From 1e5ef2a7e11d5b3a4b87c34c60c414f894ccb2ce Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Wed, 15 Jun 2022 18:24:35 +0200 Subject: [PATCH] if_ovpn tests: extend multi_client test with an iroute test OpenVPN allows us to push routes for client networks with the 'iroute' directive. Test that this works as expected. Sponsored by: Rubicon Communications, LLC ("Netgate") --- tests/sys/net/if_ovpn/Makefile | 4 ++ tests/sys/net/if_ovpn/ccd/Makefile | 8 ++++ tests/sys/net/if_ovpn/ccd/Test-Client2 | 2 + tests/sys/net/if_ovpn/client2.crt | 32 ++++++++++++++++ tests/sys/net/if_ovpn/client2.key | 51 ++++++++++++++++++++++++++ tests/sys/net/if_ovpn/if_ovpn.sh | 14 ++++++- 6 files changed, 109 insertions(+), 2 deletions(-) create mode 100644 tests/sys/net/if_ovpn/ccd/Makefile create mode 100644 tests/sys/net/if_ovpn/ccd/Test-Client2 create mode 100644 tests/sys/net/if_ovpn/client2.crt create mode 100644 tests/sys/net/if_ovpn/client2.key diff --git a/tests/sys/net/if_ovpn/Makefile b/tests/sys/net/if_ovpn/Makefile index fa226d56d191..6c9d61965dfb 100644 --- a/tests/sys/net/if_ovpn/Makefile +++ b/tests/sys/net/if_ovpn/Makefile @@ -4,10 +4,14 @@ TESTSDIR= ${TESTSBASE}/sys/net/if_ovpn ATF_TESTS_SH+= if_ovpn +TESTS_SUBDIRS+= ccd + ${PACKAGE}FILES+= \ ca.crt \ client.crt \ client.key \ + client2.crt \ + client2.key \ dh.pem \ server.crt \ server.key \ diff --git a/tests/sys/net/if_ovpn/ccd/Makefile b/tests/sys/net/if_ovpn/ccd/Makefile new file mode 100644 index 000000000000..2d3fefa1f321 --- /dev/null +++ b/tests/sys/net/if_ovpn/ccd/Makefile @@ -0,0 +1,8 @@ +PACKAGE= tests + +TESTSDIR= ${TESTSBASE}/sys/net/if_ovpn/ccd + +${PACKAGE}FILES+= \ + Test-Client2 + +.include diff --git a/tests/sys/net/if_ovpn/ccd/Test-Client2 b/tests/sys/net/if_ovpn/ccd/Test-Client2 new file mode 100644 index 000000000000..b378ad0d4394 --- /dev/null +++ b/tests/sys/net/if_ovpn/ccd/Test-Client2 @@ -0,0 +1,2 @@ +iroute 203.0.113.0 255.255.255.0 +ifconfig-push 198.51.100.3 255.255.255.0 diff --git a/tests/sys/net/if_ovpn/client2.crt b/tests/sys/net/if_ovpn/client2.crt new file mode 100644 index 000000000000..83aec7eedaa0 --- /dev/null +++ b/tests/sys/net/if_ovpn/client2.crt @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFbTCCA1UCFC6I/36G1ZhmNxvabxL+BppMd38jMA0GCSqGSIb3DQEBCwUAMGYx +CzAJBgNVBAYTAktHMQswCQYDVQQIDAJOQTEQMA4GA1UEBwwHQklTSEtFSzEVMBMG +A1UECgwMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlk +b21haW4wIBcNMjIwNjE1MTIwNzQzWhgPMjEyMjA1MjIxMjA3NDNaMH4xCzAJBgNV +BAYTAktHMQswCQYDVQQIDAJOQTEQMA4GA1UEBwwHQklTSEtFSzEVMBMGA1UECgwM +T3BlblZQTi1URVNUMRUwEwYDVQQDDAxUZXN0LUNsaWVudDIxIjAgBgkqhkiG9w0B +CQEWE21lMkBteWhvc3QubXlkb21haW4wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDteW+ZsfahA+NJHgTycmGejCIw/jwbVpaFlwYLBe39OsDK44XUjVn1 +i8k4Vce9F1UcGeY9scyLZ797Ify5Sm59ejVkm2EriuA/jQeNpr8A0HxjcmEcn/G5 +5cM/zZYj7f9Bfj+XVgHG0zHVfD9PItwEUHKNp3hVr/86FwbnHKpcQK/QjYlDOFZB +wiIxDUSpaMLT7eFUqLOem1ZmnBd0qT3GPjBJsbpzzK+LZd9V0brvIc8XCnoUGs2V +wzsg8oRCpVpQsKUNrW3mid9lCJQvRAm6j0/14nZHm3sP5BroOTOzcLKiWuYMwizs +QkkEYP0G9ZtipbIhAdnDB4FgjF+9arH3IXw3UZxXNPguA2UasuqcCwiwyp2aPNAf +G0sIv3rvOGyTp0QfhrsQW0/xcJxfYlMONHft9kvuhC9ITKaH1ei8iQuFhm2QZCrO +f/jEf8d6nckpM3GAp/WIze49HZgdVfAIGV3+DcF2u/gwBjKsRe9W4KN5GxLQEx0x +gWLJN34O340N/Sy+NX82KP/kO/Zb3N1rKVmDIZx49ZJy1eN/Kt7pl0+AqifZzneu +pLl9nziwe0csUtCQbIJHZQQon6vwDQVR3VuGwMra/sayxZDY5IOwueEm62/cJhoQ +rxGknCM99WPhJau3S0gBV1nsH7M37AQxyHhC7q3ambdpEqzUDzf3XwIDAQABMA0G +CSqGSIb3DQEBCwUAA4ICAQBtV12w72Yflc0bIJ3IsnQ1om820Fx8/0Ndr9GD8vov +XXupazyuQmfRBpB0qcVR0tStxJrf8S19WRiLFM2UJexT4H8A3Rp788IESYo5JytV +kAvTtJ+LE74EIRXt9M3II5vFaGiFRyozN7Vdr8mUJO5sXNJaZPQkOsAta652J2JV +Qy5rOgAUEylUWZMVKkmSAdU4LGVgJC86XA9eQGtqtbXj09v3YW/EPsobCi0YbFYS +5WgGCunqw7zT4Ko8KP+horaV/bQWZKnKIb3e5xDh9Zkm48RBRU4pYZ0VoOSp1xAy +qzn/818NVPfhKWSXxLFBVWgsIzLO825vH5WEaQNgg+vfq2/AZcfl6UNGn5dufkAk +73t5dNq46H2Z6t02dfOQ7U4tduCUPbWmPXD/kjFqryQ4GXNR8TMKLf6GZRKD5nOt +KRfrkPL4tbsWL8WY9c5KQRC/vaLXETuuavDMVp0AFwTz846tB2njjyTc5jFcTgfY +X8PgUw/miJszbQd6Z9HTDTTH0osv+VNXE5MCYPWe3QaobBJGRjaPJyO5OA/SXZa+ ++9XCXyEBdVvckHpc4yHK9ATlCeiouDi45lzlnXpvuQz6VXwB8v4JKB/qqFlrzO2E +09yAyw3qPH43TBbgvJwtpD+g6k9VvE7ojHS4fl2epyQAm/orT6RLLHMHEkaYqRCU +2A== +-----END CERTIFICATE----- diff --git a/tests/sys/net/if_ovpn/client2.key b/tests/sys/net/if_ovpn/client2.key new file mode 100644 index 000000000000..7e5c6857de1c --- /dev/null +++ b/tests/sys/net/if_ovpn/client2.