1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
#!/bin/bash
set -e
# fetch some stuff from oe.libreswan.org, make sure it's bad:
badstring='<HTML><BODY><HEAD><TITLE>OH noooooos!!</TITLE>'
ping -c 5 oe.libreswan.org 2>&1
dig +short -x `dig +short oe.libreswan.org` ipseckey +trusted-key=/usr/share/dns/root.key +sigchase
wget -q --tries=2 --timeout=5 -O "${AUTOPKGTEST_ARTIFACTS}/before.html" http://oe.libreswan.org/
grep -F "$badstring" "${AUTOPKGTEST_ARTIFACTS}/before.html"
echo "0.0.0.0/0" > /etc/ipsec.d/policies/private-or-clear
systemctl --no-pager status ipsec || true
cp /usr/share/doc/libreswan/examples/oe-dnssec-client.conf /etc/ipsec.d/
if ! systemctl restart ipsec ; then
printf "systemctl restart failed with %d\n" "$?"
systemctl status ipsec || true
journalctl -xe
fi
systemctl --no-pager status ipsec
# TODO: better details?
ipsec whack --trafficstatus
ping -c 5 oe.libreswan.org 2>&1
systemctl --no-pager status ipsec
# now fetch some stuff from oe.libreswan.org, make sure it's good!
wget -q --tries=2 --timeout=5 -O "${AUTOPKGTEST_ARTIFACTS}/after.html" http://oe.libreswan.org/
if grep -F "$badstring" "${AUTOPKGTEST_ARTIFACTS}/after.html"; then
printf "we got 'oh nooooooos' from http://oe.libreswan.org after bringing up opportunistic ipsec\n"
exit 1
fi
# TODO: better details?
ipsec whack --trafficstatus
|
