diff options
| author | Yuya Kusakabe <yuya.kusakabe@gmail.com> | 2017-01-11 01:36:05 +0900 |
|---|---|---|
| committer | Yuya Kusakabe <yuya.kusakabe@gmail.com> | 2017-01-11 10:39:18 +0900 |
| commit | 79060076f217eebf8f8e5f829bd035b47adef06a (patch) | |
| tree | 7040038eb7778b7de803b8dc3a4fc9d13ad17d6a /spec/site_to_site_vpn | |
| download | vyos-integration-test-79060076f217eebf8f8e5f829bd035b47adef06a.tar.gz vyos-integration-test-79060076f217eebf8f8e5f829bd035b47adef06a.zip | |
Initial commit
Diffstat (limited to 'spec/site_to_site_vpn')
| -rw-r--r-- | spec/site_to_site_vpn/Vagrantfile | 28 | ||||
| -rw-r--r-- | spec/site_to_site_vpn/config.yaml | 15 | ||||
| -rw-r--r-- | spec/site_to_site_vpn/vyos1_script.sh | 28 | ||||
| -rw-r--r-- | spec/site_to_site_vpn/vyos1_spec.rb | 12 | ||||
| -rw-r--r-- | spec/site_to_site_vpn/vyos2_script.sh | 28 | ||||
| -rw-r--r-- | spec/site_to_site_vpn/vyos2_spec.rb | 12 | ||||
| -rw-r--r-- | spec/site_to_site_vpn/vyos3_script.sh | 8 | ||||
| -rw-r--r-- | spec/site_to_site_vpn/vyos3_spec.rb | 16 | ||||
| -rw-r--r-- | spec/site_to_site_vpn/vyos4_script.sh | 8 | ||||
| -rw-r--r-- | spec/site_to_site_vpn/vyos4_spec.rb | 16 |
10 files changed, 171 insertions, 0 deletions
diff --git a/spec/site_to_site_vpn/Vagrantfile b/spec/site_to_site_vpn/Vagrantfile new file mode 100644 index 0000000..03b9ff7 --- /dev/null +++ b/spec/site_to_site_vpn/Vagrantfile @@ -0,0 +1,28 @@ +require 'yaml' + +configs = YAML.load_file("config.yaml") + +Vagrant.configure("2") do |config| + config.vm.provider :libvirt do |libvirt| + libvirt.cpu_mode = 'host-passthrough' + end + configs.keys.each do |host| + config.vm.define host.to_sym do |c| + c.vm.box = "higebu/vyos" + c.vm.synced_folder "./", "/vagrant", + :owner => "vagrant", + :group => "vyattacfg", + :mount_options => ["dmode=775,fmode=775"] + c.vm.hostname = host + if !configs[host].nil? and configs[host].has_key? :networks + configs[host][:networks].keys.each do |net| + c.vm.network :private_network, + :ip => configs[host][:networks][net], + :libvirt__network_name => net, + :libvirt__dhcp_enabled => false + end + end + c.vm.provision "shell", path: "#{host}_script.sh" + end + end +end diff --git a/spec/site_to_site_vpn/config.yaml b/spec/site_to_site_vpn/config.yaml new file mode 100644 index 0000000..01178dc --- /dev/null +++ b/spec/site_to_site_vpn/config.yaml @@ -0,0 +1,15 @@ +--- +vyos1: + :networks: + net1: "10.0.1.11" + net2: "10.0.2.11" +vyos2: + :networks: + net1: "10.0.1.12" + net3: "10.0.3.11" +vyos3: + :networks: + net2: "10.0.2.13" +vyos4: + :networks: + net3: "10.0.3.14" diff --git a/spec/site_to_site_vpn/vyos1_script.sh b/spec/site_to_site_vpn/vyos1_script.sh new file mode 100644 index 0000000..8033692 --- /dev/null +++ b/spec/site_to_site_vpn/vyos1_script.sh @@ -0,0 +1,28 @@ +#!/bin/vbash + +source /opt/vyatta/etc/functions/script-template + +set vpn ipsec ike-group ike-g proposal 1 encryption aes256 +set vpn ipsec ike-group ike-g proposal 1 hash sha1 +set vpn ipsec ike-group ike-g proposal 1 dh-group 2 +set vpn ipsec ike-group ike-g lifetime 28800 +set vpn ipsec ike-group ike-g dead-peer-detection action restart +set vpn ipsec ike-group ike-g dead-peer-detection interval 15 +set vpn ipsec ike-group ike-g dead-peer-detection timeout 90 + +set vpn ipsec esp-group esp-g proposal 1 encryption aes256 +set vpn ipsec esp-group esp-g proposal 1 hash sha1 +set vpn ipsec esp-group esp-g lifetime 3600 + +set vpn ipsec ipsec-interfaces interface eth1 + +set vpn ipsec site-to-site peer 10.0.1.12 authentication mode pre-shared-secret +set vpn ipsec site-to-site peer 10.0.1.12 authentication pre-shared-secret test +set vpn ipsec site-to-site peer 10.0.1.12 ike-group ike-g +set vpn ipsec site-to-site peer 10.0.1.12 default-esp-group esp-g +set vpn ipsec site-to-site peer 10.0.1.12 local-address 10.0.1.11 +set vpn ipsec site-to-site peer 10.0.1.12 tunnel 1 local prefix 10.0.2.0/24 +set vpn ipsec site-to-site peer 10.0.1.12 tunnel 1 remote prefix 10.0.3.0/24 + +commit +save diff --git a/spec/site_to_site_vpn/vyos1_spec.rb b/spec/site_to_site_vpn/vyos1_spec.rb new file mode 100644 index 0000000..6506d93 --- /dev/null +++ b/spec/site_to_site_vpn/vyos1_spec.rb @@ -0,0 +1,12 @@ +require_relative '../spec_helper' +require 'serverspec_vyos_config' + +File.open('spec/site_to_site_vpn/vyos1_script.sh') do |file| + file.each_line do |l| + if l.start_with?