CoCalc -- if

GitHub Repository: freebsd/freebsd-src
Path: blob/main/tests/sys/net/if_ovpn/if_ovpn.sh
¹⁰⁸⁷³⁶ views
1
##
2
# SPDX-License-Identifier: BSD-2-Clause
3
#
4
# Copyright (c) 2022 Rubicon Communications, LLC ("Netgate")
5
#
6
# Redistribution and use in source and binary forms, with or without
7
# modification, are permitted provided that the following conditions
8
# are met:
9
# 1. Redistributions of source code must retain the above copyright
10
#    notice, this list of conditions and the following disclaimer.
11
# 2. Redistributions in binary form must reproduce the above copyright
12
#    notice, this list of conditions and the following disclaimer in the
13
#    documentation and/or other materials provided with the distribution.
14
#
15
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25
# SUCH DAMAGE.
26

27
. $(atf_get_srcdir)/utils.subr
28
. $(atf_get_srcdir)/../../netpfil/pf/utils.subr
29

30
atf_test_case "4in4" "cleanup"
31
4in4_head()
32
{
33
	atf_set descr 'IPv4 in IPv4 tunnel'
34
	atf_set require.user root
35
	atf_set require.progs openvpn
36
}
37

38
4in4_body()
39
{
40
	ovpn_init
41

42
	l=$(vnet_mkepair)
43

44
	vnet_mkjail a ${l}a
45
	jexec a ifconfig ${l}a 192.0.2.1/24 up
46
	vnet_mkjail b ${l}b
47
	jexec b ifconfig ${l}b 192.0.2.2/24 up
48

49
	# Sanity check
50
	atf_check -s exit:0 -o ignore jexec a ping -c 1 192.0.2.2
51

52
	ovpn_start a "
53
		dev ovpn0
54
		dev-type tun
55
		proto udp4
56

57
		cipher AES-256-GCM
58
		auth SHA256
59

60
		local 192.0.2.1
61
		server 198.51.100.0 255.255.255.0
62
		ca $(atf_get_srcdir)/ca.crt
63
		cert $(atf_get_srcdir)/server.crt
64
		key $(atf_get_srcdir)/server.key
65
		dh $(atf_get_srcdir)/dh.pem
66

67
		mode server
68
		script-security 2
69
		auth-user-pass-verify /usr/bin/true via-env
70
		topology subnet
71

72
		keepalive 100 600
73
	"
74
	ovpn_start b "
75
		dev tun0
76
		dev-type tun
77

78
		client
79

80
		remote 192.0.2.1
81
		auth-user-pass $(atf_get_srcdir)/user.pass
82

83
		ca $(atf_get_srcdir)/ca.crt
84
		cert $(atf_get_srcdir)/client.crt
85
		key $(atf_get_srcdir)/client.key
86
		dh $(atf_get_srcdir)/dh.pem
87

88
		keepalive 100 600
89
	"
90

91
	# Give the tunnel time to come up
92
	sleep 10
93

94
	atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.1
95

96
	echo 'foo' | jexec b nc -u -w 2 192.0.2.1 1194
97
	atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
98

99
	# Test routing loop protection
100
	jexec b route add 192.0.2.1 198.51.100.1
101
	atf_check -s exit:2 -o ignore jexec b ping -t 1 -c 1 198.51.100.1
102

103
	jexec a netstat -I ovpn0 -n -b
104
	ipkts=$(jexec a netstat -I ovpn0 -n -b | awk 'NR == 2 { print($5); }')
105
	echo "$ipkts input packets"
106
	if [ $ipkts -eq 0 ]; then
107
		atf_fail "Input packets were not counted"
108
	fi
109

110
	ibytes=$(jexec a netstat -I ovpn0 -n -b | awk 'NR == 2 { print($8); }')
111
	echo "$ibytes input bytes"
112
	if [ $ibytes -eq 0 ]; then
113
		atf_fail "Input bytes were not counted"
114
	fi
115

116
	opkts=$(jexec a netstat -I ovpn0 -n -b | awk 'NR == 2 { print($9); }')
117
	echo "$opkts output packets"
118
	if [ $obytes -eq 0 ]; then
119
		atf_fail "Output packets were not counted"
120
	fi
121

122
	obytes=$(jexec a netstat -I ovpn0 -n -b | awk 'NR == 2 { print($11); }')
123
	echo "$obytes output bytes"
124
	if [ $obytes -eq 0 ]; then
125
		atf_fail "Output bytes were not counted"
126
	fi
127
}
128

129
4in4_cleanup()
130
{
131
	ovpn_cleanup
132
}
133

134
atf_test_case "bz283426" "cleanup"
135
bz283426_head()
136
{
137
	atf_set descr 'FreeBSD Bugzilla 283426'
138
	atf_set require.user root
139
	atf_set require.progs openvpn python3
140
}
141

142
bz283426_body()
143
{
144
	ovpn_init
145

146
	l=$(vnet_mkepair)
147

148
	vnet_mkjail a ${l}a
149
	jexec a ifconfig ${l}a 192.0.2.1/24 up
150
	vnet_mkjail b ${l}b
151
	jexec b ifconfig ${l}b 192.0.2.2/24 up
152

153
	# Sanity check
154
	atf_check -s exit:0 -o ignore jexec a ping -c 1 192.0.2.2
155

156
	ovpn_start a "
157
		dev ovpn0
158
		dev-type tun
159
		proto udp4
160

161
		cipher AES-256-GCM
162
		auth SHA256
163

164
		bind 0.0.0.0:1194
165
		server 198.51.100.0 255.255.255.0
166
		ca $(atf_get_srcdir)/ca.crt
167
		cert $(atf_get_srcdir)/server.crt
168
		key $(atf_get_srcdir)/server.key
169
		dh $(atf_get_srcdir)/dh.pem
170

171
		mode server
172
		script-security 2
173
		auth-user-pass-verify /usr/bin/true via-env
174
		topology subnet
175

176
		keepalive 100 600
177
	"
178
	ovpn_start b "
179
		dev tun0
180
		dev-type tun
181

182
		client
183

184
		remote 192.0.2.1
185
		auth-user-pass $(atf_get_srcdir)/user.pass
186

187
		ca $(atf_get_srcdir)/ca.crt
188
		cert $(atf_get_srcdir)/client.crt
189
		key $(atf_get_srcdir)/client.key
190
		dh $(atf_get_srcdir)/dh.pem
191

