diff --git a/.travis.yml b/.travis.yml
index b66677a..78a1ca4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -16,6 +16,8 @@ before_install:
 install:
     - git clone https://github.com/docker-library/official-images.git official-images
 
+# Assist with ci test debugging:
+#   - DEBUG=1
 before_script:
     - image="kylemanna/openvpn"
     - docker build -t "$image" .
@@ -26,7 +28,6 @@ before_script:
 script:
     - official-images/test/run.sh "$image"
     - test/run.sh "$image"
-    - ./test-ci.sh
 
 after_script:
     - docker images
diff --git a/test-ci.sh b/test-ci.sh
deleted file mode 100755
index 12520e0..0000000
--- a/test-ci.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-set -x
-
-cd "$(dirname "$(readlink -f "$0")")/tests"
-let cnt=0
-
-for i in *.sh; do
-    cnt=$(($cnt + 1))
-    echo -e "\n>> Running test #$cnt \"$i\"\n"
-    ./${i}
-    retval=$?
-    if [ $retval != 0 ]; then
-        echo ">> FAILED test #$cnt \"$i\", exit code $retval"
-        exit $retval
-    fi
-done
-
-echo ">> All $cnt tests PASSED"
diff --git a/tests/client/wait-for-connect.sh b/test/client/wait-for-connect.sh
similarity index 95%
rename from tests/client/wait-for-connect.sh
rename to test/client/wait-for-connect.sh
index 5d127b3..43f09ac 100755
--- a/tests/client/wait-for-connect.sh
+++ b/test/client/wait-for-connect.sh
@@ -1,5 +1,8 @@
 #!/bin/bash
-set -ex
+set -e
+
+[ -n "${DEBUG+x}" ] && set -x
+
 OPENVPN_CONFIG=${1:-/client/config.ovpn}
 
 # Run in background, rely on bash for job management
diff --git a/test/config.sh b/test/config.sh
index 81f6ef4..1f7e82c 100644
--- a/test/config.sh
+++ b/test/config.sh
@@ -9,5 +9,8 @@ imageTests+=(
 	[openvpn]='
 		paranoid
         conf_options
+        basic
+        dual-proto
+        otp
 	'
 )
diff --git a/tests/basic.sh b/test/tests/basic/run.sh
similarity index 87%
rename from tests/basic.sh
rename to test/tests/basic/run.sh
index 40165db..9104968 100755
--- a/tests/basic.sh
+++ b/test/tests/basic/run.sh
@@ -1,8 +1,12 @@
 #!/bin/bash
-set -ex
+set -e
+
+[ -n "${DEBUG+x}" ] && set -x
+
 OVPN_DATA=basic-data
 CLIENT=travis-client
 IMG=kylemanna/openvpn
+CLIENT_DIR="$(readlink -f "$(dirname "$BASH_SOURCE")/../../client")"
 
 #
 # Create a docker container with the config data
@@ -18,7 +22,7 @@ docker run --volumes-from $OVPN_DATA --rm -it -e "EASYRSA_BATCH=1" -e "EASYRSA_R
 
 docker run --volumes-from $OVPN_DATA --rm -it $IMG easyrsa build-client-full $CLIENT nopass
 
-docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT | tee client/config.ovpn
+docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT | tee $CLIENT_DIR/config.ovpn
 
 docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_listclients | grep $CLIENT
 
@@ -34,14 +38,14 @@ docker run --name "ovpn-test" --volumes-from $OVPN_DATA --rm -p 1194:1194/udp --
 #    SERV_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}')
 #    test -n "$SERV_IP" && break
 #done
-#sed -ie s:SERV_IP:$SERV_IP:g client/config.ovpn
+#sed -ie s:SERV_IP:$SERV_IP:g config.ovpn
 
 #
 # Fire up a client in a container since openvpn is disallowed by Travis-CI, don't NAT
 # the host as it confuses itself:
 # "Incoming packet rejected from [AF_INET]172.17.42.1:1194[2], expected peer address: [AF_INET]10.240.118.86:1194"
 #
-docker run --rm --net=host --privileged --volume $PWD/client:/client $IMG /client/wait-for-connect.sh
+docker run --rm --net=host --privileged --volume $CLIENT_DIR:/client $IMG /client/wait-for-connect.sh
 
 #
 # Client either connected or timed out, kill server
diff --git a/tests/dual-proto.sh b/test/tests/dual-proto/run.sh
similarity index 88%
rename from tests/dual-proto.sh
rename to test/tests/dual-proto/run.sh
index 49dd7c1..46bbbbb 100755
--- a/tests/dual-proto.sh
+++ b/test/tests/dual-proto/run.sh
@@ -1,10 +1,13 @@
 #!/bin/bash
-set -ex
+set -e
+
+[ -n "${DEBUG+x}" ] && set -x
 
 OVPN_DATA=dual-data
 CLIENT_UDP=travis-client
 CLIENT_TCP=travis-client-tcp
 IMG=kylemanna/openvpn
+CLIENT_DIR="$(readlink -f "$(dirname "$BASH_SOURCE")/../../client")"
 
 #
 # Create a docker container with the config data
@@ -22,12 +25,12 @@ docker run --volumes-from $OVPN_DATA --rm -it -e "EASYRSA_BATCH=1" -e "EASYRSA_R
 
 # gen TCP client
 docker run --volumes-from $OVPN_DATA --rm -it $IMG easyrsa build-client-full $CLIENT_TCP nopass
-docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT_TCP | tee client/config-tcp.ovpn
+docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT_TCP | tee $CLIENT_DIR/config-tcp.ovpn
 
