diff options
Diffstat (limited to 'debian/tests/server-setup-with-ca')
| -rwxr-xr-x | debian/tests/server-setup-with-ca | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/debian/tests/server-setup-with-ca b/debian/tests/server-setup-with-ca new file mode 100755 index 0000000..58df2e9 --- /dev/null +++ b/debian/tests/server-setup-with-ca @@ -0,0 +1,91 @@ +#!/bin/bash + +# ---------------------------------------------- +# Test an OpenVPN server setup with CA +# ---------------------------------------------- + +set -e + +CONFIG_DIR=/etc/openvpn +CA_DIR=easy-rsa +CA_VARS_FILE=vars +DEVICE=tun1 +IP_NETWORK=10.9.8.0 +NETWORK_MASK=255.255.255.0 +LOG_FILE=$AUTOPKGTEST_TMP/openvpn.log + +# Print information message to stdout +info() { + echo "[I] $1" +} + +info "Create the CA directory inside the config directory" +cd $CONFIG_DIR +make-cadir $CA_DIR +cd $CA_DIR + +info \ +"Add some variables to the $CA_VARS_FILE to build the CA and keys in a non interactive mode" +cat << EOF >> $CA_VARS_FILE +set_var EASYRSA_REQ_COUNTRY "US" +set_var EASYRSA_REQ_PROVINCE "California" +set_var EASYRSA_REQ_CITY "San Francisco" +set_var EASYRSA_REQ_ORG "Copyleft Certificate Co" +set_var EASYRSA_REQ_EMAIL "me@example.net" +set_var EASYRSA_REQ_OU "My Organizational Unit" + +set_var EASYRSA_BATCH "1" +EOF + +info "Setup the CA and the server keys" +./easyrsa init-pki +./easyrsa build-ca nopass 2>/dev/null +./easyrsa build-server-full server nopass 2>/dev/null +./easyrsa gen-dh 2>/dev/null + +info "Create the OpenVPN server config file" +cat << EOF > /etc/openvpn/server.conf +dev $DEVICE +server $IP_NETWORK $NETWORK_MASK + +ca $CONFIG_DIR/$CA_DIR/pki/ca.crt +cert $CONFIG_DIR/$CA_DIR/pki/issued/server.crt +key $CONFIG_DIR/$CA_DIR/pki/private/server.key +dh $CONFIG_DIR/$CA_DIR/pki/dh.pem +EOF + +info "Start an OpenVPN process in background and redirect its output to a file" +openvpn --config $CONFIG_DIR/server.conf --verb 6 > $LOG_FILE & + +info "Give some time to start the process, check if the TUN device is opened" +count=1 +until [ -f $LOG_FILE ] && cat $LOG_FILE | grep "TUN/TAP device $DEVICE opened"; do + [ $count -gt 9 ] && exit 5 + count=$(expr $count + 1) + sleep 1 +done + +info "Check if the $DEVICE was created and if the state is UNKNOWN at this point" +ip address show $DEVICE | grep 'state UNKNOWN' + +info "Check if OpenVPN is listening on port 1194 (default port)" +ss -lnptu | grep -E '([0-9]{1,3}\.){3}[0-9]{1,3}:1194.*users:\(\(\"openvpn\"' + +info "Check if Diffie-Hellman was initialized" +cat $LOG_FILE | grep 'Diffie-Hellman initialized' + +info "Check if the $DEVICE is linked" +cat $LOG_FILE | grep "/sbin/ip link set dev $DEVICE up" + +info "Check if the network route was correctly configured" +cat $LOG_FILE | grep "/sbin/ip route add $IP_NETWORK/24" + +info "Check if the Initialization Sequence completed" +cat $LOG_FILE | grep 'Initialization Sequence Completed' + +# Clean up: kill tha OpenVPN process, remove the $DEVICE created and CA dir +cleanup() { + pkill openvpn + rm -rf $CONFIG_DIR/$CA_DIR +} +trap cleanup INT TERM EXIT |