server/site_tests/network_VPN/050StrongSwanGenesis - Issue 6765030: Add automated StrongSwan test

Side by Side Diff: server/site_tests/network_VPN/050StrongSwanGenesis

Issue 6765030: Add automated StrongSwan test (Closed) Base URL: ssh://gitrw.chromium.org:9222/autotest.git@master

Patch Set: Created 9 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.

	2 # Use of this source code is governed by a BSD-style license that can be

	3 # found in the LICENSE file.

	4 #

	5 # An example of how to set up a VPN from the Client (DUT), through the

	6 # Router to to the Server.
	Sam Leffler 2011/03/31 17:11:27 mention StrongSwan somewhere in here? mention StrongSwan somewhere in here?
	7 #

	8

	9 { "name" : "VPNStrongSwanGenesis",

	10 "steps":[

	11 ### Create WiFi connection from Client to Router.
	Sam Leffler 2011/03/31 17:11:27 don't think any of the other tests use '###'; not don't think any of the other tests use '###'; not a big deal but prefer consistency
	12 [ "create", { "type" : "hostap" } ],

	13 [ "config", { "channel" : "2412", "mode" : "11b" } ],

	14 [ "connect", { "security" : "none" } ],

	15

	16 ### Declare the templates for the configuration files which are

	17 ### going to be used. Text of the form '@fnord@' can be replaced

	18 ### at write-out time by putting it into the 'replacements'

	19 ### parameter of the 'vpn_server_config' step.

	20 ###

	21 ### The text '@ipsecrets-ip@' is automtically replaced with the

	22 ### correct server IP for the current test configuration, and

	23 ### should not be replaced through this list of steps.

	24 [ "vpn_strongswan_config_templates", {
	Sam Leffler 2011/03/31 17:11:27 style nit; not sure you're using 4-space indent he style nit; not sure you're using 4-space indent here like everywhere else? thutt 2011/04/05 21:38:21 I've removed this step altogether (unrelated to th Show quoted text On 2011/03/31 17:11:27, Sam Leffler wrote: > style nit; not sure you're using 4-space indent here like everywhere else? I've removed this step altogether (unrelated to the indentation). Any other locations not up-to-snuff?
	25 "/etc/ipsec.conf" :

	26 "config setup\n"

	27 " charonstart=no\n"

	28 " plutostart=yes\n"

	29 " plutodebug=@plutodebug@\n"

	30 "conn L2TP\n"

	31 " keyexchange=ikev1\n"

	32 " authby=psk\n"

	33 " pfs=no\n"

	34 " rekey=no\n"

	35 " left=%defaultroute\n"

	36 " leftprotoport=17/1701\n"

	37 " right=%any\n"

	38 " rightprotoport=17/%any\n"

	39 " auto=add\n",

	40

	41 "/etc/ipsec.secrets" :

	42 "@ipsecrets-ip@ %any : PSK \"password\"",

	43

	44 "/etc/xl2tpd/xl2tpd.conf" :

	45 "[global]\n"

	46 "\n"

	47 "[lns default]\n"

	48 " ip range = 192.168.1.128-192.168.1.254\n"
	Sam Leffler 2011/03/31 17:11:27 can this be automatically filled in? can this be automatically filled in? thutt 2011/04/05 21:38:21 Yes, it can. I don't have it set up for being fil Show quoted text On 2011/03/31 17:11:27, Sam Leffler wrote: > can this be automatically filled in? Yes, it can. I don't have it set up for being filled in because I was just handed a set of 6 config files, and I don't know which knobs are likely to be tuned. It's a simple matter of textual replacement with the new implementation.
	49 " local ip = 192.168.1.99\n"

	50 " require chap = yes\n"

	51 " refuse pap = yes\n"

	52 " require authentication = yes\n"

	53 " name = LinuxVPNserver\n"

	54 " ppp debug = yes\n"

	55 " pppoptfile = /etc/ppp/options.xl2tpd\n"

	56 " length bit = yes\n",

	57

	58 "/etc/xl2tpd/xl2tp-secrets" :

	59 "* them l2tp-secret",

	60

	61 "/etc/xl2tpd/l2tp-secrets" :

	62 "* them l2tp-secret",

	63

	64 "/etc/ppp/chap-secrets" :

	65 "chapuser * chapsecret *",

	66

	67 "/etc/ppp/options.xl2tpd" :

