[26-06-02 09:15:17] START access_pre_network_crypt scenario: cases/access_pre_network_crypt.sh header : verify access level=network uses per-network pre-shared crypt topology: sw1(center) 172.251.0.241; | network a crypt | network b global crypt; ac clients 192.61.0.11-17 ac clients 192.62.0.11-13 topology: # Topology: topology: # - Diagram: topology: # sw1(center) 172.251.0.241 topology: # ^ ^ topology: # | network a crypt | network b global crypt topology: # ac clients 192.61.0.11-17 ac clients 192.62.0.11-13 topology: # wrong/default/global secret combinations are rejected topology: # - Docker mgmt network: 172.251.0.0/24 topology: # sw1=172.251.0.241, all access clients join the same mgmt network. topology: # - OpenLAN service networks: topology: # network a: sw1=192.61.0.1/24, clients use 192.61.0.11-17/24. topology: # network b: sw1=192.62.0.1/24, clients use 192.62.0.11-13/24. topology: # - Crypt design: topology: # switch global crypt secret=$global_secret; topology: # network a pre-network crypt secret=$network_secret (later update to $network_secret_v2); topology: # network b uses switch global crypt. topology: # Validation: topology: # network a accepts level=network with correct secret and rejects wrong/default/global mismatches; topology: # network b accepts global/default crypt and rejects network-level crypt from network a; topology: # after updating network a secret, old secret fails and new secret succeeds. Started switch pause container: tests-sw-pre-crypt-pause Started switch frr container: tests-sw-pre-crypt-frr Started switch ipsec container: tests-sw-pre-crypt-ipsec Started switch container: tests-sw-pre-crypt [26-06-02 09:15:18][ASSERT#0001][expect] at cases/access_pre_network_crypt.sh:69 fn=setup_sw1 retry=30 cmd="docker logs -f tests-sw-pre-crypt" expect="Http.Start" 2026/06/02 09:15:18 INFO|root|Wait: ... 2026/06/02 09:15:18 INFO|root|UdpServer.Listen: udp://0.0.0.0:10002 2026/06/02 09:15:18 INFO|root|TcpServer.Listen: tcp://0.0.0.0:10002 2026/06/02 09:15:18 INFO|root|Http.Start 0.0.0.0:10000 [26-06-02 09:15:19][ASSERT#0001][OK] cost=1.032s [26-06-02 09:15:19][ASSERT#0002][cmd] at cases/access_pre_network_crypt.sh:71 fn=setup_sw1 cmd="docker exec tests-sw-pre-crypt openlan network --name a add --address 192.61.0.1/24" [26-06-02 09:15:19][ASSERT#0002][OK] cost=0.238s [26-06-02 09:15:19][ASSERT#0003][cmd] at cases/access_pre_network_crypt.sh:72 fn=setup_sw1 cmd="docker exec tests-sw-pre-crypt openlan network --name b add --address 192.62.0.1/24" [26-06-02 09:15:19][ASSERT#0003][OK] cost=0.250s [26-06-02 09:15:19][ASSERT#0004][cmd] at cases/access_pre_network_crypt.sh:73 fn=setup_sw1 cmd="docker exec tests-sw-pre-crypt openlan network --name a crypt update --algorithm aes-128 --secret network-secret-7c1d" [26-06-02 09:15:19][ASSERT#0004][OK] cost=0.055s secret: network-secret-7c1d [26-06-02 09:15:19][ASSERT#0005][cmd] at cases/access_pre_network_crypt.sh:76 fn=setup_sw1 cmd="docker exec tests-sw-pre-crypt openlan user add --name t1@a --password 123456" # total 1 username password role lease t1@a 123456 guest 2027-06-02T09 [26-06-02 09:15:19][ASSERT#0005][OK] cost=0.068s [26-06-02 09:15:19][ASSERT#0006][cmd] at cases/access_pre_network_crypt.sh:77 fn=setup_sw1 cmd="docker exec tests-sw-pre-crypt openlan user add --name t2@b --password 123457" # total 1 username password role lease t2@b 123457 guest 2027-06-02T09 [26-06-02 09:15:19][ASSERT#0006][OK] cost=0.061s