summaryrefslogtreecommitdiff
path: root/t_client.sh
diff options
context:
space:
mode:
Diffstat (limited to 't_client.sh')
-rwxr-xr-xt_client.sh298
1 files changed, 0 insertions, 298 deletions
diff --git a/t_client.sh b/t_client.sh
deleted file mode 100755
index 21698ef..0000000
--- a/t_client.sh
+++ /dev/null
@@ -1,298 +0,0 @@
-#!/bin/sh
-#
-# run OpenVPN client against ``test reference'' server
-# - check that ping, http, ... via tunnel works
-# - check that interface config / routes are properly cleaned after test end
-#
-# prerequisites:
-# - openvpn binary in current directory
-# - writable current directory to create subdir for logs
-# - t_client.rc in current directory OR source dir that specifies tests
-# - for "ping4" checks: fping binary in $PATH
-# - for "ping6" checks: fping6 binary in $PATH
-#
-
-if [ -r ./t_client.rc ] ; then
- . ./t_client.rc
-elif [ -r "${srcdir}"/t_client.rc ] ; then
- . "${srcdir}"/t_client.rc
-else
- echo "$0: cannot find 't_client.rc' in current directory or" >&2
- echo "$0: source dir ('${srcdir}'). SKIPPING TEST." >&2
- exit 77
-fi
-
-if [ ! -x ./openvpn ]
-then
- echo "no (executable) openvpn binary in current directory. FAIL." >&2
- exit 1
-fi
-
-if [ ! -w . ]
-then
- echo "current directory is not writable (required for logging). FAIL." >&2
- exit 1
-fi
-
-if [ -z "$CA_CERT" ] ; then
- echo "CA_CERT not defined in 't_client.rc'. SKIP test." >&2
- exit 77
-fi
-
-if [ -z "$TEST_RUN_LIST" ] ; then
- echo "TEST_RUN_LIST empty, no tests defined. SKIP test." >&2
- exit 77
-fi
-
-# make sure we have permissions to run ifconfig/route from OpenVPN
-# can't use "id -u" here - doesn't work on Solaris
-ID=`id`
-if expr "$ID" : "uid=0" >/dev/null
-then :
-else
- echo "$0: this test must run be as root. SKIP." >&2
- exit 77
-fi
-
-LOGDIR=t_client-`hostname`-`date +%Y%m%d-%H%M%S`
-if mkdir $LOGDIR
-then :
-else
- echo "can't create log directory '$LOGDIR'. FAIL." >&2
- exit 1
-fi
-
-exit_code=0
-
-# ----------------------------------------------------------
-# helper functions
-# ----------------------------------------------------------
-# print failure message, increase FAIL counter
-fail()
-{
- echo ""
- echo "FAIL: $@" >&2
- fail_count=$(( $fail_count + 1 ))
-}
-
-# print "all interface IP addresses" + "all routes"
-# this is higly system dependent...
-get_ifconfig_route()
-{
- # linux / iproute2? (-> if configure got a path)
- if [ "/sbin/ip" != "ip" ]
- then
- echo "-- linux iproute2 --"
- /sbin/ip addr show | grep -v valid_lft
- /sbin/ip route show
- /sbin/ip -6 route show | sed -e 's/expires [0-9]*sec //'
- return
- fi
-
- # try uname
- case `uname -s` in
- Linux)
- echo "-- linux / ifconfig --"
- LANG=C /sbin/ifconfig -a |egrep "( addr:|encap:)"
- LANG=C /bin/netstat -rn -4 -6
- return
- ;;
- FreeBSD|NetBSD|Darwin)
- echo "-- FreeBSD/NetBSD/Darwin [MacOS X] --"
- /sbin/ifconfig -a | egrep "(flags=|inet)"
- /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }'
- return
- ;;
- OpenBSD)
- echo "-- OpenBSD --"
- /sbin/ifconfig -a | egrep "(flags=|inet)" | \
- sed -e 's/pltime [0-9]*//' -e 's/vltime [0-9]*//'
- /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }'
- return
- ;;
- SunOS)
- echo "-- Solaris --"
- /sbin/ifconfig -a | egrep "(flags=|inet)"
- /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }'
- return
- ;;
- esac
-
- echo "get_ifconfig_route(): no idea how to get info on your OS. FAIL." >&2
- exit 20
-}
-
-# ----------------------------------------------------------
-# check ifconfig
-# arg1: "4" or "6" -> for message
-# arg2: IPv4/IPv6 address that must show up in out of "get_ifconfig_route"
-check_ifconfig()
-{
- proto=$1 ; shift
- expect_list="$@"
-
- if [ -z "$expect_list" ] ; then return ; fi
-
- for expect in $expect_list
- do
- if get_ifconfig_route | fgrep "$expect" >/dev/null
- then :
- else
- fail "check_ifconfig(): expected IPv$proto address '$expect' not found in ifconfig output."
- fi
- done
-}
-
-# ----------------------------------------------------------
-# run pings
-# arg1: "4" or "6" -> fping/fing6
-# arg2: "want_ok" or "want_fail" (expected ping result)
-# arg3... -> fping arguments (host list)
-run_ping_tests()
-{
- proto=$1 ; want=$2 ; shift ; shift
- targetlist="$@"
-
- # "no targets" is fine
- if [ -z "$targetlist" ] ; then return ; fi
-
- case $proto in
- 4) cmd=fping ;;
- 6) cmd=fping6 ;;
- *) echo "internal error in run_ping_tests arg 1: '$proto'" >&2
- exit 1 ;;
- esac
-
- case $want in
- want_ok) sizes_list="64 1440 3000" ;;
- want_fail) sizes_list="64" ;;
- esac
-
- for bytes in $sizes_list
- do
- echo "run IPv$proto ping tests ($want), $bytes byte packets..."