192
		keepalive 100 600
193
	"
194

195
	# Give the tunnel time to come up
196
	sleep 10
197

198
	atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.1
199

200
	# Send a broadcast packet in the outer link.
201
	echo "import socket as sk
202
s = sk.socket(sk.AF_INET, sk.SOCK_DGRAM)
203
s.setsockopt(sk.SOL_SOCKET, sk.SO_BROADCAST, 1)
204
s.sendto(b'x' * 1000, ('192.0.2.255', 1194))" | jexec b python3
205

206
	atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
207
}
208

209
bz283426_cleanup()
210
{
211
	ovpn_cleanup
212
}
213

214
atf_test_case "4mapped" "cleanup"
215
4mapped_head()
216
{
217
	atf_set descr 'IPv4 mapped addresses'
218
	atf_set require.user root
219
	atf_set require.progs openvpn
220
}
221

222
4mapped_body()
223
{
224
	ovpn_init
225

226
	l=$(vnet_mkepair)
227

228
	vnet_mkjail a ${l}a
229
	jexec a ifconfig ${l}a 192.0.2.1/24 up
230
	vnet_mkjail b ${l}b
231
	jexec b ifconfig ${l}b 192.0.2.2/24 up
232

233
	# Sanity check
234
	atf_check -s exit:0 -o ignore jexec a ping -c 1 192.0.2.2
235

236
	#jexec a ifconfig ${l}a
237

238
	ovpn_start a "
239
		dev ovpn0
240
		dev-type tun
241

242
		cipher AES-256-GCM
243
		auth SHA256
244

245
		server 198.51.100.0 255.255.255.0
246
		ca $(atf_get_srcdir)/ca.crt
247
		cert $(atf_get_srcdir)/server.crt
248
		key $(atf_get_srcdir)/server.key
249
		dh $(atf_get_srcdir)/dh.pem
250

251
		mode server
252
		script-security 2
253
		auth-user-pass-verify /usr/bin/true via-env
254
		topology subnet
255

256
		keepalive 100 600
257
	"
258
	ovpn_start b "
259
		dev tun0
260
		dev-type tun
261

262
		client
263

264
		remote 192.0.2.1
265
		auth-user-pass $(atf_get_srcdir)/user.pass
266

267
		ca $(atf_get_srcdir)/ca.crt
268
		cert $(atf_get_srcdir)/client.crt
269
		key $(atf_get_srcdir)/client.key
270
		dh $(atf_get_srcdir)/dh.pem
271

272
		keepalive 100 600
273
	"
274

275
	# Give the tunnel time to come up
276
	sleep 10
277

278
	atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
279
}
280

281
4mapped_cleanup()
282
{
283
	ovpn_cleanup
284
}
285

286
atf_test_case "6in4" "cleanup"
287
6in4_head()
288
{
289
	atf_set descr 'IPv6 in IPv4 tunnel'
290
	atf_set require.user root
291
	atf_set require.progs openvpn
292
}
293

294
6in4_body()
295
{
296
	ovpn_init
297

298
	l=$(vnet_mkepair)
299

300
	vnet_mkjail a ${l}a
301
	jexec a ifconfig ${l}a 192.0.2.1/24 up
302
	vnet_mkjail b ${l}b
303
	jexec b ifconfig ${l}b 192.0.2.2/24 up
304

305
	# Sanity check
306
	atf_check -s exit:0 -o ignore jexec a ping -c 1 192.0.2.2
307

308
	ovpn_start a "
309
		dev ovpn0
310
		dev-type tun
311
		proto udp
312

313
		cipher AES-256-GCM
314
		auth SHA256
315

316
		local 192.0.2.1
317
		server-ipv6 2001:db8:1::/64
318

319
		ca $(atf_get_srcdir)/ca.crt
320
		cert $(atf_get_srcdir)/server.crt
321
		key $(atf_get_srcdir)/server.key
322
		dh $(atf_get_srcdir)/dh.pem
323

324
		mode server
325
		script-security 2
326
		auth-user-pass-verify /usr/bin/true via-env
327
		topology subnet
328

329
		keepalive 100 600
330
	"
331
	ovpn_start b "
332
		dev tun0
333
		dev-type tun
334

335
		client
336

337
		remote 192.0.2.1
338
		auth-user-pass $(atf_get_srcdir)/user.pass
339

340
		ca $(atf_get_srcdir)/ca.crt
341
		cert $(atf_get_srcdir)/client.crt
342
		key $(atf_get_srcdir)/client.key
343
		dh $(atf_get_srcdir)/dh.pem
344

345
		keepalive 100 600
346
	"
347

348
	# Give the tunnel time to come up
349
	sleep 10
350

351
	atf_check -s exit:0 -o ignore jexec b ping6 -c 3 2001:db8:1::1
352
}
353

354
6in4_cleanup()
355
{
356
	ovpn_cleanup
357
}
358

359
atf_test_case "4in6" "cleanup"
360
4in6_head()
361
{
362
	atf_set descr 'IPv4 in IPv6 tunnel'
363
	atf_set require.user root
364
	atf_set require.progs openvpn
365
}
366

367
4in6_body()
368
{
369
	ovpn_init
370

371
	l=$(vnet_mkepair)
372

373
	vnet_mkjail a ${l}a
374
	jexec a ifconfig ${l}a inet6 2001:db8::1/64 up no_dad
375
	vnet_mkjail b ${l}b
376
	jexec b ifconfig ${l}b inet6 2001:db8::2/64 up no_dad
377

378
	# Sanity check
379
	atf_check -s exit:0 -o ignore jexec a ping6 -c 1 2001:db8::2
380

381
	ovpn_start a "
382
		dev ovpn0
383
		dev-type tun
384
		proto udp6
385

386
		cipher AES-256-GCM
387
		auth SHA256
388

389
		local 2001:db8::1
390
		server 198.51.100.0 255.255.255.0
391
		ca $(atf_get_srcdir)/ca.crt
392
		cert $(atf_get_srcdir)/server.crt
393
		key $(atf_get_srcdir)/server.key
394
		dh $(atf_get_srcdir)/dh.pem
395

396
		mode server
397
		script-security 2
398
		auth-user-pass-verify /usr/bin/true via-env
399
		topology subnet
400

