self.assertTrue(is_intf_addr_assigned(intf, addr)) self.assertEqual(Interface(intf).get_admin_state(), 'down') diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py index 2674b37b6..3b8687b93 100755 --- a/smoketest/scripts/cli/test_vpn_ipsec.py +++ b/smoketest/scripts/cli/test_vpn_ipsec.py @@ -20,6 +20,7 @@ import unittest from base_vyostest_shim import VyOSUnitTestSHIM from vyos.configsession import ConfigSessionError +from vyos.ifconfig import Interface from vyos.utils.process import process_named_running from vyos.utils.file import read_file @@ -140,6 +141,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): self.cli_delete(base_path) self.cli_delete(tunnel_path) + self.cli_delete(vti_path) self.cli_commit() # Check for no longer running process @@ -342,6 +344,12 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): for line in swanctl_secrets_lines: self.assertRegex(swanctl_conf, fr'{line}') + # Site-to-site interfaces should start out as 'down' + self.assertEqual(Interface(vti).get_admin_state(), 'down') + + # Disable PKI + self.tearDownPKI() + def test_dmvpn(self): tunnel_if = 'tun100' @@ -478,9 +486,6 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): self.assertTrue(os.path.exists(os.path.join(CA_PATH, f'{int_ca_name}.pem'))) self.assertTrue(os.path.exists(os.path.join(CERT_PATH, f'{peer_name}.pem'))) - # There is only one VTI test so no need to delete this globally in tearDown() - self.cli_delete(vti_path) - # Disable PKI self.tearDownPKI() @@ -1340,6 +1345,14 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): self.assertTrue(os.path.exists(os.path.join(CA_PATH, f'{ca_name}.pem'))) self.assertTrue(os.path.exists(os.path.join(CERT_PATH, f'{peer_name}.pem'))) + # Remote access interfaces should be set to 'up' during configure + self.assertEqual(Interface(vti).get_admin_state(), 'up') + + # Delete the connection to verify the VTI interfaces is taken down + self.cli_delete(base_path + ['remote-access', 'connection', conn_name]) + self.cli_commit() + self.assertEqual(Interface(vti).get_admin_state(), 'down') + self.tearDownPKI() if __name__ == '__main__': |