("set") + describe vyos_config(l.gsub(/set /, '')) do + it { should be_exists } + end + end + end +end diff --git a/spec/site_to_site_vpn/vyos2_script.sh b/spec/site_to_site_vpn/vyos2_script.sh new file mode 100644 index 0000000..2e01140 --- /dev/null +++ b/spec/site_to_site_vpn/vyos2_script.sh @@ -0,0 +1,28 @@ +#!/bin/vbash + +source /opt/vyatta/etc/functions/script-template + +set vpn ipsec ike-group ike-g proposal 1 encryption aes256 +set vpn ipsec ike-group ike-g proposal 1 hash sha1 +set vpn ipsec ike-group ike-g proposal 1 dh-group 2 +set vpn ipsec ike-group ike-g lifetime 28800 +set vpn ipsec ike-group ike-g dead-peer-detection action restart +set vpn ipsec ike-group ike-g dead-peer-detection interval 15 +set vpn ipsec ike-group ike-g dead-peer-detection timeout 90 + +set vpn ipsec esp-group esp-g proposal 1 encryption aes256 +set vpn ipsec esp-group esp-g proposal 1 hash sha1 +set vpn ipsec esp-group esp-g lifetime 3600 + +set vpn ipsec ipsec-interfaces interface eth1 + +set vpn ipsec site-to-site peer 10.0.1.11 authentication mode pre-shared-secret +set vpn ipsec site-to-site peer 10.0.1.11 authentication pre-shared-secret test +set vpn ipsec site-to-site peer 10.0.1.11 ike-group ike-g +set vpn ipsec site-to-site peer 10.0.1.11 default-esp-group esp-g +set vpn ipsec site-to-site peer 10.0.1.11 local-address 10.0.1.12 +set vpn ipsec site-to-site peer 10.0.1.11 tunnel 1 local prefix 10.0.3.0/24 +set vpn ipsec site-to-site peer 10.0.1.11 tunnel 1 remote prefix 10.0.2.0/24 + +commit +save diff --git a/spec/site_to_site_vpn/vyos2_spec.rb b/spec/site_to_site_vpn/vyos2_spec.rb new file mode 100644 index 0000000..23a0a57 --- /dev/null +++ b/spec/site_to_site_vpn/vyos2_spec.rb @@ -0,0 +1,12 @@ +require_relative '../spec_helper' +require 'serverspec_vyos_config' + +File.open('spec/site_to_site_vpn/vyos2_script.sh') do |file| + file.each_line do |l| + if l.start_with?("set") + describe vyos_config(l.gsub(/set /, '')) do + it { should be_exists } + end + end + end +end diff --git a/spec/site_to_site_vpn/vyos3_script.sh b/spec/site_to_site_vpn/vyos3_script.sh new file mode 100644 index 0000000..e443225 --- /dev/null +++ b/spec/site_to_site_vpn/vyos3_script.sh @@ -0,0 +1,8 @@ +#!/bin/vbash + +source /opt/vyatta/etc/functions/script-template + +set protocols static route 10.0.3.0/24 next-hop 10.0.2.11 + +commit +save diff --git a/spec/site_to_site_vpn/vyos3_spec.rb b/spec/site_to_site_vpn/vyos3_spec.rb new file mode 100644 index 0000000..3aa75d6 --- /dev/null +++ b/spec/site_to_site_vpn/vyos3_spec.rb @@ -0,0 +1,16 @@ +require_relative '../spec_helper' +require 'serverspec_vyos_config' + +File.open('spec/site_to_site_vpn/vyos3_script.sh') do |file| + file.each_line do |l| + if l.start_with?("set") + describe vyos_config(l.gsub(/set /, '')) do + it { should be_exists } + end + end + end +end + +describe host('10.0.3.14') do + it { should be_reachable } +end diff --git a/spec/site_to_site_vpn/vyos4_script.sh b/spec/site_to_site_vpn/vyos4_script.sh new file mode 100644 index 0000000..ec45e72 --- /dev/null +++ b/spec/site_to_site_vpn/vyos4_script.sh @@ -0,0 +1,8 @@ +#!/bin/vbash + +source /opt/vyatta/etc/functions/script-template + +set protocols static route 10.0.2.0/24 next-hop 10.0.3.11 + +commit +save diff --git a/spec/site_to_site_vpn/vyos4_spec.rb b/spec/site_to_site_vpn/vyos4_spec.rb new file mode 100644 index 0000000..2da7341 --- /dev/null +++ b/spec/site_to_site_vpn/vyos4_spec.rb @@ -0,0 +1,16 @@ +require_relative '../spec_helper' +require 'serverspec_vyos_config' + +File.open('spec/site_to_site_vpn/vyos4_script.sh') do |file| + file.each_line do |l| + if l.start_with?("set") + describe vyos_config(l.gsub(/set /, '')) do + it { should be_exists } + end + end + end +end + +describe host('10.0.2.13') do + it { should be_reachable } +end |