401
		keepalive 100 600
402
	"
403
	ovpn_start b "
404
		dev tun0
405
		dev-type tun
406

407
		client
408

409
		remote 2001:db8::1
410
		auth-user-pass $(atf_get_srcdir)/user.pass
411

412
		ca $(atf_get_srcdir)/ca.crt
413
		cert $(atf_get_srcdir)/client.crt
414
		key $(atf_get_srcdir)/client.key
415
		dh $(atf_get_srcdir)/dh.pem
416

417
		keepalive 100 600
418
	"
419

420
	dd if=/dev/random of=test.img bs=1024 count=1024
421
	cat test.img | jexec a nc -N -l 1234 &
422

423
	# Give the tunnel time to come up
424
	sleep 10
425

426
	atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
427

428
	# MTU sweep
429
	for i in `seq 1000 1500`
430
	do
431
		atf_check -s exit:0 -o ignore jexec b \
432
		    ping -c 1 -s $i 198.51.100.1
433
	done
434

435
	rcvmd5=$(jexec b nc -N -w 3 198.51.100.1 1234 | md5)
436
	md5=$(md5 test.img)
437

438
	if [ $md5  != $rcvmd5 ];
439
	then
440
		atf_fail "Transmit corruption!"
441
	fi
442
}
443

444
4in6_cleanup()
445
{
446
	ovpn_cleanup
447
}
448

449
atf_test_case "6in6" "cleanup"
450
6in6_head()
451
{
452
	atf_set descr 'IPv6 in IPv6 tunnel'
453
	atf_set require.user root
454
	atf_set require.progs openvpn
455
}
456

457
6in6_body()
458
{
459
	ovpn_init
460

461
	l=$(vnet_mkepair)
462

463
	vnet_mkjail a ${l}a
464
	jexec a ifconfig ${l}a inet6 2001:db8::1/64 up no_dad
465
	vnet_mkjail b ${l}b
466
	jexec b ifconfig ${l}b inet6 2001:db8::2/64 up no_dad
467

468
	# Sanity check
469
	atf_check -s exit:0 -o ignore jexec a ping6 -c 1 2001:db8::2
470

471
	ovpn_start a "
472
		dev ovpn0
473
		dev-type tun
474
		proto udp6
475

476
		cipher AES-256-GCM
477
		auth SHA256
478

479
		local 2001:db8::1
480
		server-ipv6 2001:db8:1::/64
481

482
		ca $(atf_get_srcdir)/ca.crt
483
		cert $(atf_get_srcdir)/server.crt
484
		key $(atf_get_srcdir)/server.key
485
		dh $(atf_get_srcdir)/dh.pem
486

487
		mode server
488
		script-security 2
489
		auth-user-pass-verify /usr/bin/true via-env
490
		topology subnet
491

492
		keepalive 100 600
493
	"
494
	ovpn_start b "
495
		dev tun0
496
		dev-type tun
497

498
		client
499

500
		remote 2001:db8::1
501
		auth-user-pass $(atf_get_srcdir)/user.pass
502

503
		ca $(atf_get_srcdir)/ca.crt
504
		cert $(atf_get_srcdir)/client.crt
505
		key $(atf_get_srcdir)/client.key
506
		dh $(atf_get_srcdir)/dh.pem
507

508
		keepalive 100 600
509
	"
510

511
	# Give the tunnel time to come up
512
	sleep 10
513

514
	atf_check -s exit:0 -o ignore jexec b ping6 -c 3 2001:db8:1::1
515
	atf_check -s exit:0 -o ignore jexec b ping6 -c 3 -z 16 2001:db8:1::1
516

517
	# Test routing loop protection
518
	jexec b route add -6 2001:db8::1 2001:db8:1::1
519
	atf_check -s exit:2 -o ignore jexec b ping6 -t 1 -c 3 2001:db8:1::1
520
}
521

522
6in6_cleanup()
523
{
524
	ovpn_cleanup
525
}
526

527
atf_test_case "linklocal" "cleanup"
528
linklocal_head()
529
{
530
	atf_set descr 'Use IPv6 link-local addresses'
531
	atf_set require.user root
532
	atf_set require.progs openvpn
533
}
534

535
linklocal_body()
536
{
537
	ovpn_init
538
	ovpn_check_version 2.7.0
539

540
	l=$(vnet_mkepair)
541

542
	vnet_mkjail a ${l}a
543
	jexec a ifconfig ${l}a inet6 fe80::a/64 up no_dad
544
	vnet_mkjail b ${l}b
545
	jexec b ifconfig ${l}b inet6 fe80::b/64 up no_dad
546

547
	# Sanity check
548
	atf_check -s exit:0 -o ignore jexec a ping6 -c 1 fe80::b%${l}a
549

550
	ovpn_start a "
551
		dev ovpn0
552
		dev-type tun
553
		proto udp6
554

555
		cipher AES-256-GCM
556
		auth SHA256
557

558
		local fe80::a%${l}a
559
		server-ipv6 2001:db8:1::/64
560

561
		ca $(atf_get_srcdir)/ca.crt
562
		cert $(atf_get_srcdir)/server.crt
563
		key $(atf_get_srcdir)/server.key
564
		dh $(atf_get_srcdir)/dh.pem
565

566
		mode server
567
		script-security 2
568
		auth-user-pass-verify /usr/bin/true via-env
569
		topology subnet
570

571
		keepalive 100 600
572
	"
573
	ovpn_start b "
574
		dev tun0
575
		dev-type tun
576

577
		client
578

579
		remote fe80::a%${l}b
580
		auth-user-pass $(atf_get_srcdir)/user.pass
581

582
		ca $(atf_get_srcdir)/ca.crt
583
		cert $(atf_get_srcdir)/client.crt
584
		key $(atf_get_srcdir)/client.key
585
		dh $(atf_get_srcdir)/dh.pem
586

587
		keepalive 100 600
588
	"
589

590
	# Give the tunnel time to come up
591
	sleep 10
592
	jexec a ifconfig
593

594
	atf_check -s exit:0 -o ignore jexec b ping6 -c 3 2001:db8:1::1
595
	atf_check -s exit:0 -o ignore jexec b ping6 -c 3 -z 16 2001:db8:1::1
596
}
597

598
linklocal_cleanup()
599
{
600
	ovpn_cleanup
601
}
602

603
atf_test_case "timeout_client" "cleanup"
604
timeout_client_head()
605
{
606
	atf_set descr 'IPv4 in IPv4 tunnel'
607
	atf_set require.user root
608
	atf_set require.progs openvpn
609
}
610

