mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-08-05 16:54:27 +00:00
944f8b6aba
To increase code coverage, extend the ovpn selftests with the following
cases:
* connect UDP peers using a mix of IPv6 and IPv4 at the transport layer
* run full test with tunnel MTU equal to transport MTU (exercising
IP layer fragmentation)
* ping "LAN IP" served by VPN peer ("LAN behind a client" test case)
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
117 lines
2.9 KiB
Bash
Executable file
117 lines
2.9 KiB
Bash
Executable file
#!/bin/bash
|
|
# SPDX-License-Identifier: GPL-2.0
|
|
# Copyright (C) 2020-2025 OpenVPN, Inc.
|
|
#
|
|
# Author: Antonio Quartulli <antonio@openvpn.net>
|
|
|
|
#set -x
|
|
set -e
|
|
|
|
source ./common.sh
|
|
|
|
cleanup
|
|
|
|
modprobe -q ovpn || true
|
|
|
|
for p in $(seq 0 ${NUM_PEERS}); do
|
|
create_ns ${p}
|
|
done
|
|
|
|
for p in $(seq 0 ${NUM_PEERS}); do
|
|
setup_ns ${p} 5.5.5.$((${p} + 1))/24 ${MTU}
|
|
done
|
|
|
|
for p in $(seq 0 ${NUM_PEERS}); do
|
|
add_peer ${p}
|
|
done
|
|
|
|
for p in $(seq 1 ${NUM_PEERS}); do
|
|
ip netns exec peer0 ${OVPN_CLI} set_peer tun0 ${p} 60 120
|
|
ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} ${p} 60 120
|
|
done
|
|
|
|
sleep 1
|
|
|
|
for p in $(seq 1 ${NUM_PEERS}); do
|
|
ip netns exec peer0 ping -qfc 500 -w 3 5.5.5.$((${p} + 1))
|
|
ip netns exec peer0 ping -qfc 500 -s 3000 -w 3 5.5.5.$((${p} + 1))
|
|
done
|
|
|
|
# ping LAN behind client 1
|
|
ip netns exec peer0 ping -qfc 500 -w 3 ${LAN_IP}
|
|
|
|
if [ "$FLOAT" == "1" ]; then
|
|
# make clients float..
|
|
for p in $(seq 1 ${NUM_PEERS}); do
|
|
ip -n peer${p} addr del 10.10.${p}.2/24 dev veth${p}
|
|
ip -n peer${p} addr add 10.10.${p}.3/24 dev veth${p}
|
|
done
|
|
for p in $(seq 1 ${NUM_PEERS}); do
|
|
ip netns exec peer${p} ping -qfc 500 -w 3 5.5.5.1
|
|
done
|
|
fi
|
|
|
|
ip netns exec peer0 iperf3 -1 -s &
|
|
sleep 1
|
|
ip netns exec peer1 iperf3 -Z -t 3 -c 5.5.5.1
|
|
|
|
echo "Adding secondary key and then swap:"
|
|
for p in $(seq 1 ${NUM_PEERS}); do
|
|
ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 2 1 ${ALG} 0 data64.key
|
|
ip netns exec peer${p} ${OVPN_CLI} new_key tun${p} ${p} 2 1 ${ALG} 1 data64.key
|
|
ip netns exec peer${p} ${OVPN_CLI} swap_keys tun${p} ${p}
|
|
done
|
|
|
|
sleep 1
|
|
|
|
echo "Querying all peers:"
|
|
ip netns exec peer0 ${OVPN_CLI} get_peer tun0
|
|
ip netns exec peer1 ${OVPN_CLI} get_peer tun1
|
|
|
|
echo "Querying peer 1:"
|
|
ip netns exec peer0 ${OVPN_CLI} get_peer tun0 1
|
|
|
|
echo "Querying non-existent peer 10:"
|
|
ip netns exec peer0 ${OVPN_CLI} get_peer tun0 10 || true
|
|
|
|
echo "Deleting peer 1:"
|
|
ip netns exec peer0 ${OVPN_CLI} del_peer tun0 1
|
|
ip netns exec peer1 ${OVPN_CLI} del_peer tun1 1
|
|
|
|
echo "Querying keys:"
|
|
for p in $(seq 2 ${NUM_PEERS}); do
|
|
ip netns exec peer${p} ${OVPN_CLI} get_key tun${p} ${p} 1
|
|
ip netns exec peer${p} ${OVPN_CLI} get_key tun${p} ${p} 2
|
|
done
|
|
|
|
echo "Deleting peer while sending traffic:"
|
|
(ip netns exec peer2 ping -qf -w 4 5.5.5.1)&
|
|
sleep 2
|
|
ip netns exec peer0 ${OVPN_CLI} del_peer tun0 2
|
|
# following command fails in TCP mode
|
|
# (both ends get conn reset when one peer disconnects)
|
|
ip netns exec peer2 ${OVPN_CLI} del_peer tun2 2 || true
|
|
|
|
echo "Deleting keys:"
|
|
for p in $(seq 3 ${NUM_PEERS}); do
|
|
ip netns exec peer${p} ${OVPN_CLI} del_key tun${p} ${p} 1
|
|
ip netns exec peer${p} ${OVPN_CLI} del_key tun${p} ${p} 2
|
|
done
|
|
|
|
echo "Setting timeout to 3s MP:"
|
|
for p in $(seq 3 ${NUM_PEERS}); do
|
|
ip netns exec peer0 ${OVPN_CLI} set_peer tun0 ${p} 3 3 || true
|
|
ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} ${p} 0 0
|
|
done
|
|
# wait for peers to timeout
|
|
sleep 5
|
|
|
|
echo "Setting timeout to 3s P2P:"
|
|
for p in $(seq 3 ${NUM_PEERS}); do
|
|
ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} ${p} 3 3
|
|
done
|
|
sleep 5
|
|
|
|
cleanup
|
|
|
|
modprobe -r ovpn || true
|