summaryrefslogtreecommitdiff
path: root/smoketest/scripts
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-12-30 13:12:57 +0100
committerChristian Breunig <christian@breunig.cc>2023-12-30 13:12:57 +0100
commit1e46cd606d9d87226fe0400bf3a53bda360808d8 (patch)
tree3c652831a42a7cf5a6b989d3a80d8e23c1ec9d17 /smoketest/scripts
parent6ba91d40b54a319a7d8d6d7dd6012ab1e4439bc4 (diff)
downloadvyos-1x-1e46cd606d9d87226fe0400bf3a53bda360808d8.tar.gz
vyos-1x-1e46cd606d9d87226fe0400bf3a53bda360808d8.zip
ipsec: T1210: extend remote-access smoketest with IP pool configuration
This extends commit 1a84c4d0e ("ipsec: T1210: add smoketest for remote-access (road-warrior) users") in a way that also the IPv4 pool and its DNS servers get validated. There is no separate IPv6 test, as both address families behave the same way when configuring these.
Diffstat (limited to 'smoketest/scripts')
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_ipsec.py19
1 files changed, 15 insertions, 4 deletions
diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py
index deefce935..6f811000f 100755
--- a/smoketest/scripts/cli/test_vpn_ipsec.py
+++ b/smoketest/scripts/cli/test_vpn_ipsec.py
@@ -549,7 +549,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
def test_07_ikev2_road_warrior(self):
- # Enable PKI
+ # This is a known to be good configuration for Microsoft Windows 10 and Apple iOS 17
self.setupPKI()
ike_group = 'IKE-RW'
@@ -564,6 +564,9 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
eap_lifetime = '3600'
local_id = 'ipsec.vyos.net'
+ name_servers = ['172.16.254.100', '172.16.254.101']
+ prefix = '172.16.250.0/28'
+
# IKE
self.cli_set(base_path + ['ike-group', ike_group, 'key-exchange', 'ikev2'])
self.cli_set(base_path + ['ike-group', ike_group, 'lifetime', ike_lifetime])
@@ -609,8 +612,9 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'local-address', local_address])
self.cli_set(base_path + ['remote-access', 'connection', conn_name, 'pool', ip_pool_name])
- self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'name-server', '172.16.254.100'])
- self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'prefix', '172.16.250.0/28'])
+ for ns in name_servers:
+ self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'name-server', ns])
+ self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'prefix', prefix])
self.cli_commit()
@@ -649,11 +653,18 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
for line in swanctl_secrets_lines:
self.assertIn(line, swanctl_conf)
+ swanctl_pool_lines = [
+ f'{ip_pool_name}',
+ f'addrs = {prefix}',
+ f'dns = {",".join(name_servers)}',
+ ]
+ for line in swanctl_pool_lines:
+ self.assertIn(line, swanctl_conf)
+
# Check Root CA, Intermediate CA and Peer cert/key pair is present
self.assertTrue(os.path.exists(os.path.join(CA_PATH, f'{ca_name}_1.pem')))
self.assertTrue(os.path.exists(os.path.join(CERT_PATH, f'{peer_name}.pem')))
- # Disable PKI
self.tearDownPKI()
if __name__ == '__main__':