Started access container: tests-sw-pre-crypt.ac-network [26-06-02 09:15:20][ASSERT#0007][expect] at cases/access_pre_network_crypt.sh:96 fn=setup_access_network_level retry=30 cmd="docker logs -f tests-sw-pre-crypt.ac-network" expect="Worker.OnSuccess" 2026/06/02 09:15:20 INFO|root|SocketClientImpl.update: 172.251.0.2:46644 172.251.0.241:10002 2026/06/02 09:15:20 INFO|root|SocketClientImpl.Try: to connected 2026/06/02 09:15:20 INFO|root|SocketClientImpl.negotiate: send request magic=ff00 network=a 2026/06/02 09:15:20 INFO|172.251.0.241:10002|a|Worker.OnSuccess 2026/06/02 09:15:20 INFO|172.251.0.241:10002|a|Access.AddAddr: 192.61.0.11/24 via 2026/06/02 09:15:20 INFO|tcp:172.251.0.241:10002|a|SocketWorker.onLogin: success 2026/06/02 09:15:20 INFO|172.251.0.241:10002|a|Worker.OnIpAddr: name:a gateway:192.61.0.1 address:192.61.0.11 netmask:255.255.255.0 routes:[] [26-06-02 09:15:21][ASSERT#0007][OK] cost=1.036s Started access container: tests-sw-pre-crypt.ac-network-wrong [26-06-02 09:15:21][ASSERT#0008][unexpect] at cases/access_pre_network_crypt.sh:115 fn=setup_access_network_level_with_global_secret_should_fail retry=15 cmd="docker logs -f tests-sw-pre-crypt.ac-network-wrong" unexpected="Worker.OnSuccess" [26-06-02 09:15:36][ASSERT#0008][OK] cost=15.360s Started access container: tests-sw-pre-crypt.ac-global [26-06-02 09:15:37][ASSERT#0009][unexpect] at cases/access_pre_network_crypt.sh:134 fn=setup_access_global_level_with_network_secret_should_fail retry=15 cmd="docker logs -f tests-sw-pre-crypt.ac-global" unexpected="Worker.OnSuccess" [26-06-02 09:15:52][ASSERT#0009][OK] cost=15.375s Started access container: tests-sw-pre-crypt.ac-default [26-06-02 09:15:52][ASSERT#0010][expect] at cases/access_pre_network_crypt.sh:152 fn=setup_access_default_level_with_switch_secret retry=30 cmd="docker logs -f tests-sw-pre-crypt.ac-default" expect="Worker.OnSuccess" 2026/06/02 09:15:52 INFO|root|SocketClientImpl.update: 172.251.0.5:53086 172.251.0.241:10002 2026/06/02 09:15:52 INFO|root|SocketClientImpl.Try: to connected 2026/06/02 09:15:52 INFO|root|SocketClientImpl.negotiate: send request magic=ffff network= 2026/06/02 09:15:52 INFO|172.251.0.241:10002|a|Worker.OnSuccess 2026/06/02 09:15:52 INFO|172.251.0.241:10002|a|Access.AddAddr: 192.61.0.14/24 via 2026/06/02 09:15:52 INFO|tcp:172.251.0.241:10002|a|SocketWorker.onLogin: success 2026/06/02 09:15:52 INFO|172.251.0.241:10002|a|Worker.OnIpAddr: name:a gateway:192.61.0.1 address:192.61.0.14 netmask:255.255.255.0 routes:[] [26-06-02 09:15:53][ASSERT#0010][OK] cost=1.035s Started access container: tests-sw-pre-crypt.ac-default-wrong [26-06-02 09:15:53][ASSERT#0011][unexpect] at cases/access_pre_network_crypt.sh:170 fn=setup_access_default_level_with_network_secret_should_fail retry=15 cmd="docker logs -f tests-sw-pre-crypt.ac-default-wrong" unexpected="Worker.OnSuccess" [26-06-02 09:16:09][ASSERT#0011][OK] cost=15.350s Started access container: tests-sw-pre-crypt.ac-b-global [26-06-02 09:16:09][ASSERT#0012][expect] at cases/access_pre_network_crypt.sh:188 fn=setup_access_network_b_default_level_with_switch_secret retry=30 cmd="docker logs -f tests-sw-pre-crypt.ac-b-global" expect="Worker.OnSuccess" 2026/06/02 09:16:09 INFO|root|SocketClientImpl.update: 172.251.0.7:48538 172.251.0.241:10002 2026/06/02 09:16:09 INFO|root|SocketClientImpl.Try: to connected 2026/06/02 09:16:09 INFO|root|SocketClientImpl.negotiate: