Test cyclic reference between split crypro parts

hknutzen · Sep 13, 2024 · 61c4c9b · 61c4c9b
1 parent a31d161
commit 61c4c9b
Showing 1 changed file with 95 additions and 0 deletions.
diff --git a/go/testdata/unconnected.t b/go/testdata/unconnected.t
@@ -263,6 +263,101 @@ Error: No valid path
  Check path restrictions and crypto interfaces.
 =END=
 
+############################################################
+=TITLE=Cyclic reference between split crypto parts
+=INPUT=
+isakmp:x = {
+ authentication = preshare;
+ encryption = aes256;
+ hash = sha;
+ group = 2;
+ lifetime = 86400 sec;
+}
+ipsec:x = {
+ key_exchange = isakmp:x;
+ esp_encryption = aes256;
+ esp_authentication = sha;
+ lifetime = 3600 sec;
+}
+
+# First partition
+crypto:x1 = {
+ type = ipsec:x;
+}
+crypto:x2 = {
+ type = ipsec:x;
+}
+router:r1 = {
+ managed;
+ model = IOS;
+ interface:t2 = { ip = 10.2.9.3; hardware = t2; }
+ interface:t1  = { ip = 10.1.9.1; hub = crypto:x1; hardware = t1; }
+}
+network:t1 = { ip = 10.1.9.0/24; }
+router:vpn1 = {
+ managed;
+ model = IOS;
+ interface:t1  = { ip = 10.1.9.2; spoke = crypto:x1; hardware = t1; }
+ interface:n1 = { ip = 10.1.1.1; hardware = n1; }
+}
+network:n1 = { ip = 10.1.1.0/24; }
+router:r2 = {
+ managed;
+ model = IOS;
+ interface:t1 = { ip = 10.1.9.3; hardware = t1; }
+ interface:t2  = { ip = 10.2.9.1; hub = crypto:x2; hardware = t2; }
+}
+network:t2 = { ip = 10.2.9.0/24; }
+router:vpn2 = {
+ managed;
+ model = IOS;
+ interface:t2  = { ip = 10.2.9.2; spoke = crypto:x2; hardware = t2; }
+ interface:n2 = { ip = 10.2.1.1; hardware = n2; }
+}
+network:n2 = { ip = 10.2.1.0/24; }
+
+# Second partition
+crypto:x1b = {
+ type = ipsec:x;
+}
+crypto:x2b = {
+ type = ipsec:x;
+}
+router:r1b = {
+ managed;
+ model = IOS;
+ interface:t2b = { ip = 10.2.9.3; hardware = t2; }
+ interface:t1b  = { ip = 10.1.9.1; hub = crypto:x1b; hardware = t1; }
+}
+network:t1b = { ip = 10.1.9.0/24; }
+router:vpn1b = {
+ managed;
+ model = IOS;
+ interface:t1b  = { ip = 10.1.9.2; spoke = crypto:x1b; hardware = t1; }
+ interface:n1b = { ip = 10.1.1.1; hardware = n1; }
+}
+network:n1b = { ip = 10.1.1.0/24; }
+router:r2b = {
+ managed;
+ model = IOS;
+ interface:t1b = { ip = 10.1.9.3; hardware = t1; }
+ interface:t2b  = { ip = 10.2.9.1; hub = crypto:x2b; hardware = t2; }
+}
+network:t2b = { ip = 10.2.9.0/24; }
+router:vpn2b = {
+ managed;
+ model = IOS;
+ interface:t2b  = { ip = 10.2.9.2; spoke = crypto:x2b; hardware = t2; }
+ interface:n2b = { ip = 10.2.1.1; hardware = n2; }
+}
+network:n2b = { ip = 10.2.1.0/24; }
+=ERROR=
+Error: IPv4 topology has unconnected parts:
+ - any:[network:t2]
+ - any:[network:t2b]
+ Use partition attribute, if intended.
+=END=
+
 ############################################################
 =TITLE=Intentionally unconnected, too many partition definitions
 =TEMPL=input