From: Jonatan Schlag <jonatan.schlag@ipfire.org>
Date: Sat, 15 Sep 2018 11:48:08 +0000 (+0200)
Subject: Add include recipe for nitsi vpn n2n tests
X-Git-Tag: 010~117^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eedc5054cdeac17ff52e8115e85de7f69cd3df52;p=network.git

Add include recipe for nitsi vpn n2n tests

This recipes are the base for all n2n ipsec tests.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
---

diff --git a/test/nitsi/include/vpn-base b/test/nitsi/include/vpn-base
new file mode 100644
index 00000000..a79bec47
--- /dev/null
+++ b/test/nitsi/include/vpn-base
@@ -0,0 +1,37 @@
+# This contains the basic network configuration for all vpn-tests
+include: ../include/make-install
+include: ../include/network-settings
+include: ../include/network-reset
+include: ../include/alice-port-vars
+include: ../include/bob-port-vars
+all: network zone new upl0 bridge
+all: network zone new upl1 bridge
+all: network zone new net0 bridge
+all: network zone new net1 bridge
+all: network zone upl0 port attach ${p_net1}
+all: network zone upl1 port attach ${p_net2}
+# Attach dummy ports to all net*
+all: network port new dummy
+all: network port new dummy
+all: network zone net0 port attach d0
+all: network zone net1 port attach d1
+# Bring everyting up
+all: network zone upl0 up
+all: network zone upl1 up
+all: network zone net0 up
+all: network zone net1 up
+all: network status
+# IP config
+alice: network zone upl0 config new static 192.168.122.2/24
+alice: network zone upl1 config new static 2001:470:6ef3:1::1/64
+alice: network zone net0 config new static 192.168.200.1/24
+alice: network zone net1 config new static 2001:470:6ef3::1/64
+bob: network zone upl0 config new static 192.168.122.3/24
+bob: network zone upl1 config new static 2001:470:6ef3:1::2/64
+bob: network zone net0 config new static 192.168.201.1/24
+bob: network zone net1 config new static 2001:470:6ef3:2::1/64
+# Simple ping test
+alice: ping -c 5 192.168.122.3
+alice: ping6 -c 5 2001:470:6ef3:1::1
+bob: ping -c 5 192.168.122.2
+bob: ping6 -c 5 2001:470:6ef3:1::2
\ No newline at end of file
diff --git a/test/nitsi/include/vpn-ipsec-basic-connection b/test/nitsi/include/vpn-ipsec-basic-connection
new file mode 100644
index 00000000..f5594fa8
--- /dev/null
+++ b/test/nitsi/include/vpn-ipsec-basic-connection
@@ -0,0 +1,5 @@
+# A basic vpn connection with some common config values set
+all: network vpn ipsec connection new basic
+all: network vpn ipsec connection basic authentication mode PSK
+all: network vpn ipsec connection basic authentication pre-shared-key "12345678"
+all: network vpn ipsec connection basic security-policy "system"
diff --git a/test/nitsi/include/vpn-ipsec-basic-peer-ipv4 b/test/nitsi/include/vpn-ipsec-basic-peer-ipv4
new file mode 100644
index 00000000..52c6d3fc
--- /dev/null
+++ b/test/nitsi/include/vpn-ipsec-basic-peer-ipv4
@@ -0,0 +1,2 @@
+alice: network vpn ipsec connection basic peer 192.168.122.3
+bob: network vpn ipsec connection basic peer 192.168.122.2
\ No newline at end of file
diff --git a/test/nitsi/include/vpn-ipsec-basic-peer-ipv6 b/test/nitsi/include/vpn-ipsec-basic-peer-ipv6
new file mode 100644
index 00000000..9715e088
--- /dev/null
+++ b/test/nitsi/include/vpn-ipsec-basic-peer-ipv6
@@ -0,0 +1,2 @@
+alice: network vpn ipsec connection basic peer 2001:470:6ef3:1::2
+bob: network vpn ipsec connection basic peer 2001:470:6ef3:1::1
\ No newline at end of file
