1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
#!/usr/bin/env python3
#
# Copyright (C) 2023-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import re
import unittest
from base_accel_ppp_test import BasicAccelPPPTest
from configparser import ConfigParser
from vyos.utils.process import cmd
class TestVPNL2TPServer(BasicAccelPPPTest.TestCase):
@classmethod
def setUpClass(cls):
cls._base_path = ['vpn', 'l2tp', 'remote-access']
cls._config_file = '/run/accel-pppd/l2tp.conf'
cls._chap_secrets = '/run/accel-pppd/l2tp.chap-secrets'
cls._protocol_section = 'l2tp'
# call base-classes classmethod
super(TestVPNL2TPServer, cls).setUpClass()
@classmethod
def tearDownClass(cls):
super(TestVPNL2TPServer, cls).tearDownClass()
def basic_protocol_specific_config(self):
pass
def test_l2tp_server_authentication_protocols(self):
# Test configuration of local authentication protocols
self.basic_config()
# explicitly test mschap-v2 - no special reason
self.set( ['authentication', 'protocols', 'mschap-v2'])
# commit changes
self.cli_commit()
# Validate configuration values
conf = ConfigParser(allow_no_value=True)
conf.read(self._config_file)
self.assertEqual(conf['modules']['auth_mschap_v2'], None)
def test_vpn_l2tp_dependence_ipsec_swanctl(self):
# Test config vpn for tasks T3843 and T5926
base_path = ['vpn', 'l2tp', 'remote-access']
# make precondition
self.cli_set(['interfaces', 'dummy', 'dum0', 'address', '203.0.113.1/32'])
self.cli_set(['vpn', 'ipsec', 'interface', 'dum0'])
self.cli_commit()
# check ipsec apply to swanctl
self.assertEqual('', cmd('echo vyos | sudo -S swanctl -L '))
self.cli_set(base_path + ['authentication', 'local-users', 'username', 'foo', 'password', 'bar'])
self.cli_set(base_path + ['authentication', 'mode', 'local'])
self.cli_set(base_path + ['authentication', 'protocols', 'chap'])
self.cli_set(base_path + ['client-ip-pool', 'first', 'range', '10.200.100.100-10.200.100.110'])
self.cli_set(base_path + ['description', 'VPN - REMOTE'])
self.cli_set(base_path + ['name-server', '1.1.1.1'])
self.cli_set(base_path + ['ipsec-settings', 'authentication', 'mode', 'pre-shared-secret'])
self.cli_set(base_path + ['ipsec-settings', 'authentication', 'pre-shared-secret', 'SeCret'])
self.cli_set(base_path + ['ipsec-settings', 'ike-lifetime', '8600'])
self.cli_set(base_path + ['ipsec-settings', 'lifetime', '3600'])
self.cli_set(base_path + ['outside-address', '203.0.113.1'])
self.cli_set(base_path + ['gateway-address', '203.0.113.1'])
self.cli_commit()
# check l2tp apply to swanctl
self.assertTrue('l2tp_remote_access:' in cmd('echo vyos | sudo -S swanctl -L '))
self.cli_delete(['vpn', 'l2tp'])
self.cli_commit()
# check l2tp apply to swanctl after delete config
self.assertEqual('', cmd('echo vyos | sudo -S swanctl -L '))
# need to correct tearDown test
self.basic_config()
self.cli_set(base_path + ['authentication', 'protocols', 'chap'])
self.cli_commit()
if __name__ == '__main__':
unittest.main(verbosity=2)
|
