Tâche #25550
Scénario #25221: L’agent Zéphir doit prendre en compte l’absence des pass-through
L'agent rvp.py doit fonctionner même s'il n'y a pas de connexion passthrough
Status:
Fermé
Priority:
Normal
Assigned To:
Target version:
Remaining (hours):
0.0
Description
La sortie de
ipsec statusall peut ne pas comporter de connexion passthrough. Il faut traiter ce cas.
- Avec :
[...] Connections: passthrough-10.1.1.0/24-10.1.15.0/24: %any...%any IKEv1/2, dpddelay=120s passthrough-10.1.1.0/24-10.1.15.0/24: local: uses public key authentication passthrough-10.1.1.0/24-10.1.15.0/24: remote: uses public key authentication passthrough-10.1.1.0/24-10.1.15.0/24: child: 10.1.1.0/24 === 10.1.15.0/24 PASS, dpdaction=restart passthrough-10.1.1.0/24-10.1.16.0/24: child: 10.1.1.0/24 === 10.1.16.0/24 PASS, dpdaction=restart passthrough-10.1.1.0/24-10.1.2.0/24: child: 10.1.1.0/24 === 10.1.2.0/24 PASS, dpdaction=restart passthrough-10.1.1.0/24-10.1.21.0/24: child: 10.1.1.0/24 === 10.1.21.0/24 PASS, dpdaction=restart passthrough-10.1.1.0/24-10.1.22.0/24: child: 10.1.1.0/24 === 10.1.22.0/24 PASS, dpdaction=restart passthrough-10.1.1.0/24-10.1.3.0/24: child: 10.1.1.0/24 === 10.1.3.0/24 PASS, dpdaction=restart [...] etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1: 192.168.0.31...%any IKEv1/2, dpddelay=120s etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1: local: [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr] uses public key authentication etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1: cert: "C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr" etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1: remote: [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=aca.eolebase.ac-test.fr] uses public key authentication etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1: child: 10.1.1.0/24 === dynamic TUNNEL, dpdaction=restart etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4: 192.168.0.31...192.168.0.11 IKEv1/2, dpddelay=120s etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4: local: [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr] uses public key authentication etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4: cert: "C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr" etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4: remote: [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=sphynx] uses public key authentication etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4: child: 10.1.15.0/24 10.1.16.0/24 === 10.0.0.0/8 TUNNEL, dpdaction=restart etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T2: child: 10.1.3.0/24 === 172.30.101.0/24 TUNNEL, dpdaction=restart etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T1: child: 10.1.1.0/24 === 172.30.101.0/24 TUNNEL, dpdaction=restart etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T3: child: 10.1.1.0/24 === 10.0.0.0/8 TUNNEL, dpdaction=restart [...] Shunted Connections: passthrough-10.1.1.0/24-10.1.15.0/24: 10.1.1.0/24 === 10.1.15.0/24 PASS passthrough-10.1.1.0/24-10.1.16.0/24: 10.1.1.0/24 === 10.1.16.0/24 PASS passthrough-10.1.1.0/24-10.1.2.0/24: 10.1.1.0/24 === 10.1.2.0/24 PASS passthrough-10.1.1.0/24-10.1.21.0/24: 10.1.1.0/24 === 10.1.21.0/24 PASS passthrough-10.1.1.0/24-10.1.22.0/24: 10.1.1.0/24 === 10.1.22.0/24 PASS passthrough-10.1.1.0/24-10.1.3.0/24: 10.1.1.0/24 === 10.1.3.0/24 PASS passthrough-10.1.1.0/24-10.1.17.0/24: 10.1.1.0/24 === 10.1.17.0/24 PASS [...] Security Associations (1 up, 0 connecting): etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4[1]: ESTABLISHED 13 seconds ago, 192.168.0.31[C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr]...192.168.0.11[C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=sphynx] etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4[1]: IKEv2 SPIs: df488ae94af7ad3e_i* 67e08dea39f282ce_r, public key reauthentication in 2 hours etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: cfef0a24_i c08f7b7a_o etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4{1}: AES_GCM_16_128, 0 bytes_i, 0 bytes_o, rekeying in 46 minutes etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4{1}: 10.1.15.0/24 10.1.16.0/24 === 10.0.0.0/8 etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T2{2}: INSTALLED, TUNNEL, reqid 2, ESP SPIs: c5f532ce_i c4c8a197_o etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T2{2}: AES_GCM_16_128, 0 bytes_i, 0 bytes_o, rekeying in 42 minutes etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T2{2}: 10.1.3.0/24 === 172.30.101.0/24
- Sans :
[...] Connections: etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates: 192.168.0.31...192.168.0.11 IKEv1/2, dpddelay=120s etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates: local: [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon-default-2.7.0.ac-test.fr] uses public key authentication etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates: cert: "C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon-default-2.7.0.ac-test.fr" etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates: remote: [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=sphynx] uses public key authentication etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates: child: 10.1.1.0/24 === 172.30.101.0/24 TUNNEL, dpdaction=restart Security Associations (1 up, 0 connecting): etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates[7]: ESTABLISHED 78 minutes ago, 192.168.0.31[C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon-default-2.7.0.ac-test.fr]...192.168.0.11[C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=sphynx] etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates[7]: IKEv2 SPIs: 9ff63a684d680a9f_i* c8c9237a997f5351_r, public key reauthentication in 76 minutes etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates[7]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates{26}: INSTALLED, TUNNEL, reqid 7, ESP SPIs: c50c5252_i c2a7e9fb_o etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates{26}: AES_GCM_16_128, 0 bytes_i, 0 bytes_o, rekeying in 6 minutes etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates{26}: 10.1.1.0/24 === 172.30.101.0/24
Associated revisions
L'agent Zéphir considérait qu'il y avait toujours des connexions passthrough
ref #25550
History
#1 Updated by Fabrice Barconnière almost 5 years ago
- Description updated (diff)
#2 Updated by Scrum Master almost 5 years ago
- Status changed from Nouveau to En cours
#3 Updated by Scrum Master almost 5 years ago
- Assigned To set to Fabrice Barconnière
#4 Updated by Fabrice Barconnière almost 5 years ago
- % Done changed from 0 to 100
- Remaining (hours) changed from 6.0 to 0.5
Monter l'infra décrite dans #25206#note-10 pour tester
ou
Repasser tous les tests SP-T01-001 à SP-T02-001
#5 Updated by Scrum Master almost 5 years ago
- Status changed from En cours to Résolu
#6 Updated by Scrum Master almost 5 years ago
- Status changed from Résolu to Fermé
- Remaining (hours) changed from 0.5 to 0.0