 # switch to UDP config and gen UDP client
 docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_genconfig -u udp://$SERV_IP
 docker run --volumes-from $OVPN_DATA --rm -it $IMG easyrsa build-client-full $CLIENT_UDP nopass
-docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT_UDP | tee client/config.ovpn
+docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT_UDP | tee $CLIENT_DIR/config.ovpn
 
 #Verify client configs
 docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_listclients | grep $CLIENT_TCP
@@ -48,8 +51,8 @@ docker run --name "ovpn-test-tcp" --volumes-from $OVPN_DATA --rm -p 443:1194/tcp
 # the host as it confuses itself:
 # "Incoming packet rejected from [AF_INET]172.17.42.1:1194[2], expected peer address: [AF_INET]10.240.118.86:1194"
 #
-docker run --rm --net=host --privileged --volume $PWD/client:/client $IMG /client/wait-for-connect.sh
-docker run --rm --net=host --privileged --volume $PWD/client:/client $IMG /client/wait-for-connect.sh "/client/config-tcp.ovpn"
+docker run --rm --net=host --privileged --volume $CLIENT_DIR:/client $IMG /client/wait-for-connect.sh
+docker run --rm --net=host --privileged --volume $CLIENT_DIR:/client $IMG /client/wait-for-connect.sh "/client/config-tcp.ovpn"
 
 #
 # Client either connected or timed out, kill server
diff --git a/tests/otp.sh b/test/tests/otp/run.sh
similarity index 78%
rename from tests/otp.sh
rename to test/tests/otp/run.sh
index 9b8a031..40c4077 100755
--- a/tests/otp.sh
+++ b/test/tests/otp/run.sh
@@ -1,9 +1,14 @@
 #!/bin/bash
-set -ex
+set -e
+
+[ -n "${DEBUG+x}" ] && set -x
+
 OVPN_DATA=basic-data-otp
 CLIENT=travis-client
 IMG=kylemanna/openvpn
 OTP_USER=otp
+CLIENT_DIR="$(readlink -f "$(dirname "$BASH_SOURCE")/../../client")"
+
 # Function to fail
 abort() { cat <<< "$@" 1>&2; exit 1; }
 
@@ -23,22 +28,22 @@ docker run --volumes-from $OVPN_DATA --rm -it -e "EASYRSA_BATCH=1" -e "EASYRSA_R
 docker run --volumes-from $OVPN_DATA --rm -it $IMG easyrsa build-client-full $CLIENT nopass
 
 # Generate OTP credentials for user named test, should return QR code for test user
-docker run --volumes-from $OVPN_DATA --rm -it $IMG ovpn_otp_user $OTP_USER | tee client/qrcode.txt
+docker run --volumes-from $OVPN_DATA --rm -it $IMG ovpn_otp_user $OTP_USER | tee $CLIENT_DIR/qrcode.txt
 # Ensure a chart link is printed in client OTP configuration
-grep 'https://www.google.com/chart' client/qrcode.txt || abort 'Link to chart not generated'
-grep 'Your new secret key is:' client/qrcode.txt || abort 'Secret key is missing'
+grep 'https://www.google.com/chart' $CLIENT_DIR/qrcode.txt || abort 'Link to chart not generated'
+grep 'Your new secret key is:' $CLIENT_DIR/qrcode.txt || abort 'Secret key is missing'
 # Extract an emergency code from textual output, grepping for line and trimming spaces
-OTP_TOKEN=$(grep -A1 'Your emergency scratch codes are' client/qrcode.txt | tail -1 | tr -d '[[:space:]]')
+OTP_TOKEN=$(grep -A1 'Your emergency scratch codes are' $CLIENT_DIR/qrcode.txt | tail -1 | tr -d '[[:space:]]')
 # Token should be present
 if [ -z $OTP_TOKEN ]; then
   abort "QR Emergency Code not detected"
 fi
 
 # Store authentication credentials in config file and tell openvpn to use them
-echo -e "$OTP_USER\n$OTP_TOKEN" > client/credentials.txt
+echo -e "$OTP_USER\n$OTP_TOKEN" > $CLIENT_DIR/credentials.txt
 
 # Override the auth-user-pass directive to use a credentials file
-docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT | sed 's/auth-user-pass/auth-user-pass \/client\/credentials.txt/' | tee client/config.ovpn
+docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT | sed 's/auth-user-pass/auth-user-pass \/client\/credentials.txt/' | tee $CLIENT_DIR/config.ovpn
 
 #
 # Fire up the server
@@ -52,14 +57,14 @@ docker run --name "ovpn-test" --volumes-from $OVPN_DATA --rm -p 1194:1194/udp --
 #    SERV_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}')
 #    test -n "$SERV_IP" && break
 #done
-#sed -ie s:SERV_IP:$SERV_IP:g client/config.ovpn
+#sed -ie s:SERV_IP:$SERV_IP:g $CLIENT_DIR/config.ovpn
 
 #
 # Fire up a client in a container since openvpn is disallowed by Travis-CI, don't NAT
 # the host as it confuses itself:
 # "Incoming packet rejected from [AF_INET]172.17.42.1:1194[2], expected peer address: [AF_INET]10.240.118.86:1194"
 #
-docker run --rm --net=host --privileged --volume $PWD/client:/client $IMG /client/wait-for-connect.sh
+docker run --rm --net=host --privileged --volume $CLIENT_DIR:/client $IMG /client/wait-for-connect.sh
 
 #
 # Client either connected or timed out, kill server