send request magic=ffff network= 2026/06/02 09:16:09 INFO|172.251.0.241:10002|b|Worker.OnSuccess 2026/06/02 09:16:09 INFO|172.251.0.241:10002|b|Access.AddAddr: 192.62.0.11/24 via 2026/06/02 09:16:09 INFO|tcp:172.251.0.241:10002|b|SocketWorker.onLogin: success 2026/06/02 09:16:09 INFO|172.251.0.241:10002|b|Worker.OnIpAddr: name:b gateway:192.62.0.1 address:192.62.0.11 netmask:255.255.255.0 routes:[] [26-06-02 09:16:10][ASSERT#0012][OK] cost=1.033s Started access container: tests-sw-pre-crypt.ac-b-network [26-06-02 09:16:10][ASSERT#0013][unexpect] at cases/access_pre_network_crypt.sh:207 fn=setup_access_network_b_level_network_should_fail retry=15 cmd="docker logs -f tests-sw-pre-crypt.ac-b-network" unexpected="Worker.OnSuccess" [26-06-02 09:16:26][ASSERT#0013][OK] cost=15.367s [26-06-02 09:16:26][ASSERT#0014][cmd] at cases/access_pre_network_crypt.sh:211 fn=test_update_network_a_crypt cmd="docker exec tests-sw-pre-crypt openlan network --name a crypt update --algorithm aes-128 --secret network-secret-8d2e" [26-06-02 09:16:26][ASSERT#0014][OK] cost=0.067s secret: network-secret-8d2e Started access container: tests-sw-pre-crypt.ac-network-old-after-update [26-06-02 09:16:26][ASSERT#0015][unexpect] at cases/access_pre_network_crypt.sh:228 fn=test_update_network_a_crypt retry=15 cmd="docker logs -f tests-sw-pre-crypt.ac-network-old-after-update" unexpected="Worker.OnSuccess" [26-06-02 09:16:41][ASSERT#0015][OK] cost=15.352s Started access container: tests-sw-pre-crypt.ac-network-new-after-update [26-06-02 09:16:42][ASSERT#0016][expect] at cases/access_pre_network_crypt.sh:244 fn=test_update_network_a_crypt retry=30 cmd="docker logs -f tests-sw-pre-crypt.ac-network-new-after-update" expect="Worker.OnSuccess" 2026/06/02 09:16:42 INFO|root|SocketClientImpl.update: 172.251.0.10:36960 172.251.0.241:10002 2026/06/02 09:16:42 INFO|root|SocketClientImpl.Try: to connected 2026/06/02 09:16:42 INFO|root|SocketClientImpl.negotiate: send request magic=ff00 network=a 2026/06/02 09:16:42 INFO|172.251.0.241:10002|a|Worker.OnSuccess 2026/06/02 09:16:42 INFO|172.251.0.241:10002|a|Access.AddAddr: 192.61.0.17/24 via 2026/06/02 09:16:42 INFO|tcp:172.251.0.241:10002|a|SocketWorker.onLogin: success 2026/06/02 09:16:42 INFO|172.251.0.241:10002|a|Worker.OnIpAddr: name:a gateway:192.61.0.1 address:192.61.0.17 netmask:255.255.255.0 routes:[] [26-06-02 09:16:43][ASSERT#0016][OK] cost=1.033s Started access container: tests-sw-pre-crypt.ac-b-global-after-update [26-06-02 09:16:43][ASSERT#0017][expect] at cases/access_pre_network_crypt.sh:259 fn=test_update_network_a_crypt retry=30 cmd="docker logs -f tests-sw-pre-crypt.ac-b-global-after-update" expect="Worker.OnSuccess" 2026/06/02 09:16:43 INFO|root|SocketClientImpl.update: 172.251.0.11:34568 172.251.0.241:10002 2026/06/02 09:16:43 INFO|root|SocketClientImpl.Try: to connected 2026/06/02 09:16:43 INFO|root|SocketClientImpl.negotiate: send request magic=ffff network= 2026/06/02 09:16:43 INFO|172.251.0.241:10002|b|Worker.OnSuccess 2026/06/02 09:16:43 INFO|172.251.0.241:10002|b|Access.AddAddr: 192.62.0.13/24 via 2026/06/02 09:16:43 INFO|tcp:172.251.0.241:10002|b|SocketWorker.onLogin: success 2026/06/02 09:16:43 INFO|172.251.0.241:10002|b|Worker.OnIpAddr: name:b gateway:192.62.0.1 address:192.62.0.13 netmask:255.255.255.0 routes:[] [26-06-02 09:16:44][ASSERT#0017][OK] cost=1.033s [26-06-02 09:16:45] END access_pre_network_crypt status=PASS cost=88.616s