summaryrefslogtreecommitdiff
path: root/smoketest/scripts
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-04-12 07:09:25 +0200
committerGitHub <noreply@github.com>2024-04-12 07:09:25 +0200
commit041a57d69dc7b8d104b8e3a6e8b35723552a1b63 (patch)
treebcaca728b1c782108790989a5dd030c28d7a6251 /smoketest/scripts
parent00be89b76bc1b6ec0ce04dc7957a8dbc7a65065b (diff)
parentecc83562b4d756cc50910561a3f52ec260aeb478 (diff)
downloadvyos-1x-041a57d69dc7b8d104b8e3a6e8b35723552a1b63.tar.gz
vyos-1x-041a57d69dc7b8d104b8e3a6e8b35723552a1b63.zip
Merge pull request #2708 from lucasec/t5871
T5871: ipsec remote access VPN: specify "cacerts" for client auth
Diffstat (limited to 'smoketest/scripts')
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_ipsec.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py
index 6d3a93877..145b5990e 100755
--- a/smoketest/scripts/cli/test_vpn_ipsec.py
+++ b/smoketest/scripts/cli/test_vpn_ipsec.py
@@ -757,6 +757,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
f'id = "{local_id}"',
f'auth = pubkey',
f'certs = peer1.pem',
+ f'cacerts = MyVyOS-CA.pem',
f'auth = eap-tls',
f'eap_id = %any',
f'esp_proposals = aes256-sha512,aes256-sha384,aes256-sha256,aes256-sha1,aes128gcm128-sha256',
@@ -840,6 +841,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'authentication', 'x509', 'ca-certificate', ca_name])
+ self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'authentication', 'x509', 'ca-certificate', int_ca_name])
self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'esp-group', esp_group])
self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'ike-group', ike_group])
@@ -867,6 +869,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
f'id = "{local_id}"',
f'auth = pubkey',
f'certs = peer1.pem',
+ f'cacerts = MyVyOS-CA.pem,MyVyOS-IntCA.pem',
f'esp_proposals = aes256-sha512,aes256-sha384,aes256-sha256,aes256-sha1,aes128gcm128-sha256',
f'rekey_time = {eap_lifetime}s',
f'rand_time = 540s',
@@ -894,6 +897,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
# Check Root CA, Intermediate CA and Peer cert/key pair is present
self.assertTrue(os.path.exists(os.path.join(CA_PATH, f'{ca_name}.pem')))
+ self.assertTrue(os.path.exists(os.path.join(CA_PATH, f'{int_ca_name}.pem')))
self.assertTrue(os.path.exists(os.path.join(CERT_PATH, f'{peer_name}.pem')))
self.tearDownPKI()