File: t_server_null_default.rc

package info (click to toggle)
openvpn 2.7.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 11,388 kB
  • sloc: ansic: 103,617; sh: 6,873; makefile: 1,010; python: 271; perl: 66
file content (145 lines) | stat: -rwxr-xr-x 6,573 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# -*- shell-script -*-
# Notes regarding --dev null server and client configurations:
#
# The t_server_null_server.sh exits when all client pid files have gone
# missing. That is the most reliable and fastest way to detect client
# disconnections in the "everything runs on localhost" context. Checking server
# status files for client connections works, but introduces long delays as
# --explicit-exit-notify does not seem to work on all client configurations.
# This means that, by default, there is about 1 minute delay before the server
# purges clients that have already exited and have not reported back.
#
srcdir="${srcdir:-.}"
top_builddir="${top_builddir:-..}"
sample_keys="${srcdir}/../sample/sample-keys"

CA="${sample_keys}/ca.crt"
CLIENT_CERT="${sample_keys}/client.crt"
CLIENT_KEY="${sample_keys}/client.key"
SERVER_CERT="${sample_keys}/server.crt"
SERVER_KEY="${sample_keys}/server.key"
TA="${sample_keys}/ta.key"

# This parameter can't be overridden in t_server_null.rc because that gets
# loaded too late. However, you can use
#
# LWIPOVPN_PATH=/some/path/to/lwipovpn make check
#
# to run the tests using lwipovpn in a custom location
#
LWIPOVPN_PATH="${LWIPOVPN_PATH:-lwipovpn}"

# Used to detect if graceful kill of any server instance failed during the test
# run
SERVER_KILL_FAIL_FILE=".t_server_null_server.kill_failed"

# Test server configurations
MAX_CLIENTS="10"
CLIENT_MATCH="Test-Client"
SERVER_EXEC="${top_builddir}/src/openvpn/openvpn"
SERVER_BASE_OPTS="--dev tun --topology subnet --max-clients $MAX_CLIENTS --persist-tun --verb 3 --duplicate-cn"
SERVER_BIND_OPTS="--local 127.0.0.1"
SERVER_CIPHER_OPTS=""
SERVER_CERT_OPTS="--ca ${CA} --cert ${SERVER_CERT} --key ${SERVER_KEY} --tls-auth ${TA} 0"
SERVER_CONF_BASE="${SERVER_BASE_OPTS} ${SERVER_CIPHER_OPTS} ${SERVER_CERT_OPTS} ${SERVER_BIND_OPTS}"
SERVER_CONF_BASE_MULTISOCKET="${SERVER_BASE_OPTS} ${SERVER_CIPHER_OPTS} ${SERVER_CERT_OPTS}"

TEST_SERVER_LIST="1 2 3 4"

SERVER_NAME_1="t_server_null_server-1194_udp"
SERVER_SERVER_1="--server 10.29.41.0 255.255.255.0"
SERVER_MGMT_PORT_1="11194"
SERVER_EXEC_1="${SERVER_EXEC}"
SERVER_CONF_1="${SERVER_CONF_BASE} ${SERVER_SERVER_1} --lport 1194 --proto udp --management 127.0.0.1 ${SERVER_MGMT_PORT_1}"

SERVER_NAME_2="t_server_null_server-1195_tcp"
SERVER_SERVER_2="--server 10.29.42.0 255.255.255.0"
SERVER_MGMT_PORT_2="11195"
SERVER_EXEC_2="${SERVER_EXEC}"
SERVER_CONF_2="${SERVER_CONF_BASE} ${SERVER_SERVER_2} --lport 1195 --proto tcp --management 127.0.0.1 ${SERVER_MGMT_PORT_2} --dh none"

SERVER_NAME_3="t_server_null_server-1196_udp"
SERVER_SERVER_3="--server 10.29.43.0 255.255.255.0"
SERVER_MGMT_PORT_3="11196"
SERVER_EXEC_3="${SERVER_EXEC}"
SERVER_CONF_3="${SERVER_CONF_BASE} ${SERVER_SERVER_3} --lport 1196 --proto udp --management 127.0.0.1 ${SERVER_MGMT_PORT_3} --dh none --cipher AES-192-CBC --data-ciphers DEFAULT:AES-192-CBC"

SERVER_NAME_4="t_server_null_server-1197_multisocket_ipv4_ipv6"
SERVER_SERVER_4="--server 10.29.44.0 255.255.255.0"
SERVER_MGMT_PORT_4="11197"
SERVER_EXEC_4="${SERVER_EXEC}"
SERVER_CONF_4="${SERVER_CONF_BASE_MULTISOCKET} ${SERVER_SERVER_4} --local 127.0.0.1 1197 tcp --local ::1 1197 udp --management 127.0.0.1 ${SERVER_MGMT_PORT_4}"

# Test client configurations
CLIENT_EXEC="${top_builddir}/src/openvpn/openvpn"
CLIENT_BASE_OPTS="--client --nobind --remote-cert-tls server --persist-tun --verb 3 --resolv-retry infinite --connect-retry-max 3 --server-poll-timeout 5 --explicit-exit-notify 3 --script-security 2"
CLIENT_NULL_OPTS="--dev null --ifconfig-noexec --up ${srcdir}/null_client_up.sh"
CLIENT_LWIP_OPTS="--dev null --dev-node unix:${LWIPOVPN_PATH} --up ${srcdir}/lwip_client_up.sh"

