summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-07-03 11:40:19 +0000
committerChristian Poessinger <christian@poessinger.com>2021-07-03 13:45:31 +0200
commit2d79a5000c8a02fd7570f629c3182fd55fdb8c86 (patch)
treef6e32e8e97e805a9b08c18eeb7ab5e1833609311 /src
parentff004bee54df0b298c56e91b5f41dda075d35220 (diff)
downloadvyos-1x-2d79a5000c8a02fd7570f629c3182fd55fdb8c86.tar.gz
vyos-1x-2d79a5000c8a02fd7570f629c3182fd55fdb8c86.zip
ipsec: T2816: add Jinja2 converter for ESP/IKE groups to string
Diffstat (limited to 'src')
-rw-r--r--src/tests/test_template.py60
1 files changed, 60 insertions, 0 deletions
diff --git a/src/tests/test_template.py b/src/tests/test_template.py
index 67c0fe84a..2d065f545 100644
--- a/src/tests/test_template.py
+++ b/src/tests/test_template.py
@@ -122,3 +122,63 @@ class TestVyOSTemplate(TestCase):
self.assertTrue(vyos.template.compare_netmask('2001:db8:1000::/48', '2001:db8:2000::/48'))
self.assertTrue(vyos.template.compare_netmask('2001:db8:1000::/64', '2001:db8:2000::/64'))
self.assertFalse(vyos.template.compare_netmask('2001:db8:1000::/48', '2001:db8:2000::/64'))
+
+ def test_cipher_to_string(self):
+ ESP_DEFAULT = 'aes256gcm128-sha256-ecp256,aes128ccm64-sha256-ecp256'
+ IKEv2_DEFAULT = 'aes256gcm128-sha256-ecp256,aes128ccm128-md5_128-modp1024'
+
+ data = {
+ 'esp_group': {
+ 'ESP_DEFAULT': {
+ 'compression': 'disable',
+ 'lifetime': '3600',
+ 'mode': 'tunnel',
+ 'pfs': 'dh-group19',
+ 'proposal': {
+ '10': {
+ 'encryption': 'aes256gcm128',
+ 'hash': 'sha256',
+ },
+ '20': {
+ 'encryption': 'aes128ccm64',
+ 'hash': 'sha256',
+ }
+ }
+ }
+ },
+ 'ike_group': {
+ 'IKEv2_DEFAULT': {
+ 'close_action': 'none',
+ 'dead_peer_detection': {
+ 'action': 'hold',
+ 'interval': '30',
+ 'timeout': '120'
+ },
+ 'ikev2_reauth': 'no',
+ 'key_exchange': 'ikev2',
+ 'lifetime': '10800',
+ 'mobike': 'disable',
+ 'proposal': {
+ '10': {
+ 'dh_group': '19',
+ 'encryption': 'aes256gcm128',
+ 'hash': 'sha256'
+ },
+ '20': {
+ 'dh_group': '2',
+ 'encryption': 'aes128ccm128',
+ 'hash': 'md5_128'
+ },
+ }
+ }
+ },
+ }
+
+ for group_name, group_config in data['esp_group'].items():
+ ciphers = vyos.template.get_esp_ike_cipher(group_config)
+ self.assertIn(ESP_DEFAULT, ','.join(ciphers))
+
+ for group_name, group_config in data['ike_group'].items():
+ ciphers = vyos.template.get_esp_ike_cipher(group_config)
+ self.assertIn(IKEv2_DEFAULT, ','.join(ciphers))
+