611
timeout_client_body()
612
{
613
	ovpn_init
614

615
	l=$(vnet_mkepair)
616

617
	vnet_mkjail a ${l}a
618
	jexec a ifconfig ${l}a 192.0.2.1/24 up
619
	jexec a ifconfig lo0 127.0.0.1/8 up
620
	vnet_mkjail b ${l}b
621
	jexec b ifconfig ${l}b 192.0.2.2/24 up
622

623
	# Sanity check
624
	atf_check -s exit:0 -o ignore jexec a ping -c 1 192.0.2.2
625

626
	ovpn_start a "
627
		dev ovpn0
628
		dev-type tun
629
		proto udp4
630

631
		cipher AES-256-GCM
632
		auth SHA256
633

634
		local 192.0.2.1
635
		server 198.51.100.0 255.255.255.0
636
		ca $(atf_get_srcdir)/ca.crt
637
		cert $(atf_get_srcdir)/server.crt
638
		key $(atf_get_srcdir)/server.key
639
		dh $(atf_get_srcdir)/dh.pem
640

641
		mode server
642
		script-security 2
643
		auth-user-pass-verify /usr/bin/true via-env
644
		topology subnet
645

646
		keepalive 2 10
647

648
		management 192.0.2.1 1234
649
	"
650
	ovpn_start b "
651
		dev tun0
652
		dev-type tun
653

654
		client
655

656
		remote 192.0.2.1
657
		auth-user-pass $(atf_get_srcdir)/user.pass
658

659
		ca $(atf_get_srcdir)/ca.crt
660
		cert $(atf_get_srcdir)/client.crt
661
		key $(atf_get_srcdir)/client.key
662
		dh $(atf_get_srcdir)/dh.pem
663

664
		keepalive 2 10
665
	"
666

667
	# Give the tunnel time to come up
668
	sleep 10
669

670
	atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
671

672
	# Kill the client
673
	jexec b killall openvpn
674

675
	# Now wait for the server to notice
676
	sleep 15
677

678
	while echo "status" | jexec a nc -N 192.0.2.1 1234 | grep 192.0.2.2; do
679
		echo "Client disconnect not discovered"
680
		sleep 1
681
	done
682
}
683

684
timeout_client_cleanup()
685
{
686
	ovpn_cleanup
687
}
688

689
atf_test_case "explicit_exit" "cleanup"
690
explicit_exit_head()
691
{
692
	atf_set descr 'Test explicit exit notification'
693
	atf_set require.user root
694
	atf_set require.progs openvpn
695
}
696

697
explicit_exit_body()
698
{
699
	ovpn_init
700

701
	l=$(vnet_mkepair)
702

703
	vnet_mkjail a ${l}a
704
	jexec a ifconfig ${l}a 192.0.2.1/24 up
705
	jexec a ifconfig lo0 127.0.0.1/8 up
706
	vnet_mkjail b ${l}b
707
	jexec b ifconfig ${l}b 192.0.2.2/24 up
708

709
	# Sanity check
710
	atf_check -s exit:0 -o ignore jexec a ping -c 1 192.0.2.2
711

712
	ovpn_start a "
713
		dev ovpn0
714
		dev-type tun
715
		proto udp4
716

717
		cipher AES-256-GCM
718
		auth SHA256
719

720
		local 192.0.2.1
721
		server 198.51.100.0 255.255.255.0
722
		ca $(atf_get_srcdir)/ca.crt
723
		cert $(atf_get_srcdir)/server.crt
724
		key $(atf_get_srcdir)/server.key
725
		dh $(atf_get_srcdir)/dh.pem
726

727
		mode server
728
		script-security 2
729
		auth-user-pass-verify /usr/bin/true via-env
730
		topology subnet
731

732
		management 192.0.2.1 1234
733
	"
734
	ovpn_start b "
735
		dev tun0
736
		dev-type tun
737

738
		client
739

740
		remote 192.0.2.1
741
		auth-user-pass $(atf_get_srcdir)/user.pass
742

743
		ca $(atf_get_srcdir)/ca.crt
744
		cert $(atf_get_srcdir)/client.crt
745
		key $(atf_get_srcdir)/client.key
746
		dh $(atf_get_srcdir)/dh.pem
747

748
		explicit-exit-notify
749
	"
750

751
	# Give the tunnel time to come up
752
	sleep 10
753

754
	atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
755

756
	if ! echo "status" | jexec a nc -N 192.0.2.1 1234 | grep 192.0.2.2; then
757
		atf_fail "Client not found in status list!"
758
	fi
759

760
	# Kill the client
761
	jexec b killall openvpn
762

763
	while echo "status" | jexec a nc -N 192.0.2.1 1234 | grep 192.0.2.2; do
764
		jexec a ps auxf
765
		echo "Client disconnect not discovered"
766
		sleep 1
767
	done
768
}
769

770
explicit_exit_cleanup()
771
{
772
	ovpn_cleanup
773
}
774

775
atf_test_case "multi_client" "cleanup"
776
multi_client_head()
777
{
778
	atf_set descr 'Multiple simultaneous clients'
779
	atf_set require.user root
780
	atf_set require.progs openvpn
781
}
782

783
multi_client_body()
784
{
785
	ovpn_init
786
	vnet_init_bridge
787

788
	bridge=$(vnet_mkbridge)
789
	srv=$(vnet_mkepair)
790
	one=$(vnet_mkepair)
791
	two=$(vnet_mkepair)
792

793
	ifconfig ${bridge} up
794

795
	ifconfig ${srv}a up
796
	ifconfig ${bridge} addm ${srv}a
797
	ifconfig ${one}a up
798
	ifconfig ${bridge} addm ${one}a
799
	ifconfig ${two}a up
800
	ifconfig ${bridge} addm ${two}a
801

802
	vnet_mkjail srv ${srv}b
803
	jexec srv ifconfig ${srv}b 192.0.2.1/24 up
804
	vnet_mkjail one ${one}b
805
	jexec one ifconfig ${one}b 192.0.2.2/24 up
806
	vnet_mkjail two ${two}b
807
	jexec two ifconfig ${two}b 192.0.2.3/24 up
808
	jexec two ifconfig lo0 127.0.0.1/8 up
809
	jexec two ifconfig lo0 inet alias 203.0.113.1/24
810

