3
# run OpenVPN client against ``test reference'' server
4
# - check that ping, http, ... via tunnel works
5
# - check that interface config / routes are properly cleaned after test end
8
# - openvpn binary in current directory
9
# - writable current directory to create subdir for logs
10
# - t_client.rc in current directory OR source dir that specifies tests
11
# - for "ping4" checks: fping binary in $PATH
12
# - for "ping6" checks: fping6 binary in $PATH
15
if [ -r ./t_client.rc ] ; then
17
elif [ -r "${srcdir}"/t_client.rc ] ; then
18
. "${srcdir}"/t_client.rc
20
echo "$0: cannot find 't_client.rc' in current directory or" >&2
21
echo "$0: source dir ('${srcdir}'). SKIPPING TEST." >&2
27
echo "no (executable) openvpn binary in current directory. FAIL." >&2
33
echo "current directory is not writable (required for logging). FAIL." >&2
37
if [ -z "$CA_CERT" ] ; then
38
echo "CA_CERT not defined in 't_client.rc'. SKIP test." >&2
42
if [ -z "$TEST_RUN_LIST" ] ; then
43
echo "TEST_RUN_LIST empty, no tests defined. SKIP test." >&2
47
# make sure we have permissions to run ifconfig/route from OpenVPN
48
# can't use "id -u" here - doesn't work on Solaris
50
if expr "$ID" : "uid=0" >/dev/null
53
echo "$0: this test must run be as root. SKIP." >&2
57
LOGDIR=t_client-`hostname`-`date +%Y%m%d-%H%M%S`
61
echo "can't create log directory '$LOGDIR'. FAIL." >&2
67
# ----------------------------------------------------------
69
# ----------------------------------------------------------
70
# print failure message, increase FAIL counter
75
fail_count=$(( $fail_count + 1 ))
78
# print "all interface IP addresses" + "all routes"
79
# this is higly system dependent...
82
# linux / iproute2? (-> if configure got a path)
83
if [ "/sbin/ip" != "ip" ]
85
echo "-- linux iproute2 --"
86
/sbin/ip addr show | grep -v valid_lft
88
/sbin/ip -6 route show | sed -e 's/expires [0-9]*sec //'
95
echo "-- linux / ifconfig --"
96
LANG=C /sbin/ifconfig -a |egrep "( addr:|encap:)"
97
LANG=C /bin/netstat -rn -4 -6
100
FreeBSD|NetBSD|Darwin)
101
echo "-- FreeBSD/NetBSD/Darwin [MacOS X] --"
102
/sbin/ifconfig -a | egrep "(flags=|inet)"
103
/bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }'
108
/sbin/ifconfig -a | egrep "(flags=|inet)" | \
109
sed -e 's/pltime [0-9]*//' -e 's/vltime [0-9]*//'
110
/bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }'
115
/sbin/ifconfig -a | egrep "(flags=|inet)"
116
/bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }'
121
echo "get_ifconfig_route(): no idea how to get info on your OS. FAIL." >&2
125
# ----------------------------------------------------------
127
# arg1: "4" or "6" -> for message
128
# arg2: IPv4/IPv6 address that must show up in out of "get_ifconfig_route"
134
if [ -z "$expect_list" ] ; then return ; fi
136
for expect in $expect_list
138
if get_ifconfig_route | fgrep "$expect" >/dev/null
141
fail "check_ifconfig(): expected IPv$proto address '$expect' not found in ifconfig output."
146
# ----------------------------------------------------------
148
# arg1: "4" or "6" -> fping/fing6
149
# arg2: "want_ok" or "want_fail" (expected ping result)
150
# arg3... -> fping arguments (host list)
153
proto=$1 ; want=$2 ; shift ; shift
156
# "no targets" is fine
157
if [ -z "$targetlist" ] ; then return ; fi
162
*) echo "internal error in run_ping_tests arg 1: '$proto'" >&2
167
want_ok) sizes_list="64 1440 3000" ;;
168
want_fail) sizes_list="64" ;;
171
for bytes in $sizes_list
173
echo "run IPv$proto ping tests ($want), $bytes byte packets..."
