Project

General

Profile

Tâche #25550

Scénario #25221: L’agent Zéphir doit prendre en compte l’absence des pass-through

L'agent rvp.py doit fonctionner même s'il n'y a pas de connexion passthrough

Added by Fabrice Barconnière almost 2 years ago. Updated almost 2 years ago.

Status:
Fermé
Priority:
Normal
Start date:
08/27/2018
Due date:
% Done:

100%

Estimated time:
6.00 h
Spent time:
Remaining (hours):
0.0

Description

La sortie de ipsec statusall peut ne pas comporter de connexion passthrough. Il faut traiter ce cas.
  • Avec :
    [...]
    Connections:
    passthrough-10.1.1.0/24-10.1.15.0/24:  %any...%any  IKEv1/2, dpddelay=120s
    passthrough-10.1.1.0/24-10.1.15.0/24:   local:  uses public key authentication
    passthrough-10.1.1.0/24-10.1.15.0/24:   remote: uses public key authentication
    passthrough-10.1.1.0/24-10.1.15.0/24:   child:  10.1.1.0/24 === 10.1.15.0/24 PASS, dpdaction=restart
    passthrough-10.1.1.0/24-10.1.16.0/24:   child:  10.1.1.0/24 === 10.1.16.0/24 PASS, dpdaction=restart
    passthrough-10.1.1.0/24-10.1.2.0/24:   child:  10.1.1.0/24 === 10.1.2.0/24 PASS, dpdaction=restart
    passthrough-10.1.1.0/24-10.1.21.0/24:   child:  10.1.1.0/24 === 10.1.21.0/24 PASS, dpdaction=restart
    passthrough-10.1.1.0/24-10.1.22.0/24:   child:  10.1.1.0/24 === 10.1.22.0/24 PASS, dpdaction=restart
    passthrough-10.1.1.0/24-10.1.3.0/24:   child:  10.1.1.0/24 === 10.1.3.0/24 PASS, dpdaction=restart
    [...]
    etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1:  192.168.0.31...%any  IKEv1/2, dpddelay=120s                                                                                                                                                                                                                     
    etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1:   local:  [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr] uses public key authentication
    etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1:    cert:  "C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr"                                                                                                                                                                      
    etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1:   remote: [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=aca.eolebase.ac-test.fr] uses public key authentication
    etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1:   child:  10.1.1.0/24 === dynamic TUNNEL, dpdaction=restart                                                                                                                                                                                                       
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4:  192.168.0.31...192.168.0.11  IKEv1/2, dpddelay=120s
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4:   local:  [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr] uses public key authentication                                                                                                                                          
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4:    cert:  "C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr" 
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4:   remote: [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=sphynx] uses public key authentication                          
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4:   child:  10.1.15.0/24 10.1.16.0/24 === 10.0.0.0/8 TUNNEL, dpdaction=restart                           
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T2:   child:  10.1.3.0/24 === 172.30.101.0/24 TUNNEL, dpdaction=restart                                                                    
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T1:   child:  10.1.1.0/24 === 172.30.101.0/24 TUNNEL, dpdaction=restart                                                                                                 
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T3:   child:  10.1.1.0/24 === 10.0.0.0/8 TUNNEL, dpdaction=restart
    [...]
    Shunted Connections:
    passthrough-10.1.1.0/24-10.1.15.0/24:  10.1.1.0/24 === 10.1.15.0/24 PASS
    passthrough-10.1.1.0/24-10.1.16.0/24:  10.1.1.0/24 === 10.1.16.0/24 PASS
    passthrough-10.1.1.0/24-10.1.2.0/24:  10.1.1.0/24 === 10.1.2.0/24 PASS
    passthrough-10.1.1.0/24-10.1.21.0/24:  10.1.1.0/24 === 10.1.21.0/24 PASS
    passthrough-10.1.1.0/24-10.1.22.0/24:  10.1.1.0/24 === 10.1.22.0/24 PASS
    passthrough-10.1.1.0/24-10.1.3.0/24:  10.1.1.0/24 === 10.1.3.0/24 PASS
    passthrough-10.1.1.0/24-10.1.17.0/24:  10.1.1.0/24 === 10.1.17.0/24 PASS
    [...]
    Security Associations (1 up, 0 connecting):
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4[1]: ESTABLISHED 13 seconds ago, 192.168.0.31[C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr]...192.168.0.11[C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=sphynx]
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4[1]: IKEv2 SPIs: df488ae94af7ad3e_i* 67e08dea39f282ce_r, public key reauthentication in 2 hours
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4{1}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: cfef0a24_i c08f7b7a_o
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4{1}:  AES_GCM_16_128, 0 bytes_i, 0 bytes_o, rekeying in 46 minutes
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4{1}:   10.1.15.0/24 10.1.16.0/24 === 10.0.0.0/8
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T2{2}:  INSTALLED, TUNNEL, reqid 2, ESP SPIs: c5f532ce_i c4c8a197_o
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T2{2}:  AES_GCM_16_128, 0 bytes_i, 0 bytes_o, rekeying in 42 minutes
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T2{2}:   10.1.3.0/24 === 172.30.101.0/24
    
  • Sans :
    [...]
    Connections:
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates:  192.168.0.31...192.168.0.11  IKEv1/2, dpddelay=120s
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates:   local:  [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon-default-2.7.0.ac-test.fr] uses public key authentication
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates:    cert:  "C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon-default-2.7.0.ac-test.fr" 
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates:   remote: [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=sphynx] uses public key authentication
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates:   child:  10.1.1.0/24 === 172.30.101.0/24 TUNNEL, dpdaction=restart
    Security Associations (1 up, 0 connecting):
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates[7]: ESTABLISHED 78 minutes ago, 192.168.0.31[C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon-default-2.7.0.ac-test.fr]...192.168.0.11[C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=sphynx]
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates[7]: IKEv2 SPIs: 9ff63a684d680a9f_i* c8c9237a997f5351_r, public key reauthentication in 76 minutes
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates[7]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates{26}:  INSTALLED, TUNNEL, reqid 7, ESP SPIs: c50c5252_i c2a7e9fb_o
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates{26}:  AES_GCM_16_128, 0 bytes_i, 0 bytes_o, rekeying in 6 minutes
    etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-admin-agriates{26}:   10.1.1.0/24 === 172.30.101.0/24
    

Associated revisions

Revision 83fd9fda (diff)
Added by Fabrice Barconnière almost 2 years ago

L'agent Zéphir considérait qu'il y avait toujours des connexions passthrough

ref #25550

History

#1 Updated by Fabrice Barconnière almost 2 years ago

  • Description updated (diff)

#2 Updated by Scrum Master almost 2 years ago

  • Status changed from Nouveau to En cours

#3 Updated by Scrum Master almost 2 years ago

  • Assigned To set to Fabrice Barconnière

#4 Updated by Fabrice Barconnière almost 2 years ago

  • % Done changed from 0 to 100
  • Remaining (hours) changed from 6.0 to 0.5

Monter l'infra décrite dans #25206#note-10 pour tester

ou

Repasser tous les tests SP-T01-001 à SP-T02-001

#5 Updated by Scrum Master almost 2 years ago

  • Status changed from En cours to Résolu

#6 Updated by Scrum Master almost 2 years ago

  • Status changed from Résolu to Fermé
  • Remaining (hours) changed from 0.5 to 0.0

Also available in: Atom PDF