CLIENT_CIPHER_OPTS=""
CLIENT_CERT_OPTS="--ca ${CA} --cert ${CLIENT_CERT} --key ${CLIENT_KEY} --tls-auth ${TA} 1"

TEST_RUN_LIST="1a 1b 1c 1L 2a 2L 3a 3b 4a 4b 4c"
CLIENT_CONF_BASE="${CLIENT_NULL_OPTS} ${CLIENT_BASE_OPTS} ${CLIENT_CIPHER_OPTS} ${CLIENT_CERT_OPTS}"
CLIENT_CONF_BASE_LWIP="${CLIENT_LWIP_OPTS} ${CLIENT_BASE_OPTS} ${CLIENT_CIPHER_OPTS} ${CLIENT_CERT_OPTS}"

TEST_NAME_1a="t_server_null_client.sh-openvpn_current_udp"
SHOULD_PASS_1a="yes"
CLIENT_EXEC_1a="${CLIENT_EXEC}"
CLIENT_CONF_1a="${CLIENT_CONF_BASE} --remote 127.0.0.1 1194 udp --proto udp"

TEST_NAME_1b="t_server_null_client.sh-openvpn_current_udp_fail"
SHOULD_PASS_1b="no"
CLIENT_EXEC_1b="${CLIENT_EXEC}"
CLIENT_CONF_1b="${CLIENT_CONF_BASE} --remote 127.0.0.1 11194 udp --proto udp"

# --data-cipher list against server with defaults
# --cipher ignored
TEST_NAME_1c="t_server_null_client.sh-openvpn_current_udp_dc1"
SHOULD_PASS_1c="yes"
CLIENT_EXEC_1c="${CLIENT_EXEC}"
CLIENT_CONF_1c="${CLIENT_CONF_BASE} --remote 127.0.0.1 1194 udp --proto udp --cipher AES-128-CBC --data-ciphers AES-192-CBC:DEFAULT"

TEST_NAME_1L="t_server_null_client.sh-openvpn_current_udp_lwip"
SHOULD_PASS_1L="yes"
CLIENT_EXEC_1L="${CLIENT_EXEC}"
CLIENT_CONF_1L="${CLIENT_CONF_BASE_LWIP} --remote 127.0.0.1 1194 udp --proto udp"

TEST_NAME_2a="t_server_null_client.sh-openvpn_current_tcp"
SHOULD_PASS_2a="yes"
CLIENT_EXEC_2a="${CLIENT_EXEC}"
CLIENT_CONF_2a="${CLIENT_CONF_BASE} --remote 127.0.0.1 1195 tcp --proto tcp"

TEST_NAME_2L="t_server_null_client.sh-openvpn_current_tcp_lwip"
SHOULD_PASS_2L="yes"
CLIENT_EXEC_2L="${CLIENT_EXEC}"
CLIENT_CONF_2L="${CLIENT_CONF_BASE_LWIP} --remote 127.0.0.1 1195 tcp --proto tcp"

# specific --data-cipher against server that supports that cipher
# --cipher ignored
TEST_NAME_3a="t_server_null_client.sh-openvpn_current_udp_dc3"
SHOULD_PASS_3a="yes"
CLIENT_EXEC_3a="${CLIENT_EXEC}"
CLIENT_CONF_3a="${CLIENT_CONF_BASE} --remote 127.0.0.1 1196 udp --proto udp --cipher AES-128-CBC --data-ciphers AES-192-CBC"

# specific --data-cipher against server that doesn't support that cipher
# --cipher ignored
TEST_NAME_3b="t_server_null_client.sh-openvpn_current_udp_dc3_fail"
SHOULD_PASS_3b="no"
CLIENT_EXEC_3b="${CLIENT_EXEC}"
CLIENT_CONF_3b="${CLIENT_CONF_BASE} --remote 127.0.0.1 1196 udp --proto udp --cipher AES-192-CBC --data-ciphers AES-128-CBC"

TEST_NAME_4a="t_server_null_client.sh-openvpn_current_multisocket_ipv4_tcp"
SHOULD_PASS_4a="yes"
CLIENT_EXEC_4a="${CLIENT_EXEC}"
CLIENT_CONF_4a="${CLIENT_CONF_BASE} --remote 127.0.0.1 1197 tcp"

TEST_NAME_4b="t_server_null_client.sh-openvpn_current_multisocket_ipv6_udp"
SHOULD_PASS_4b="yes"
CLIENT_EXEC_4b="${CLIENT_EXEC}"
CLIENT_CONF_4b="${CLIENT_CONF_BASE} --remote ::1 1197 udp"

TEST_NAME_4c="t_server_null_client.sh-openvpn_current_multisocket_ipv6_tcp_fail"
SHOULD_PASS_4c="no"
CLIENT_EXEC_4c="${CLIENT_EXEC}"
CLIENT_CONF_4c="${CLIENT_CONF_BASE} --remote ::1 1197 tcp"