175
echo "$cmd -b $bytes -C 20 -p 250 -q $targetlist" >>$LOGDIR/$SUF:fping.out
176
$cmd -b $bytes -C 20 -p 250 -q $targetlist >>$LOGDIR/$SUF:fping.out 2>&1
178
# while OpenVPN is running, pings must succeed (want='want_ok')
179
# before OpenVPN is up, pings must NOT succeed (want='want_fail')
182
if [ $rc = 0 ] # all ping OK
184
if [ $want = "want_fail" ] # not what we want
186
fail "IPv$proto ping test succeeded, but needs to *fail*."
189
if [ $want = "want_ok" ] # not what we wanted
191
fail "IPv$proto ping test ($bytes bytes) failed, but should succeed."
197
# ----------------------------------------------------------
199
# ----------------------------------------------------------
200
for SUF in $TEST_RUN_LIST
202
echo -e "\n### test run $SUF ###\n"
205
echo "save pre-openvpn ifconfig + route"
206
get_ifconfig_route >$LOGDIR/$SUF:ifconfig_route_pre.txt
208
# get config variables
209
eval openvpn_conf=\"\$OPENVPN_CONF_$SUF\"
210
eval expect_ifconfig4=\"\$EXPECT_IFCONFIG4_$SUF\"
211
eval expect_ifconfig6=\"\$EXPECT_IFCONFIG6_$SUF\"
212
eval ping4_hosts=\"\$PING4_HOSTS_$SUF\"
213
eval ping6_hosts=\"\$PING6_HOSTS_$SUF\"
215
echo -e "\nrun pre-openvpn ping tests - targets must not be reachable..."
216
run_ping_tests 4 want_fail "$ping4_hosts"
217
run_ping_tests 6 want_fail "$ping6_hosts"
218
if [ "$fail_count" = 0 ] ; then
221
echo -e "FAIL: make sure that ping hosts are ONLY reachable via VPN, SKIP test $SUF".
226
echo " run ./openvpn $openvpn_conf"
227
./openvpn $openvpn_conf >$LOGDIR/$SUF:openvpn.log &
230
# make sure openvpn client is terminated in case shell exits
232
trap "kill $opid ; trap - 0 ; exit 1" 1 2 3 15
234
echo "wait for connection to establish..."
237
# test whether OpenVPN process is still there
241
echo -e "OpenVPN process has failed to start up, check log ($LOGDIR/$SUF:openvpn.log). FAIL.\ntail of logfile follows:\n..." >&2
242
tail $LOGDIR/$SUF:openvpn.log >&2
247
# compare whether anything changed in ifconfig/route setup?
248
echo "save ifconfig+route"
249
get_ifconfig_route >$LOGDIR/$SUF:ifconfig_route.txt
251
echo -n "compare pre-openvpn ifconfig+route with current values..."
252
if diff $LOGDIR/$SUF:ifconfig_route_pre.txt \
253
$LOGDIR/$SUF:ifconfig_route.txt >/dev/null
255
fail "no differences between ifconfig/route before OpenVPN start and now."
260
# expected ifconfig values in there?
261
check_ifconfig 4 "$expect_ifconfig4"
262
check_ifconfig 6 "$expect_ifconfig6"
264
run_ping_tests 4 want_ok "$ping4_hosts"
265
run_ping_tests 6 want_ok "$ping6_hosts"
266
echo -e "ping tests done.\n"
268
echo "stopping OpenVPN"
272
if [ $rc != 0 ] ; then
273
fail "OpenVPN return code $rc, expect 0"
276
echo -e "\nsave post-openvpn ifconfig + route..."
277
get_ifconfig_route >$LOGDIR/$SUF:ifconfig_route_post.txt
279
echo -n "compare pre- and post-openvpn ifconfig + route..."
280
if diff $LOGDIR/$SUF:ifconfig_route_pre.txt \
281
$LOGDIR/$SUF:ifconfig_route_post.txt >$LOGDIR/$SUF:ifconfig_route_diff.txt
285
cat $LOGDIR/$SUF:ifconfig_route_diff.txt >&2
286
fail "differences between pre- and post-ifconfig/route"
288
if [ "$fail_count" = 0 ] ; then
289
echo -e "test run $SUF: all tests OK.\n"
291
echo -e "test run $SUF: $fail_count test failures. FAIL.\n";
296
# remove trap handler