811
	# Sanity checks
812
	atf_check -s exit:0 -o ignore jexec one ping -c 1 192.0.2.1
813
	atf_check -s exit:0 -o ignore jexec two ping -c 1 192.0.2.1
814

815
	jexec srv sysctl net.inet.ip.forwarding=1
816

817
	ovpn_start srv "
818
		dev ovpn0
819
		dev-type tun
820
		proto udp4
821

822
		cipher AES-256-GCM
823
		auth SHA256
824

825
		local 192.0.2.1
826
		server 198.51.100.0 255.255.255.0
827

828
		push \"route 203.0.113.0 255.255.255.0 198.51.100.1\"
829

830
		ca $(atf_get_srcdir)/ca.crt
831
		cert $(atf_get_srcdir)/server.crt
832
		key $(atf_get_srcdir)/server.key
833
		dh $(atf_get_srcdir)/dh.pem
834

835
		mode server
836
		duplicate-cn
837
		script-security 2
838
		auth-user-pass-verify /usr/bin/true via-env
839
		topology subnet
840

841
		keepalive 100 600
842

843
		client-config-dir $(atf_get_srcdir)/ccd
844
	"
845
	ovpn_start one "
846
		dev tun0
847
		dev-type tun
848

849
		client
850

851
		remote 192.0.2.1
852
		auth-user-pass $(atf_get_srcdir)/user.pass
853

854
		ca $(atf_get_srcdir)/ca.crt
855
		cert $(atf_get_srcdir)/client.crt
856
		key $(atf_get_srcdir)/client.key
857
		dh $(atf_get_srcdir)/dh.pem
858

859
		keepalive 100 600
860
	"
861
	ovpn_start two "
862
		dev tun0
863
		dev-type tun
864

865
		client
866

867
		remote 192.0.2.1
868
		auth-user-pass $(atf_get_srcdir)/user.pass
869

870
		ca $(atf_get_srcdir)/ca.crt
871
		cert $(atf_get_srcdir)/client2.crt
872
		key $(atf_get_srcdir)/client2.key
873
		dh $(atf_get_srcdir)/dh.pem
874

875
		keepalive 100 600
876
	"
877

878
	# Give the tunnel time to come up
879
	sleep 10
880

881
	atf_check -s exit:0 -o ignore jexec one ping -c 3 198.51.100.1
882
	atf_check -s exit:0 -o ignore jexec two ping -c 3 198.51.100.1
883

884
	# Client-to-client communication
885
	atf_check -s exit:0 -o ignore jexec one ping -c 3 198.51.100.3
886
	atf_check -s exit:0 -o ignore jexec two ping -c 3 198.51.100.2
887

888
	# iroute test
889
	atf_check -s exit:0 -o ignore jexec one ping -c 3 203.0.113.1
890
}
891

892
multi_client_cleanup()
893
{
894
	ovpn_cleanup
895
}
896

897
atf_test_case "route_to" "cleanup"
898
route_to_head()
899
{
900
	atf_set descr "Test pf's route-to with OpenVPN tunnels"
901
	atf_set require.user root
902
	atf_set require.progs openvpn
903
}
904

905
route_to_body()
906
{
907
	pft_init
908
	ovpn_init
909

910
	l=$(vnet_mkepair)
911
	n=$(vnet_mkepair)
912

913
	vnet_mkjail a ${l}a
914
	jexec a ifconfig ${l}a 192.0.2.1/24 up
915
	vnet_mkjail b ${l}b ${n}a
916
	jexec b ifconfig ${l}b 192.0.2.2/24 up
917
	jexec b ifconfig ${n}a up
918

919
	# Sanity check
920
	atf_check -s exit:0 -o ignore jexec a ping -c 1 192.0.2.2
921

922
	ovpn_start a "
923
		dev ovpn0
924
		dev-type tun
925
		proto udp4
926

927
		cipher AES-256-GCM
928
		auth SHA256
929

930
		local 192.0.2.1
931
		server 198.51.100.0 255.255.255.0
932
		ca $(atf_get_srcdir)/ca.crt
933
		cert $(atf_get_srcdir)/server.crt
934
		key $(atf_get_srcdir)/server.key
935
		dh $(atf_get_srcdir)/dh.pem
936

937
		mode server
938
		script-security 2
939
		auth-user-pass-verify /usr/bin/true via-env
940
		topology subnet
941

942
		keepalive 100 600
943
	"
944
	ovpn_start b "
945
		dev tun0
946
		dev-type tun
947

948
		client
949

950
		remote 192.0.2.1
951
		auth-user-pass $(atf_get_srcdir)/user.pass
952

953
		ca $(atf_get_srcdir)/ca.crt
954
		cert $(atf_get_srcdir)/client.crt
955
		key $(atf_get_srcdir)/client.key
956
		dh $(atf_get_srcdir)/dh.pem
957

958
		keepalive 100 600
959
	"
960

961
	# Give the tunnel time to come up
962
	sleep 10
963
	jexec a ifconfig ovpn0 inet alias 198.51.100.254/24
964

965
	# Check the tunnel
966
	atf_check -s exit:0 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.1
967
	atf_check -s exit:0 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.254
968

969
	# Break our route to .254 so that we need a route-to to make things work.
970
	jexec b ifconfig ${n}a 203.0.113.1/24 up
971
	jexec b route add 198.51.100.254 -interface ${n}a
972

973
	# Make sure it's broken.
974
	atf_check -s exit:2 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.254
975

976
	jexec b pfctl -e
977
	pft_set_rules b \
978
		"pass out route-to (tun0 198.51.100.1) proto icmp from 198.51.100.2 "
979
	atf_check -s exit:0 -o ignore jexec b ping -c 3 -S 198.51.100.2 198.51.100.254
980
}
981

982
route_to_cleanup()
983
{
984
	ovpn_cleanup
985
	pft_cleanup
986
}
987

988
atf_test_case "ra" "cleanup"
989
ra_head()
990
{
991
	atf_set descr 'Remote access with multiple clients'
992
	atf_set require.user root
993
	atf_set require.progs openvpn
994
}
995

996
ra_body()
997
{
998
	ovpn_init
999
	vnet_init_bridge
1000

1001
	bridge=$(vnet_mkbridge)
1002
	srv=$(vnet_mkepair)
1003
	lan=$(vnet_mkepair)
1004
	one=$(vnet_mkepair)
1005
	two=$(vnet_mkepair)
1006