diff --git a/test/nitsi/include/vpn-ipsec-basic-ping-test-ipv4 b/test/nitsi/include/vpn-ipsec-basic-ping-test-ipv4
new file mode 100644
index 00000000..23d465c5
--- /dev/null
+++ b/test/nitsi/include/vpn-ipsec-basic-ping-test-ipv4
@@ -0,0 +1,3 @@
+# This recipe tests if the vpn connection is working by pinging the remote subnet
+alice: ping -c 5 192.168.201.1
+bob: ping -c 5 192.168.200.1
\ No newline at end of file
diff --git a/test/nitsi/include/vpn-ipsec-basic-ping-test-ipv6 b/test/nitsi/include/vpn-ipsec-basic-ping-test-ipv6
new file mode 100644
index 00000000..c6d5e69d
--- /dev/null
+++ b/test/nitsi/include/vpn-ipsec-basic-ping-test-ipv6
@@ -0,0 +1,3 @@
+# This recipe tests if the vpn connection is working by pinging the remote subnet
+alice: ping6 -c 5 2001:470:6ef3:2::1
+bob: ping6 -c 5 2001:470:6ef3::1
\ No newline at end of file
diff --git a/test/nitsi/include/vpn-ipsec-basic-ping-test-ipv64 b/test/nitsi/include/vpn-ipsec-basic-ping-test-ipv64
new file mode 100644
index 00000000..3d9dfff5
--- /dev/null
+++ b/test/nitsi/include/vpn-ipsec-basic-ping-test-ipv64
@@ -0,0 +1,5 @@
+# This recipe tests if the vpn connection is working by pinging the remote subnet
+alice: ping -c 5 192.168.201.1
+bob: ping -c 5 192.168.200.1
+alice: ping6 -c 5 2001:470:6ef3:2::1
+bob: ping6 -c 5 2001:470:6ef3::1
\ No newline at end of file
diff --git a/test/nitsi/include/vpn-ipsec-basic-ts-ipv4 b/test/nitsi/include/vpn-ipsec-basic-ts-ipv4
new file mode 100644
index 00000000..34ed5747
--- /dev/null
+++ b/test/nitsi/include/vpn-ipsec-basic-ts-ipv4
@@ -0,0 +1,4 @@
+alice: network vpn ipsec connection basic local prefix 192.168.200.0/24
+alice: network vpn ipsec connection basic remote prefix 192.168.201.0/24
+bob: network vpn ipsec connection basic local prefix 192.168.201.0/24
+bob: network vpn ipsec connection basic remote prefix 192.168.200.0/24
\ No newline at end of file
diff --git a/test/nitsi/include/vpn-ipsec-basic-ts-ipv6 b/test/nitsi/include/vpn-ipsec-basic-ts-ipv6
new file mode 100644
index 00000000..7f1bf74c
--- /dev/null
+++ b/test/nitsi/include/vpn-ipsec-basic-ts-ipv6
@@ -0,0 +1,4 @@
+alice: network vpn ipsec connection basic local prefix 2001:470:6ef3::/64
+alice: network vpn ipsec connection basic remote prefix 2001:470:6ef3:2::/64
+bob: network vpn ipsec connection basic local prefix 2001:470:6ef3:2::/64
+bob: network vpn ipsec connection basic remote prefix 2001:470:6ef3::/64
\ No newline at end of file
diff --git a/test/nitsi/include/vpn-ipsec-basic-ts-ipv64 b/test/nitsi/include/vpn-ipsec-basic-ts-ipv64
new file mode 100644
index 00000000..7845bc60
--- /dev/null
+++ b/test/nitsi/include/vpn-ipsec-basic-ts-ipv64
@@ -0,0 +1,4 @@
+alice: network vpn ipsec connection basic local prefix 192.168.200.0/24 2001:470:6ef3::/64
+alice: network vpn ipsec connection basic remote prefix 192.168.201.0/24 2001:470:6ef3:2::/64
+bob: network vpn ipsec connection basic local prefix 192.168.201.0/24 2001:470:6ef3:2::/64
+bob: network vpn ipsec connection basic remote prefix 192.168.200.0/24 2001:470:6ef3::/64
\ No newline at end of file
diff --git a/test/nitsi/include/vpn-ipsec-basic-vti-test b/test/nitsi/include/vpn-ipsec-basic-vti-test
new file mode 100644
index 00000000..82ec7081
--- /dev/null
+++ b/test/nitsi/include/vpn-ipsec-basic-vti-test
@@ -0,0 +1,3 @@
+# Check that the package are routed through the vti device
+all: [[ 0 != $(cat /sys/class/net/ipsec-basic/statistics/tx_packets) ]]
+all: [[ 0 != $(cat /sys/class/net/ipsec-basic/statistics/rx_packets) ]]
\ No newline at end of file