container-openvpn/test/tests/client/container.sh

#!/bin/bash

SERV_IP=$(ip -4 -o addr show scope global  | awk '{print $4}' | sed -e 's:/.*::' | head -n1)
SERVER_CONF="/etc/openvpn/openvpn.conf"
TEST1_OVPN="/etc/openvpn/test1.ovpn"

# Function to fail
abort() { cat <<< "$@" 1>&2; exit 1; }

# Check a config (haystack) for a given line (needle) exit with error if not
# found.
test_config() {

    local needle="${2}"
    local file="${1}"

    busybox grep -q "${needle}" "${file}"
    if [ $? -ne 0 ]; then
        abort "==> Config match not found: ${needle}"
    fi
}

# Check a config (haystack) for absence of given line (needle) exit with error
# if found.
test_not_config() {

    local needle="${2}"
    local file="${1}"

    busybox grep -vq "${needle}" "${file}"
    if [ $? -ne 0 ]; then
        abort "==> Config match found: ${needle}"
    fi
}


#
# Generate openvpn.config file
#

ovpn_genconfig \
    -u udp://$SERV_IP \
    -m 1337 \


EASYRSA_BATCH=1 EASYRSA_REQ_CN="Travis-CI Test CA" ovpn_initpki nopass

easyrsa build-client-full test1 nopass 2>/dev/null

ovpn_getclient test1 > "${TEST1_OVPN}"


#
# Simple test cases
#

# 1. client MTU
test_config "${TEST1_OVPN}" "^tun-mtu\s\+1337"


#
# Test udp client with tcp fallback
#
ovpn_genconfig -u udp://$SERV_IP -E "remote $SERV_IP 443 tcp" -E "remote vpn.example.com 443 tcp"
# nopass is insecure
EASYRSA_BATCH=1 EASYRSA_REQ_CN="Travis-CI Test CA" ovpn_initpki nopass
easyrsa build-client-full client-fallback nopass
ovpn_getclient client-fallback > "${TEST1_OVPN}"

test_config "${TEST1_OVPN}" "^remote\s\+$SERV_IP\s\+443\s\+tcp"
test_config "${TEST1_OVPN}" "^remote\s\+vpn.example.com\s\+443\s\+tcp"


#
# Test non-defroute config
#
ovpn_genconfig -d -u udp://$SERV_IP -r "172.33.33.0/24" -r "172.34.34.0/24"
# nopass is insecure
EASYRSA_BATCH=1 EASYRSA_REQ_CN="Travis-CI Test CA" ovpn_initpki nopass
easyrsa build-client-full non-defroute nopass
ovpn_getclient non-defroute > "${TEST1_OVPN}"

# The '!' inverts the match to test that the string isn't present
test_not_config "${TEST1_OVPN}" "^redirect-gateway\s\+def1"
tests: client: Add client config test suite * Test the client configuration to detect breakages 2017-05-13 14:39:53 +00:00			`#!/bin/bash`

tests: Clean-up client + conf_options Clean-up the mess that was here. It's less error prone, shorter and easier to read. 2017-05-13 17:52:47 +00:00			`SERV_IP=$(ip -4 -o addr show scope global \| awk '{print $4}' \| sed -e 's:/.*::' \| head -n1)`
			`SERVER_CONF="/etc/openvpn/openvpn.conf"`
			`TEST1_OVPN="/etc/openvpn/test1.ovpn"`

tests: client: Add client config test suite * Test the client configuration to detect breakages 2017-05-13 14:39:53 +00:00			`# Function to fail`
			`abort() { cat <<< "$@" 1>&2; exit 1; }`

tests: Clean-up client + conf_options Clean-up the mess that was here. It's less error prone, shorter and easier to read. 2017-05-13 17:52:47 +00:00			`# Check a config (haystack) for a given line (needle) exit with error if not`
			`# found.`
			`test_config() {`

			`local needle="${2}"`
			`local file="${1}"`

			`busybox grep -q "${needle}" "${file}"`
			`if [ $? -ne 0 ]; then`
			`abort "==> Config match not found: ${needle}"`
			`fi`
			`}`

			`# Check a config (haystack) for absence of given line (needle) exit with error`
			`# if found.`
			`test_not_config() {`

			`local needle="${2}"`
			`local file="${1}"`

			`busybox grep -vq "${needle}" "${file}"`
			`if [ $? -ne 0 ]; then`
			`abort "==> Config match found: ${needle}"`
			`fi`
			`}`

tests: client: Add client config test suite * Test the client configuration to detect breakages 2017-05-13 14:39:53 +00:00
			`#`
			`# Generate openvpn.config file`
			`#`

			`ovpn_genconfig \`
			`-u udp://$SERV_IP \`
			`-m 1337 \`


			`EASYRSA_BATCH=1 EASYRSA_REQ_CN="Travis-CI Test CA" ovpn_initpki nopass`

			`easyrsa build-client-full test1 nopass 2>/dev/null`

			`ovpn_getclient test1 > "${TEST1_OVPN}"`


tests: Clean-up client + conf_options Clean-up the mess that was here. It's less error prone, shorter and easier to read. 2017-05-13 17:52:47 +00:00			`#`
			`# Simple test cases`
			`#`

			`# 1. client MTU`
			`test_config "${TEST1_OVPN}" "^tun-mtu\s\+1337"`


			`#`
			`# Test udp client with tcp fallback`
			`#`
			`ovpn_genconfig -u udp://$SERV_IP -E "remote $SERV_IP 443 tcp" -E "remote vpn.example.com 443 tcp"`
			`# nopass is insecure`
			`EASYRSA_BATCH=1 EASYRSA_REQ_CN="Travis-CI Test CA" ovpn_initpki nopass`
			`easyrsa build-client-full client-fallback nopass`
			`ovpn_getclient client-fallback > "${TEST1_OVPN}"`

			`test_config "${TEST1_OVPN}" "^remote\s\+$SERV_IP\s\+443\s\+tcp"`
			`test_config "${TEST1_OVPN}" "^remote\s\+vpn.example.com\s\+443\s\+tcp"`
tests: client: Add client config test suite * Test the client configuration to detect breakages 2017-05-13 14:39:53 +00:00

			`#`
tests: Clean-up client + conf_options Clean-up the mess that was here. It's less error prone, shorter and easier to read. 2017-05-13 17:52:47 +00:00			`# Test non-defroute config`
tests: client: Add client config test suite * Test the client configuration to detect breakages 2017-05-13 14:39:53 +00:00			`#`
tests: Clean-up client + conf_options Clean-up the mess that was here. It's less error prone, shorter and easier to read. 2017-05-13 17:52:47 +00:00			`ovpn_genconfig -d -u udp://$SERV_IP -r "172.33.33.0/24" -r "172.34.34.0/24"`
			`# nopass is insecure`
			`EASYRSA_BATCH=1 EASYRSA_REQ_CN="Travis-CI Test CA" ovpn_initpki nopass`
			`easyrsa build-client-full non-defroute nopass`
			`ovpn_getclient non-defroute > "${TEST1_OVPN}"`
tests: client: Add client config test suite * Test the client configuration to detect breakages 2017-05-13 14:39:53 +00:00
tests: Clean-up client + conf_options Clean-up the mess that was here. It's less error prone, shorter and easier to read. 2017-05-13 17:52:47 +00:00			`# The '!' inverts the match to test that the string isn't present`
			`test_not_config "${TEST1_OVPN}" "^redirect-gateway\s\+def1"`