1007
	ifconfig ${bridge} up
1008

1009
	ifconfig ${srv}a up
1010
	ifconfig ${bridge} addm ${srv}a
1011
	ifconfig ${one}a up
1012
	ifconfig ${bridge} addm ${one}a
1013
	ifconfig ${two}a up
1014
	ifconfig ${bridge} addm ${two}a
1015

1016
	vnet_mkjail srv ${srv}b ${lan}a
1017
	jexec srv ifconfig lo0 inet 127.0.0.1/8 up
1018
	jexec srv ifconfig ${srv}b 192.0.2.1/24 up
1019
	jexec srv ifconfig ${lan}a 203.0.113.1/24 up
1020
	vnet_mkjail lan ${lan}b
1021
	jexec lan ifconfig lo0 inet 127.0.0.1/8 up
1022
	jexec lan ifconfig ${lan}b 203.0.113.2/24 up
1023
	jexec lan route add default 203.0.113.1
1024
	vnet_mkjail one ${one}b
1025
	jexec one ifconfig lo0 inet 127.0.0.1/8 up
1026
	jexec one ifconfig ${one}b 192.0.2.2/24 up
1027
	vnet_mkjail two ${two}b
1028
	jexec two ifconfig lo0 inet 127.0.0.1/8 up
1029
	jexec two ifconfig ${two}b 192.0.2.3/24 up
1030

1031
	# Sanity checks
1032
	atf_check -s exit:0 -o ignore jexec one ping -c 1 192.0.2.1
1033
	atf_check -s exit:0 -o ignore jexec two ping -c 1 192.0.2.1
1034
	atf_check -s exit:0 -o ignore jexec srv ping -c 1 203.0.113.2
1035

1036
	jexec srv sysctl net.inet.ip.forwarding=1
1037

1038
	ovpn_start srv "
1039
		dev ovpn0
1040
		dev-type tun
1041
		proto udp4
1042

1043
		cipher AES-256-GCM
1044
		auth SHA256
1045

1046
		local 192.0.2.1
1047
		server 198.51.100.0 255.255.255.0
1048

1049
		push \"route 203.0.113.0 255.255.255.0\"
1050

1051
		ca $(atf_get_srcdir)/ca.crt
1052
		cert $(atf_get_srcdir)/server.crt
1053
		key $(atf_get_srcdir)/server.key
1054
		dh $(atf_get_srcdir)/dh.pem
1055

1056
		mode server
1057
		duplicate-cn
1058
		script-security 2
1059
		auth-user-pass-verify /usr/bin/true via-env
1060
		topology subnet
1061

1062
		keepalive 100 600
1063
	"
1064
	ovpn_start one "
1065
		dev tun0
1066
		dev-type tun
1067

1068
		client
1069

1070
		remote 192.0.2.1
1071
		auth-user-pass $(atf_get_srcdir)/user.pass
1072

1073
		ca $(atf_get_srcdir)/ca.crt
1074
		cert $(atf_get_srcdir)/client.crt
1075
		key $(atf_get_srcdir)/client.key
1076
		dh $(atf_get_srcdir)/dh.pem
1077

1078
		keepalive 100 600
1079
	"
1080
	sleep 2
1081
	ovpn_start two "
1082
		dev tun0
1083
		dev-type tun
1084

1085
		client
1086

1087
		remote 192.0.2.1
1088
		auth-user-pass $(atf_get_srcdir)/user.pass
1089

1090
		ca $(atf_get_srcdir)/ca.crt
1091
		cert $(atf_get_srcdir)/client2.crt
1092
		key $(atf_get_srcdir)/client2.key
1093
		dh $(atf_get_srcdir)/dh.pem
1094

1095
		keepalive 100 600
1096
	"
1097

1098
	# Give the tunnel time to come up
1099
	sleep 10
1100

1101
	atf_check -s exit:0 -o ignore jexec one ping -c 1 198.51.100.1
1102
	atf_check -s exit:0 -o ignore jexec two ping -c 1 198.51.100.1
1103

1104
	# Client-to-client communication
1105
	atf_check -s exit:0 -o ignore jexec one ping -c 1 198.51.100.3
1106
	atf_check -s exit:0 -o ignore jexec one ping -c 1 198.51.100.2
1107
	atf_check -s exit:0 -o ignore jexec two ping -c 1 198.51.100.2
1108
	atf_check -s exit:0 -o ignore jexec two ping -c 1 198.51.100.3
1109

1110
	# RA test
1111
	atf_check -s exit:0 -o ignore jexec one ping -c 1 203.0.113.1
1112
	atf_check -s exit:0 -o ignore jexec two ping -c 1 203.0.113.1
1113

1114
	atf_check -s exit:0 -o ignore jexec srv ping -c 1 -S 203.0.113.1 198.51.100.2
1115
	atf_check -s exit:0 -o ignore jexec srv ping -c 1 -S 203.0.113.1 198.51.100.3
1116

1117
	atf_check -s exit:0 -o ignore jexec one ping -c 1 203.0.113.2
1118
	atf_check -s exit:0 -o ignore jexec two ping -c 1 203.0.113.2
1119

1120
	atf_check -s exit:0 -o ignore jexec lan ping -c 1 198.51.100.1
1121
	atf_check -s exit:0 -o ignore jexec lan ping -c 1 198.51.100.2
1122
	atf_check -s exit:0 -o ignore jexec lan ping -c 1 198.51.100.3
1123
	atf_check -s exit:2 -o ignore jexec lan ping -c 1 198.51.100.4
1124
}
1125

1126
ra_cleanup()
1127
{
1128
	ovpn_cleanup
1129
}
1130

1131
ovpn_algo_body()
1132
{
1133
	algo=$1
1134

1135
	ovpn_init
1136

1137
	l=$(vnet_mkepair)
1138

1139
	vnet_mkjail a ${l}a
1140
	jexec a ifconfig ${l}a 192.0.2.1/24 up
1141
	vnet_mkjail b ${l}b
1142
	jexec b ifconfig ${l}b 192.0.2.2/24 up
1143

1144
	# Sanity check
1145
	atf_check -s exit:0 -o ignore jexec a ping -c 1 192.0.2.2
1146