-
- echo "$cmd -b $bytes -C 20 -p 250 -q $targetlist" >>$LOGDIR/$SUF:fping.out
- $cmd -b $bytes -C 20 -p 250 -q $targetlist >>$LOGDIR/$SUF:fping.out 2>&1
-
- # while OpenVPN is running, pings must succeed (want='want_ok')
- # before OpenVPN is up, pings must NOT succeed (want='want_fail')
-
- rc=$?
- if [ $rc = 0 ] # all ping OK
- then
- if [ $want = "want_fail" ] # not what we want
- then
- fail "IPv$proto ping test succeeded, but needs to *fail*."
- fi
- else # ping failed
- if [ $want = "want_ok" ] # not what we wanted
- then
- fail "IPv$proto ping test ($bytes bytes) failed, but should succeed."
- fi
- fi
- done
-}
-
-# ----------------------------------------------------------
-# main test loop
-# ----------------------------------------------------------
-for SUF in $TEST_RUN_LIST
-do
- echo -e "\n### test run $SUF ###\n"
- fail_count=0
-
- echo "save pre-openvpn ifconfig + route"
- get_ifconfig_route >$LOGDIR/$SUF:ifconfig_route_pre.txt
-
- # get config variables
- eval openvpn_conf=\"\$OPENVPN_CONF_$SUF\"
- eval expect_ifconfig4=\"\$EXPECT_IFCONFIG4_$SUF\"
- eval expect_ifconfig6=\"\$EXPECT_IFCONFIG6_$SUF\"
- eval ping4_hosts=\"\$PING4_HOSTS_$SUF\"
- eval ping6_hosts=\"\$PING6_HOSTS_$SUF\"
-
- echo -e "\nrun pre-openvpn ping tests - targets must not be reachable..."
- run_ping_tests 4 want_fail "$ping4_hosts"
- run_ping_tests 6 want_fail "$ping6_hosts"
- if [ "$fail_count" = 0 ] ; then
- echo -e "OK.\n"
- else
- echo -e "FAIL: make sure that ping hosts are ONLY reachable via VPN, SKIP test $SUF".
- exit_code=31
- continue
- fi
-
- echo " run ./openvpn $openvpn_conf"
- ./openvpn $openvpn_conf >$LOGDIR/$SUF:openvpn.log &
- opid=$!
-
- # make sure openvpn client is terminated in case shell exits
- trap "kill $opid" 0
- trap "kill $opid ; trap - 0 ; exit 1" 1 2 3 15
-
- echo "wait for connection to establish..."
- sleep 10
-
- # test whether OpenVPN process is still there
- if kill -0 $opid
- then :
- else
- echo -e "OpenVPN process has failed to start up, check log ($LOGDIR/$SUF:openvpn.log). FAIL.\ntail of logfile follows:\n..." >&2
- tail $LOGDIR/$SUF:openvpn.log >&2
- trap - 0 1 2 3 15
- exit 10
- fi
-
- # compare whether anything changed in ifconfig/route setup?
- echo "save ifconfig+route"
- get_ifconfig_route >$LOGDIR/$SUF:ifconfig_route.txt
-
- echo -n "compare pre-openvpn ifconfig+route with current values..."
- if diff $LOGDIR/$SUF:ifconfig_route_pre.txt \
- $LOGDIR/$SUF:ifconfig_route.txt >/dev/null
- then
- fail "no differences between ifconfig/route before OpenVPN start and now."
- else
- echo -e " OK!\n"
- fi
-
- # expected ifconfig values in there?
- check_ifconfig 4 "$expect_ifconfig4"
- check_ifconfig 6 "$expect_ifconfig6"
-
- run_ping_tests 4 want_ok "$ping4_hosts"
- run_ping_tests 6 want_ok "$ping6_hosts"
- echo -e "ping tests done.\n"
-
- echo "stopping OpenVPN"
- kill $opid
- wait $!
- rc=$?
- if [ $rc != 0 ] ; then
- fail "OpenVPN return code $rc, expect 0"
- fi
-
- echo -e "\nsave post-openvpn ifconfig + route..."
- get_ifconfig_route >$LOGDIR/$SUF:ifconfig_route_post.txt
-
- echo -n "compare pre- and post-openvpn ifconfig + route..."
- if diff $LOGDIR/$SUF:ifconfig_route_pre.txt \
- $LOGDIR/$SUF:ifconfig_route_post.txt >$LOGDIR/$SUF:ifconfig_route_diff.txt
- then
- echo -e " OK.\n"
- else
- cat $LOGDIR/$SUF:ifconfig_route_diff.txt >&2
- fail "differences between pre- and post-ifconfig/route"
- fi
- if [ "$fail_count" = 0 ] ; then
- echo -e "test run $SUF: all tests OK.\n"
- else
- echo -e "test run $SUF: $fail_count test failures. FAIL.\n";
- exit_code=30
- fi
-done
-
-# remove trap handler
-trap - 0 1 2 3 15
-exit $exit_code