diff --git a/.travis.yml b/.travis.yml index 291f822..0c512c9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,21 @@ +# Disallowing packages: openvpn +# If you require these packages, please review the package approval process at: https://github.com/travis-ci/apt-package-whitelist#package-approval-process +#addons: +# apt: +# sources: +# - ubuntu-toolchain-r-test +# packages: +# - openvpn + services: - docker before_install: - docker --version - docker build -t kylemanna/openvpn . - - docker run kylemanna/openvpn sh -c "dpkg -l openvpn openssl" + - docker inspect kylemanna/openvpn + - docker run kylemanna/openvpn openvpn --version || true # why does it returns 1? + - docker run kylemanna/openvpn openssl version script: - - for i in tests/*.sh; do "./$i"; done + - pushd tests && for i in *.sh; do "./$i"; done && popd diff --git a/tests/basic.sh b/tests/basic.sh index a9520cd..df2e1e1 100755 --- a/tests/basic.sh +++ b/tests/basic.sh @@ -2,16 +2,60 @@ set -ex OVPN_DATA=basic-data CLIENT=travis-client +IMG=kylemanna/openvpn +# +# Create a docker container with the config data +# docker run --name $OVPN_DATA -v /etc/openvpn busybox -docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -u udp://travis-ci +ip addr ls +SERV_IP=$(ip -4 -o addr show scope global | awk '{print $4}' | sed -e 's:/.*::' | head -n1) +docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_genconfig -u udp://$SERV_IP # nopass is insecure -docker run --volumes-from $OVPN_DATA --rm -it -e "EASYRSA_BATCH=1" -e "EASYRSA_REQ_CN=Travis-CI Test CA" kylemanna/openvpn ovpn_initpki nopass +docker run --volumes-from $OVPN_DATA --rm -it -e "EASYRSA_BATCH=1" -e "EASYRSA_REQ_CN=Travis-CI Test CA" $IMG ovpn_initpki nopass -docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn easyrsa build-client-full $CLIENT nopass +docker run --volumes-from $OVPN_DATA --rm -it $IMG easyrsa build-client-full $CLIENT nopass -docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_getclient $CLIENT +docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT | tee client/config.ovpn +# +# Fire up the server +# +sudo iptables -N DOCKER +sudo iptables -I FORWARD -j DOCKER +# run in shell bg to get logs +docker run --name "ovpn-test" --volumes-from $OVPN_DATA --rm -p 1194:1194/udp --privileged $IMG & +#for i in $(seq 10); do +# SERV_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}') +# test -n "$SERV_IP" && break +#done +#sed -ie s:SERV_IP:$SERV_IP:g client/config.ovpn + +# +# Fire up a client in a container since openvpn is disallowed by Travis-CI, don't NAT +# the host as it confuses itself: +# "Incoming packet rejected from [AF_INET]172.17.42.1:1194[2], expected peer address: [AF_INET]10.240.118.86:1194" +# +docker run --rm --net=host --privileged --volume $PWD/client:/client $IMG /client/wait-for-connect.sh + +# +# Client either connected or timed out, kill server +# +kill %1 + +# +# Celebrate +# +cat < + ----------- + \ ^__^ + \ (oo)\_______ + (__)\ )\/\\ + ||----w | + || || +EOF diff --git a/tests/client/wait-for-connect.sh b/tests/client/wait-for-connect.sh new file mode 100755 index 0000000..5d127b3 --- /dev/null +++ b/tests/client/wait-for-connect.sh @@ -0,0 +1,35 @@ +#!/bin/bash +set -ex +OPENVPN_CONFIG=${1:-/client/config.ovpn} + +# Run in background, rely on bash for job management +openvpn --config "$OPENVPN_CONFIG" --management 127.0.0.1 9999 & + +# Spin waiting for interface to exist signifying connection +timeout=10 +for i in $(seq $timeout); do + + # Break when connected + #echo state | busybox nc 127.0.0.1 9999 | grep -q "CONNECTED,SUCCESS" && break; + + # Bash magic for tcp sockets + if exec 3<>/dev/tcp/127.0.0.1/9999; then + # Consume all header input + while read -t 0.1 <&3; do true; done + echo "state" >&3 + read -t 1 <&3 + echo -n $REPLY | grep -q "CONNECTED,SUCCESS" && break || true + exec 3>&- + fi + + # Else sleep + sleep 1 +done + +if [ $i -ge $timeout ]; then + echo "Error starting OpenVPN, i=$i, exiting." + exit 2; +fi + +# The show is over. +kill %1