summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLucas Kanashiro <lucas.kanashiro@canonical.com>2020-05-08 09:19:44 -0300
committerBernhard Schmidt <berni@debian.org>2020-09-01 01:17:49 +0200
commit68cf7e194033449b6c02fde1413875a597861c19 (patch)
treeeafdb212ab8163b52e07a76cc711e607a7ceb008
parent4e5ae294da9429b739ba4dd741d73478429bf4d1 (diff)
Add two DEP-8 test cases for the server side
Two scenarios are tested, server setup using: a static key and a CA.
-rw-r--r--debian/tests/control6
-rwxr-xr-xdebian/tests/server-setup-with-ca91
-rwxr-xr-xdebian/tests/server-setup-with-static-key63
3 files changed, 160 insertions, 0 deletions
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..9fb6fea
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,6 @@
+Tests: server-setup-with-ca
+Depends: openvpn, easy-rsa
+Restrictions: needs-root, isolation-machine
+
+Tests: server-setup-with-static-key
+Restrictions: needs-root, isolation-machine
diff --git a/debian/tests/server-setup-with-ca b/debian/tests/server-setup-with-ca
new file mode 100755
index 0000000..58df2e9
--- /dev/null
+++ b/debian/tests/server-setup-with-ca
@@ -0,0 +1,91 @@
+#!/bin/bash
+
+# ----------------------------------------------
+# Test an OpenVPN server setup with CA
+# ----------------------------------------------
+
+set -e
+
+CONFIG_DIR=/etc/openvpn
+CA_DIR=easy-rsa
+CA_VARS_FILE=vars
+DEVICE=tun1
+IP_NETWORK=10.9.8.0
+NETWORK_MASK=255.255.255.0
+LOG_FILE=$AUTOPKGTEST_TMP/openvpn.log
+
+# Print information message to stdout
+info() {
+ echo "[I] $1"
+}
+
+info "Create the CA directory inside the config directory"
+cd $CONFIG_DIR
+make-cadir $CA_DIR
+cd $CA_DIR
+
+info \
+"Add some variables to the $CA_VARS_FILE to build the CA and keys in a non interactive mode"
+cat << EOF >> $CA_VARS_FILE
+set_var EASYRSA_REQ_COUNTRY "US"
+set_var EASYRSA_REQ_PROVINCE "California"
+set_var EASYRSA_REQ_CITY "San Francisco"
+set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
+set_var EASYRSA_REQ_EMAIL "me@example.net"
+set_var EASYRSA_REQ_OU "My Organizational Unit"
+
+set_var EASYRSA_BATCH "1"
+EOF
+
+info "Setup the CA and the server keys"
+./easyrsa init-pki
+./easyrsa build-ca nopass 2>/dev/null
+./easyrsa build-server-full server nopass 2>/dev/null
+./easyrsa gen-dh 2>/dev/null
+
+info "Create the OpenVPN server config file"
+cat << EOF > /etc/openvpn/server.conf
+dev $DEVICE
+server $IP_NETWORK $NETWORK_MASK
+
+ca $CONFIG_DIR/$CA_DIR/pki/ca.crt
+cert $CONFIG_DIR/$CA_DIR/pki/issued/server.crt
+key $CONFIG_DIR/$CA_DIR/pki/private/server.key
+dh $CONFIG_DIR/$CA_DIR/pki/dh.pem
+EOF
+
+info "Start an OpenVPN process in background and redirect its output to a file"
+openvpn --config $CONFIG_DIR/server.conf --verb 6 > $LOG_FILE &
+
+info "Give some time to start the process, check if the TUN device is opened"
+count=1
+until [ -f $LOG_FILE ] && cat $LOG_FILE | grep "TUN/TAP device $DEVICE opened"; do
+ [ $count -gt 9 ] && exit 5
+ count=$(expr $count + 1)
+ sleep 1
+done
+