1147
	ovpn_start a "
1148
		dev ovpn0
1149
		dev-type tun
1150
		proto udp4
1151

1152
		cipher ${algo}
1153
		data-ciphers ${algo}
1154
		auth SHA256
1155

1156
		local 192.0.2.1
1157
		server 198.51.100.0 255.255.255.0
1158
		ca $(atf_get_srcdir)/ca.crt
1159
		cert $(atf_get_srcdir)/server.crt
1160
		key $(atf_get_srcdir)/server.key
1161
		dh $(atf_get_srcdir)/dh.pem
1162

1163
		mode server
1164
		script-security 2
1165
		auth-user-pass-verify /usr/bin/true via-env
1166
		topology subnet
1167

1168
		keepalive 100 600
1169
	"
1170
	ovpn_start b "
1171
		dev tun0
1172
		dev-type tun
1173

1174
		client
1175

1176
		cipher ${algo}
1177
		data-ciphers ${algo}
1178

1179
		remote 192.0.2.1
1180
		auth-user-pass $(atf_get_srcdir)/user.pass
1181

1182
		ca $(atf_get_srcdir)/ca.crt
1183
		cert $(atf_get_srcdir)/client.crt
1184
		key $(atf_get_srcdir)/client.key
1185
		dh $(atf_get_srcdir)/dh.pem
1186

1187
		keepalive 100 600
1188
	"
1189

1190
	# Give the tunnel time to come up
1191
	sleep 10
1192

1193
	atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
1194
}
1195

1196
atf_test_case "chacha" "cleanup"
1197
chacha_head()
1198
{
1199
	atf_set descr 'Test DCO with the chacha algorithm'
1200
	atf_set require.user root
1201
	atf_set require.progs openvpn
1202
}
1203

1204
chacha_body()
1205
{
1206
	ovpn_algo_body CHACHA20-POLY1305
1207
}
1208

1209
chacha_cleanup()
1210
{
1211
	ovpn_cleanup
1212
}
1213

1214
atf_test_case "gcm_128" "cleanup"
1215
gcm_128_head()
1216
{
1217
	atf_set descr 'Test DCO with AES-128-GCM'
1218
	atf_set require.user root
1219
	atf_set require.progs openvpn
1220
}
1221

1222
gcm_128_body()
1223
{
1224
	ovpn_algo_body AES-128-GCM
1225
}
1226

1227
gcm_128_cleanup()
1228
{
1229
	ovpn_cleanup
1230
}
1231

1232
atf_test_case "destroy_unused" "cleanup"
1233
destroy_unused_head()
1234
{
1235
	atf_set descr 'Destroy an if_ovpn interface before it is used'
1236
	atf_set require.user root
1237
}
1238

1239
destroy_unused_body()
1240
{
1241
	ovpn_init
1242

1243
	intf=$(ifconfig ovpn create)
1244
	atf_check -s exit:0 \
1245
	    ifconfig ${intf} destroy
1246
}
1247

1248
destroy_unused_cleanup()
1249
{
1250
	ovpn_cleanup
1251
}
1252

1253
atf_test_case "multihome4" "cleanup"
1254
multihome4_head()
1255
{
1256
	atf_set descr 'Test multihome IPv4 with OpenVPN'
1257
	atf_set require.user root
1258
	atf_set require.progs openvpn
1259
}
1260

1261
multihome4_body()
1262
{
1263
	pft_init
1264
	ovpn_init
1265

1266
	l=$(vnet_mkepair)
1267

1268
	vnet_mkjail a ${l}a
1269
	atf_check jexec a ifconfig ${l}a inet 192.0.2.1/24
1270
	atf_check jexec a ifconfig ${l}a alias 192.0.2.2/24
1271
	vnet_mkjail b ${l}b
1272
	atf_check jexec b ifconfig ${l}b inet 192.0.2.3/24
1273

1274
	# Sanity check
1275
	atf_check -s exit:0 -o ignore jexec b ping -c 1 192.0.2.1
1276
	atf_check -s exit:0 -o ignore jexec b ping -c 1 192.0.2.2
1277

1278
	ovpn_start a "
1279
		dev ovpn0
1280
		dev-type tun
1281
		proto udp4
1282

1283
		cipher AES-256-GCM
1284
		auth SHA256
1285

1286
		multihome
1287
		server 198.51.100.0 255.255.255.0
1288
		ca $(atf_get_srcdir)/ca.crt
1289
		cert $(atf_get_srcdir)/server.crt
1290
		key $(atf_get_srcdir)/server.key
1291
		dh $(atf_get_srcdir)/dh.pem
1292

1293
		mode server
1294
		script-security 2
1295
		auth-user-pass-verify /usr/bin/true via-env
1296
		topology subnet
1297

1298
		keepalive 100 600
1299
	"
1300
	ovpn_start b "
1301
		dev tun0
1302
		dev-type tun
1303

1304
		client
1305

1306
		remote 192.0.2.2
1307
		auth-user-pass $(atf_get_srcdir)/user.pass
1308

1309
		ca $(atf_get_srcdir)/ca.crt
1310
		cert $(atf_get_srcdir)/client.crt
1311
		key $(atf_get_srcdir)/client.key
1312
		dh $(atf_get_srcdir)/dh.pem
1313

1314
		keepalive 100 600
1315
	"
1316

1317
	# Block packets from the primary address, openvpn should only use the
1318
	# configured remote address.
1319
	jexec b pfctl -e
1320
	pft_set_rules b \
1321
		"block in quick from 192.0.2.1 to any" \
1322
		"pass all"
1323

1324
	# Give the tunnel time to come up
1325
	sleep 10
1326

1327
	atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
1328
}
1329

1330
multihome4_cleanup()
1331
{
1332
	ovpn_cleanup
1333
	pft_cleanup
1334
}
1335

1336
atf_test_case "multihome6" "cleanup"
1337
multihome6_head()
1338
{
1339
	atf_set descr 'Test multihome IPv6 with OpenVPN'
1340
	atf_set require.user root
1341
	atf_set require.progs openvpn
1342
}
1343

1344
multihome6_body()
1345
{
1346
	ovpn_init
1347

1348
	l=$(vnet_mkepair)
1349

1350
	vnet_mkjail a ${l}a
1351
	atf_check jexec a ifconfig ${l}a inet6 2001:db8::1/64 no_dad
1352
	atf_check jexec a ifconfig ${l}a inet6 alias 2001:db8::2/64 no_dad
1353
	vnet_mkjail b ${l}b
1354
	atf_check jexec b ifconfig ${l}b inet6 2001:db8::3/64 no_dad
1355