	68 "ipcp-accept-local\n"

	69 "ipcp-accept-remote\n"

	70 "ms-dns 192.168.1.1\n"

	71 "ms-dns 192.168.1.3\n"

	72 "ms-wins 192.168.1.2\n"

	73 "ms-wins 192.168.1.4\n"

	74 "noccp\n"

	75 "auth\n"

	76 "crtscts\n"

	77 "idle 1800\n"

	78 "mtu 1410\n"

	79 "mru 1410\n"

	80 "nodefaultroute\n"

	81 "debug\n"

	82 "lock\n"

	83 "proxyarp\n"

	84 "connect-delay 5000\n"
	Sam Leffler 2011/03/31 17:11:27 much of the above is magic to me; please add comme much of the above is magic to me; please add comments thutt 2011/04/05 21:38:21 I agree, it's entirely magic. I'd like to defer t Show quoted text On 2011/03/31 17:11:27, Sam Leffler wrote: > much of the above is magic to me; please add comments I agree, it's entirely magic. I'd like to defer to Ken to provide comments on what this all means. I can provide a link to the StrongSwan documentation, but it's incomplete, so it won't really be much help.
	85 }],

	86

	87 ### Configure and launch the VPN server.

	88 ### Automatically kills any previously running server.

	89 ###

	90 [ "vpn_server_config", {

	91 "kind" : "l2tpipsec",
	Sam Leffler 2011/03/31 17:11:27 indent indent thutt 2011/04/05 21:38:21 Addressed. Show quoted text On 2011/03/31 17:11:27, Sam Leffler wrote: > indent Addressed.
	92 "replacements" : {

	93 # @ipsecrets-ip@ should not be replaced here.
	Sam Leffler 2011/03/31 17:11:27 don't understand this; did you mean "should not be don't understand this; did you mean "should not be used here"? thutt 2011/04/05 21:38:21 Yes; the @ipsecrets-ip@ is replaced with a runtime Show quoted text On 2011/03/31 17:11:27, Sam Leffler wrote: > don't understand this; did you mean "should not be used here"? Yes; the @ipsecrets-ip@ is replaced with a runtime IP. So, you shouldn't provide an IP in the control file.
	94 # Instead, it is automatically replaced in

	95 # 'site_linux_server.py' with the appropriate

	96 # server IP address.

	97 "@plutodebug@" : "all"

	98 }}],
	Sam Leffler 2011/03/31 17:11:27 add \n? also is vpn_server_config synchronous? are add \n? also is vpn_server_config synchronous? are there startup races? thutt 2011/04/05 21:38:21 I did nothing to make it synchronous or asynchrono Show quoted text On 2011/03/31 17:11:27, Sam Leffler wrote: > add \n? also is vpn_server_config synchronous? are there startup races? I did nothing to make it synchronous or asynchronous. I'm assuming that it is synchronous. I don't understand the '\n' comment.
	99 ### Launch the VPN Client.

	100 [ "vpn_client_config", { "kind" : "l2tpipsec-psk" }],

	101

	102 ### Verify the client is connected to the server

	103 [ "client_ping", { "ping_ip" : "192.168.1.99", # In xl2tpd.conf.
	Sam Leffler 2011/03/31 17:11:27 seems like you can factor out this fixed ip as we seems like you can factor out this fixed ip as we do for client/server ping's etc thutt 2011/04/05 21:38:21 How? How will the code be able to differentiate b Show quoted text On 2011/03/31 17:11:27, Sam Leffler wrote: > seems like you can factor out this fixed ip as we do for client/server ping's > etc How? How will the code be able to differentiate between the default ping (without the IP provided) and a ping of a StrongSwan IP (192.168.1.99) and a ping of an OpenVPN IP (10.8.0.1)? I suppose it might be able to use the 'vpn_kind' field, but perhaps you had something else in mind?
	104 "count" : "10" } ],

	105

	106 [ "vpn_server_kill" ], # Shut down the VPN Server.

	107 [ "vpn_client_kill" ], # Shut down the VPN Client.

	108 [ "disconnect" ], # Disconnect WiFi setup

	109 ],

	110 }

OLD	NEW

« server/site_tests/network_VPN/000VPNGenesis ('K') | « server/site_tests/network_VPN/000VPNGenesis ('k') | server/site_wifitest.py » ('j') | server/site_wifitest.py » ('J')