+info "Check if the $DEVICE was created and if the state is UNKNOWN at this point"
+ip address show $DEVICE | grep 'state UNKNOWN'
+
+info "Check if OpenVPN is listening on port 1194 (default port)"
+ss -lnptu | grep -E '([0-9]{1,3}\.){3}[0-9]{1,3}:1194.*users:\(\(\"openvpn\"'
+
+info "Check if Diffie-Hellman was initialized"
+cat $LOG_FILE | grep 'Diffie-Hellman initialized'
+
+info "Check if the $DEVICE is linked"
+cat $LOG_FILE | grep "/sbin/ip link set dev $DEVICE up"
+
+info "Check if the network route was correctly configured"
+cat $LOG_FILE | grep "/sbin/ip route add $IP_NETWORK/24"
+
+info "Check if the Initialization Sequence completed"
+cat $LOG_FILE | grep 'Initialization Sequence Completed'
+
+# Clean up: kill tha OpenVPN process, remove the $DEVICE created and CA dir
+cleanup() {
+ pkill openvpn
+ rm -rf $CONFIG_DIR/$CA_DIR
+}
+trap cleanup INT TERM EXIT
diff --git a/debian/tests/server-setup-with-static-key b/debian/tests/server-setup-with-static-key
new file mode 100755
index 0000000..9ddaecd
--- /dev/null
+++ b/debian/tests/server-setup-with-static-key
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+# ----------------------------------------------
+# Test an OpenVPN server setup with a static key
+# ----------------------------------------------
+
+set -e
+
+CONFIG_DIR=/etc/openvpn
+STATIC_KEY=static.key
+DEVICE=tun0
+IP_SERVER=10.9.8.1
+IP_CLIENT=10.9.8.2
+LOG_FILE=$AUTOPKGTEST_TMP/openvpn.log
+
+# Print information message to stdout
+info() {
+ echo "[I] $1"
+}
+
+info "Generate the static key inside the config directory"
+cd $CONFIG_DIR
+openvpn --genkey --secret $STATIC_KEY
+
+info "Create the config file"
+cat << EOF > $CONFIG_DIR/$DEVICE.conf
+dev $DEVICE
+ifconfig $IP_SERVER $IP_CLIENT
+secret $CONFIG_DIR/$STATIC_KEY
+EOF
+
+info "Start an OpenVPN process in background and redirect its output to a file"
+openvpn --config $CONFIG_DIR/$DEVICE.conf --verb 6 > $LOG_FILE &
+
+info "Give some time to start the process, check if the TUN device is opened"
+count=1
+until [ -f $LOG_FILE ] && cat $LOG_FILE | grep "TUN/TAP device $DEVICE opened"; do
+ [ $count -gt 9 ] && exit 5
+ count=$(expr $count + 1)
+ sleep 1
+done
+
+info "Check if the $DEVICE was created and if the state is UNKNOWN at this point"
+ip address show $DEVICE | grep 'state UNKNOWN'
+
+info "Check if OpenVPN is listening on port 1194 (default port)"
+ss -lnptu | grep -E '([0-9]{1,3}\.){3}[0-9]{1,3}:1194.*users:\(\(\"openvpn\"'
+
+info "Check if the $STATIC_KEY is used by OpenVPN"
+cat $LOG_FILE | grep "shared_secret_file = '$CONFIG_DIR/$STATIC_KEY'"
+
+info "Check if the $DEVICE is linked"
+cat $LOG_FILE | grep "/sbin/ip link set dev $DEVICE up"
+
+info "Check if the specified IP addresses were configured"
+cat $LOG_FILE | grep "/sbin/ip addr add dev tun0 local $IP_SERVER peer $IP_CLIENT"
+
+# Clean up: kill tha OpenVPN process, remove the $DEVICE created and $STATIC_KEY
+cleanup() {
+ pkill openvpn
+ rm $CONFIG_DIR/$STATIC_KEY
+}
+trap cleanup INT TERM EXIT