1356
	# Sanity check
1357
	atf_check -s exit:0 -o ignore jexec b ping6 -c 1 2001:db8::1
1358
	atf_check -s exit:0 -o ignore jexec b ping6 -c 1 2001:db8::2
1359

1360
	ovpn_start a "
1361
		dev ovpn0
1362
		dev-type tun
1363
		proto udp6
1364

1365
		cipher AES-256-GCM
1366
		auth SHA256
1367

1368
		multihome
1369
		server-ipv6 2001:db8:1::/64
1370

1371
		ca $(atf_get_srcdir)/ca.crt
1372
		cert $(atf_get_srcdir)/server.crt
1373
		key $(atf_get_srcdir)/server.key
1374
		dh $(atf_get_srcdir)/dh.pem
1375

1376
		mode server
1377
		script-security 2
1378
		auth-user-pass-verify /usr/bin/true via-env
1379
		topology subnet
1380

1381
		keepalive 100 600
1382
	"
1383
	ovpn_start b "
1384
		dev tun0
1385
		dev-type tun
1386

1387
		client
1388

1389
		remote 2001:db8::2
1390
		auth-user-pass $(atf_get_srcdir)/user.pass
1391

1392
		ca $(atf_get_srcdir)/ca.crt
1393
		cert $(atf_get_srcdir)/client.crt
1394
		key $(atf_get_srcdir)/client.key
1395
		dh $(atf_get_srcdir)/dh.pem
1396

1397
		keepalive 100 600
1398
	"
1399

1400
	# Block packets from the primary address, openvpn should only use the
1401
	# configured remote address.
1402
	jexec b pfctl -e
1403
	pft_set_rules b \
1404
		"block in quick from 2001:db8::1 to any" \
1405
		"pass all"
1406

1407
	# Give the tunnel time to come up
1408
	sleep 10
1409

1410
	atf_check -s exit:0 -o ignore jexec b ping6 -c 3 2001:db8:1::1
1411
	atf_check -s exit:0 -o ignore jexec b ping6 -c 3 -z 16 2001:db8:1::1
1412
}
1413

1414
multihome6_cleanup()
1415
{
1416
	ovpn_cleanup
1417
	pft_cleanup
1418
}
1419

1420
atf_test_case "float" "cleanup"
1421
float_head()
1422
{
1423
	atf_set descr 'Test peer float notification'
1424
	atf_set require.user root
1425
}
1426

1427
float_body()
1428
{
1429
	ovpn_init
1430
	ovpn_check_version 2.7.0
1431

1432
	l=$(vnet_mkepair)
1433

1434
	vnet_mkjail a ${l}a
1435
	jexec a ifconfig ${l}a 192.0.2.1/24 up
1436
	jexec a ifconfig lo0 127.0.0.1/8 up
1437
	vnet_mkjail b ${l}b
1438
	jexec b ifconfig ${l}b 192.0.2.2/24 up
1439

1440
	# Sanity check
1441
	atf_check -s exit:0 -o ignore jexec a ping -c 1 192.0.2.2
1442

1443
	ovpn_start a "
1444
		dev ovpn0
1445
		dev-type tun
1446
		proto udp4
1447

1448
		cipher AES-256-GCM
1449
		auth SHA256
1450

1451
		local 192.0.2.1
1452
		server 198.51.100.0 255.255.255.0
1453
		ca $(atf_get_srcdir)/ca.crt
1454
		cert $(atf_get_srcdir)/server.crt
1455
		key $(atf_get_srcdir)/server.key
1456
		dh $(atf_get_srcdir)/dh.pem
1457

1458
		mode server
1459
		script-security 2
1460
		auth-user-pass-verify /usr/bin/true via-env
1461
		topology subnet
1462

1463
		keepalive 2 10
1464

1465
		management 192.0.2.1 1234
1466
	"
1467
	ovpn_start b "
1468
		dev tun0
1469
		dev-type tun
1470

1471
		client
1472

1473
		remote 192.0.2.1
1474
		auth-user-pass $(atf_get_srcdir)/user.pass
1475

1476
		ca $(atf_get_srcdir)/ca.crt
1477
		cert $(atf_get_srcdir)/client.crt
1478
		key $(atf_get_srcdir)/client.key
1479
		dh $(atf_get_srcdir)/dh.pem
1480

1481
		keepalive 2 10
1482
	"
1483

1484
	# Give the tunnel time to come up
1485
	sleep 10
1486

1487
	atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
1488

1489
	# We expect the client on 192.0.2.2
1490
	if ! echo "status" | jexec a nc -N 192.0.2.1 1234 | grep 192.0.2.2; then
1491
		atf_fail "Client not found in status list!"
1492
	fi
1493

1494
	# Now change the client IP
1495
	jexec b ifconfig ${l}b 192.0.2.3/24 up
1496

1497
	# And wait for keepalives to trigger the float notification
1498
	sleep 5
1499

1500
	# So the client now has the new address in userspace
1501
	if ! echo "status" | jexec a nc -N 192.0.2.1 1234 | grep 192.0.2.3; then
1502
		atf_fail "Client not found in status list!"
1503
	fi
1504
}
1505

1506
float_cleanup()
1507
{
1508
	ovpn_cleanup
1509
}
1510

1511
atf_init_test_cases()
1512
{
1513
	atf_add_test_case "4in4"
1514
	atf_add_test_case "bz283426"
1515
	atf_add_test_case "4mapped"
1516
	atf_add_test_case "6in4"
1517
	atf_add_test_case "6in6"
1518
	atf_add_test_case "4in6"
1519
	atf_add_test_case "linklocal"
1520
	atf_add_test_case "timeout_client"
1521
	atf_add_test_case "explicit_exit"
1522
	atf_add_test_case "multi_client"
1523
	atf_add_test_case "route_to"
1524
	atf_add_test_case "ra"
1525
	atf_add_test_case "chacha"
1526
	atf_add_test_case "gcm_128"
1527
	atf_add_test_case "destroy_unused"
1528
	atf_add_test_case "multihome4"
1529
	atf_add_test_case "multihome6"
1530
	atf_add_test_case "float"
1531
}
1532

1533
Product

Resources

Company