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEA7XlvmbH2oQPjSR4E8nJhnowiMP48G1aWhZcGCwXt/TrAyuOF +1I1Z9YvJOFXHvRdVHBnmPbHMi2e/eyH8uUpufXo1ZJthK4rgP40Hjaa/ANB8Y3Jh +HJ/xueXDP82WI+3/QX4/l1YBxtMx1Xw/TyLcBFByjad4Va//OhcG5xyqXECv0I2J +QzhWQcIiMQ1EqWjC0+3hVKiznptWZpwXdKk9xj4wSbG6c8yvi2XfVdG67yHPFwp6 +FBrNlcM7IPKEQqVaULClDa1t5onfZQiUL0QJuo9P9eJ2R5t7D+Qa6Dkzs3Cyolrm +DMIs7EJJBGD9BvWbYqWyIQHZwweBYIxfvWqx9yF8N1GcVzT4LgNlGrLqnAsIsMqd +mjzQHxtLCL967zhsk6dEH4a7EFtP8XCcX2JTDjR37fZL7oQvSEymh9XovIkLhYZt +kGQqzn/4xH/Hep3JKTNxgKf1iM3uPR2YHVXwCBld/g3Bdrv4MAYyrEXvVuCjeRsS +0BMdMYFiyTd+Dt+NDf0svjV/Nij/5Dv2W9zdaylZgyGcePWSctXjfyre6ZdPgKon +2c53rqS5fZ84sHtHLFLQkGyCR2UEKJ+r8A0FUd1bhsDK2v7GssWQ2OSDsLnhJutv +3CYaEK8RpJwjPfVj4SWrt0tIAVdZ7B+zN+wEMch4Qu6t2pm3aRKs1A83918CAwEA +AQKCAgAGjSMXCmHTb1gF3F4mkiE/Tn5i+6CM4IamiNQR2cgHBGftMPmwM3YX4BNd +CoDIJqyiadSAPzd1YRdXPkjKk9MYgxaV//NeUCZ/mlRrA/6g9x93XuBu+bqhdkU8 +rV9G/nncRK9cbXL/GTR2v0a/2CZZuB5w6f3X31MbNydpmNDaWq5/AmiXAibfCYwH +7mXGhq1ZS2a7/yt1ZLOtgQDkpwadQXnzjoOmTi9JmTXgGDkf/77G0/MqOtMRHqGy +9v3PGOC0+SqUhgRSJ9uR3fq4kxfxnaKHFghNUWzDs3dKkMlsWd+Tuw49q92xZuK8 +zDAu0PfIcOnJH1PynXJkR3scrqTaLuXQab2PeEZYZYABBsKuq+Vik9+MUUVjz8RT +VveYoBFYGGLZrCUC5/RUKzOcBWhHxQnRiODm2zrhun0Sfs7HDeii3r4yNwB0Hibi +rIbgMXnxSNp1bYRPp8rECgAEGGhQBJ90D7bZq1H4AU6dKYCnbgxYZopZN2/nsjZN +HGANyJkeDTUVc6VhP6vMQo1B4jSC9n4wykmInfN/+3k8Yd/IPzRJY1WWmjSgzEyv +s1dam+dSN5woq4bl7sbEVrlJaWv/8/Oa1/xypJl4DKLP8g4sTbsa6Ak3JW7BGXyi +V2PfzPMVBq7k4BHAqRJjNTShQfqq/Gsstje+X1bs7pBoQMAGgQKCAQEA/pZffQgp +Odg87PusKGvVbGsLfgEo1sJoM/b6+BZs3HgMSoWTl7k4ph+d9zFYG8NcUau3RLbV +5v5IytKN5WQVzNhUjAxvCZLTu/6m06rtUs2qOCi6GZK5IZaY7Qxho25xAN2VZdEt +bjae4qmaHl6t4anBuVqdMLhzPIQ6gQYXZNXFo3DxlPBCz/Chn6kkq8r2yMobmoov +ny9ai4Exm8JVnwzFv3NWr/iQB232w05Fr0NIWnok/z31q+FFQ8izJsX8rv0+s1zv +pS0kP9rs0GDBxfA034+vNPGM++i+o09igJmtqlV67fB4vHEq2BZm2EkgsPBqjIY+ +1MeNZvMH8/FBAwKCAQEA7srBPRQCHEigHkjKd9igTr/YGDQ0HVD1m2pE0SvuBHSB +dB1n1AH6HqRqMhYuxxXCH72wpej06fjKo/rqqhub4H3XlEgTBmSQfDBe42WDDGEN +T7XDKVNaa27i8s2ztUfCkumoNR6IbhcvQlCmhwZVW1NsNkk5bY/pA3Qs6vntMT5F +MILJIChPhIWkQpmdNvaJeVE0fIw2J1yXTZwX4TZUrf2MhystD1BAdyNQe8QxstJQ +3WG1GYFH25X8onQ1uCvhpe9xdJv9U1qY/D5V3gf63Dy/wsvm50LGf1/cVxkRthSu +s2tBCtiQImgmJsk2FpK3vAnzX0Ik9gcKd/8P6ENrdQKCAQAOx/JBUyD5n8lhxPbo +3eHlSo2/Qhf56A2evr8xejPV1Q55oSnBjFpyorFMMcw4yG3qu/qG/cqLf8YAKJte +byIo44J9IxerSaALcSyEa48d2J0CZ7LuWytufMziLm7Yy0e6UiMjZzKpDHjLFifB +jaOwz2dU+KLZukvOfqra5Nyk2RiBdcRA7nYiloj7uRlM9BrB66IQpec/6cLrCJQ1 +w+Guu1Ib3Hly/A54r/S8wCWhmFlyD1dojlNeKFUaK2PjY2lZS5DBXyr2vxk0r+RB +8OwvLtQTCseUXlXeJlQzLR+98a44jn/1opmP704af6p28j/4pey5ve2V8wQNrxyO +GDq7AoIBAEs+kpOXeW7GJ8ZDM6F+Hk2SQBqoYH+YYjw9yT+MMy0uNRiMp4nzsYf0 +UQ5FVSognhH4aPBurrYHUntHdqhxmLWtkb/E0lHiYHDxoQTQmPHOpy4l3UBpZoWR +5GuUC/ukiBhZDkrmuyDNp3OjDEZh5YWojOGyQylV/pu7AOhuJqKst4qou42phh0B +K5hc5WBLYVhcEUjpuaq/j2HCPPgXcal9yslQ/prjs9yWwSau1OY/RYHs5u8JgMYd +xgS+z6qgETODduHCwZmBY9GgJtiW9SJu9hIAxFq8/OVoJHtBiAYzEDWzJ0SupwRg +gx0XrDaCtujGzeyHYDQyVccoFTAgBn0CggEBAICbfBKaQyt9xTXazTIgDF+KED6u +E0AVCnAUHT7qkMa0y+LlcOAuCoZrr8yIYU7VjRxUKIuYyUSQ5SRPhL9P2HBhPNFe +yTVT5IC2Lrqh+UTiwacUA/USCUY4XmshXZS0eg8/ZEGpjHMa3gGEVhtVmM40zmLt +XJWrYAahYNCjMW2lVLPSr/m6UDoo1lDO9Xi1Usls2de1cMA+jVAMEO0F+k8PmZ3a +5/2fkGm1+gFevICOzvrzYVtLJaLGfUGVrxsPYC7t0T5o8AEduaGAcpwD/snTdJwg +zLyEZJ/G0v0DOyadQoBSKTdcgrI4XgyUkktFGLAlTND2tkbQdtsdNC6LR1k= +-----END RSA PRIVATE KEY----- diff --git a/tests/sys/net/if_ovpn/if_ovpn.sh b/tests/sys/net/if_ovpn/if_ovpn.sh index 280897031a6d..fcf05372d3b9 100644 --- a/tests/sys/net/if_ovpn/if_ovpn.sh +++ b/tests/sys/net/if_ovpn/if_ovpn.sh @@ -433,6 +433,8 @@ multi_client_body() jexec one ifconfig ${one}b 192.0.2.2/24 up vnet_mkjail two ${two}b jexec two ifconfig ${two}b 192.0.2.3/24 up + jexec two ifconfig lo0 127.0.0.1/8 up + jexec two ifconfig lo0 inet alias 203.0.113.1/24 # Sanity checks atf_check -s exit:0 -o ignore jexec one ping -c 1 192.0.2.1 @@ -450,6 +452,9 @@ multi_client_body() local 192.0.2.1 server 198.51.100.0 255.255.255.0 + + push \"route 203.0.113.0 255.255.255.0 198.51.100.1\" + ca $(atf_get_srcdir)/ca.crt cert $(atf_get_srcdir)/server.crt key $(atf_get_srcdir)/server.key @@ -462,6 +467,8 @@ multi_client_body() topology subnet keepalive 100 600 + + client-config-dir $(atf_get_srcdir)/ccd " ovpn_start one " dev tun0 @@ -489,8 +496,8 @@ multi_client_body() auth-user-pass $(atf_get_srcdir)/user.pass ca $(atf_get_srcdir)/ca.crt - cert $(atf_get_srcdir)/client.crt - key $(atf_get_srcdir)/client.key + cert $(atf_get_srcdir)/client2.crt + key $(atf_get_srcdir)/client2.key dh $(atf_get_srcdir)/dh.pem keepalive 100 600 @@ -505,6 +512,9 @@ multi_client_body() # Client-to-client communication atf_check -s exit:0 -o ignore jexec one ping -c 3 198.51.100.3 atf_check -s exit:0 -o ignore jexec two ping -c 3 198.51.100.2 + + # iroute test + atf_check -s exit:0 -o ignore jexec one ping -c 3 203.0.113.1 } multi_client_cleanup()