diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-07-03 15:42:03 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-07-03 15:42:03 +0200 |
| commit | dcfeb0de0a510d00c37101da50205b51dd464d72 (patch) | |
| tree | 4352ed737a931a3d6fbbfb6ecd99cfb84f34661f /src/tests/test_template.py | |
| parent | 13924804aafa9a43b4a300fb9afbdf29b69603fb (diff) | |
| parent | 1e74c0df2179c60036e440e15ed9036163039b2a (diff) | |
| download | vyos-1x-dcfeb0de0a510d00c37101da50205b51dd464d72.tar.gz vyos-1x-dcfeb0de0a510d00c37101da50205b51dd464d72.zip | |
Merge branch 'ipsec-ikev2-remote-access' of github.com:c-po/vyos-1x into current
* 'ipsec-ikev2-remote-access' of github.com:c-po/vyos-1x:
ipsec: T2816: remove default values from Jinja2 template and place them in XML
ipsec: T2816: rework IKE and ESP key assignment
ipsec: T2816: add Jinja2 converter for ESP/IKE groups to string
ipsec: T2816: adjust Jinja2 template to coding style
xml: provide building block for a generic description node
Diffstat (limited to 'src/tests/test_template.py')
| -rw-r--r-- | src/tests/test_template.py | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/src/tests/test_template.py b/src/tests/test_template.py index 67c0fe84a..2d065f545 100644 --- a/src/tests/test_template.py +++ b/src/tests/test_template.py @@ -122,3 +122,63 @@ class TestVyOSTemplate(TestCase): self.assertTrue(vyos.template.compare_netmask('2001:db8:1000::/48', '2001:db8:2000::/48')) self.assertTrue(vyos.template.compare_netmask('2001:db8:1000::/64', '2001:db8:2000::/64')) self.assertFalse(vyos.template.compare_netmask('2001:db8:1000::/48', '2001:db8:2000::/64')) + + def test_cipher_to_string(self): + ESP_DEFAULT = 'aes256gcm128-sha256-ecp256,aes128ccm64-sha256-ecp256' + IKEv2_DEFAULT = 'aes256gcm128-sha256-ecp256,aes128ccm128-md5_128-modp1024' + + data = { + 'esp_group': { + 'ESP_DEFAULT': { + 'compression': 'disable', + 'lifetime': '3600', + 'mode': 'tunnel', + 'pfs': 'dh-group19', + 'proposal': { + '10': { + 'encryption': 'aes256gcm128', + 'hash': 'sha256', + }, + '20': { + 'encryption': 'aes128ccm64', + 'hash': 'sha256', + } + } + } + }, + 'ike_group': { + 'IKEv2_DEFAULT': { + 'close_action': 'none', + 'dead_peer_detection': { + 'action': 'hold', + 'interval': '30', + 'timeout': '120' + }, + 'ikev2_reauth': 'no', + 'key_exchange': 'ikev2', + 'lifetime': '10800', + 'mobike': 'disable', + 'proposal': { + '10': { + 'dh_group': '19', + 'encryption': 'aes256gcm128', + 'hash': 'sha256' + }, + '20': { + 'dh_group': '2', + 'encryption': 'aes128ccm128', + 'hash': 'md5_128' + }, + } + } + }, + } + + for group_name, group_config in data['esp_group'].items(): + ciphers = vyos.template.get_esp_ike_cipher(group_config) + self.assertIn(ESP_DEFAULT, ','.join(ciphers)) + + for group_name, group_config in data['ike_group'].items(): + ciphers = vyos.template.get_esp_ike_cipher(group_config) + self.assertIn(IKEv2_DEFAULT, ','.join(ciphers)) + |