| OLD | NEW |
|---|
| 1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | 1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
| 3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
| 4 | 4 |
| 5 import logging, re, time | 5 import logging, re, time |
| 6 from autotest_lib.client.common_lib import error | 6 from autotest_lib.client.common_lib import error |
| 7 | 7 |
| 8 class LinuxServer(object): | 8 class LinuxServer(object): |
| 9 """ | 9 """ |
| 10 Linux Server: A machine which hosts network services. | 10 Linux Server: A machine which hosts network services. |
| 11 | 11 |
| 12 """ | 12 """ |
| 13 | 13 |
| 14 def __init__(self, server, params): | 14 def __init__(self, server, wifi_ip): |
| 15 self.server = server # Server host. | 15 self.server = server # Server host. |
| 16 self.vpn_kind = None | 16 self.vpn_kind = None |
| 17 self.conf = {} | 17 self.wifi_ip = wifi_ip |
| 18 self.openvpn_config = {} |
| 18 | 19 |
| 19 def vpn_server_config(self, params): | 20 def vpn_server_config(self, params): |
| 20 """ Configure & launch the server side of the VPN. | 21 """ Configure & launch the server side of the VPN. |
| 21 | 22 |
| 22 Parameters, in 'params': | 23 Parameters, in 'params': |
| 23 | 24 |
| 24 kind : required | 25 kind : required |
| 25 | 26 |
| 26 The kind of VPN which should be configured and | 27 The kind of VPN which should be configured and |
| 27 launched. | 28 launched. |
| 28 | 29 |
| 29 Valid values: | 30 Valid values: |
| 30 | 31 |
| 31 openvpn | 32 openvpn |
| 33 l2tpipsec (StrongSwan PSK or certificates) |
| 32 | 34 |
| 33 config: required | 35 config: required |
| 34 | 36 |
| 35 The configuration information associated with | 37 The configuration information associated with |
| 36 the VPN server. | 38 the VPN server. |
| 37 | 39 |
| 38 This is a dict which contains key/value pairs | 40 This is a dict which contains key/value pairs |
| 39 representing the VPN's configuration. | 41 representing the VPN's configuration. |
| 40 | 42 |
| 41 The values stored in the 'config' param must all be | 43 The values stored in the 'config' param must all be |
| 42 supported by the specified VPN kind. | 44 supported by the specified VPN kind. |
| 43 """ | 45 """ |
| 44 self.vpn_server_kill({}) # Must be first. Relies on self.vpn_kind. | 46 self.vpn_server_kill({}) # Must be first. Relies on self.vpn_kind. |
| 45 | |
| 46 self.vpn_kind = params.get('kind', None) | 47 self.vpn_kind = params.get('kind', None) |
| 47 | 48 |
| 48 # Read configuration information & create server configuration file. | |
| 49 # | |
| 50 # As VPN kinds other than 'openvpn' are supported, and | |
| 51 # since 'self.conf' is cummulative, perhaps there should be | |
| 52 # a method which will clear 'self.conf'; different types of | |
| 53 # VPN will likely not have the same configuration | |
| 54 # parameters. This is only really needed if a test is | |
| 55 # written to switch between two differents kinds of VPN. | |
| 56 for k, v in params.get('config', {}).iteritems(): | |
| 57 self.conf[k] = v | |
| 58 self.server.run("cat <<EOF >%s\n%s\nEOF\n" % | |
| 59 ('/tmp/vpn-server.conf', '\n'.join( | |
| 60 "%s %s" % kv for kv in self.conf.iteritems()))) | |
| 61 | |
| 62 # Launch specified VPN server. | 49 # Launch specified VPN server. |
| 63 if self.vpn_kind is None: | 50 if self.vpn_kind is None: |
| 64 raise error.TestFail('No VPN kind specified for this test.'); | 51 raise error.TestFail('No VPN kind specified for this test.') |
| 65 elif self.vpn_kind == 'openvpn': | 52 elif self.vpn_kind == 'openvpn': |
| 66 self.server.run("/usr/sbin/openvpn --config /tmp/vpn-server.conf &") | 53 # Read config information & create server configuration file. |
| 54 for k, v in params.get('config', {}).iteritems(): |
| 55 self.openvpn_config[k] = v |
| 56 self.server.run("cat <<EOF >/tmp/vpn-server.conf\n%s\nEOF\n" % |
| 57 ('\n'.join( "%s %s" % kv for kv in |
| 58 self.openvpn_config.iteritems()))) |
| 59 self.server.run("/usr/sbin/openvpn " |
| 60 "--config /tmp/vpn-server.conf &") |
| 61 elif self.vpn_kind == 'l2tpipsec': |
| 62 |
| 63 configs = { "/etc/ipsec.conf" : |
| 64 "config setup\n" |
| 65 " charonstart=no\n" |
| 66 " plutostart=yes\n" |
| 67 " plutodebug=%(@plutodebug@)s\n" |
| 68 "conn L2TP\n" |
| 69 " keyexchange=ikev1\n" |
| 70 " authby=psk\n" |
| 71 " pfs=no\n" |
| 72 " rekey=no\n" |
| 73 " left=%(@local-listen-ip@)s\n" |
| 74 " leftprotoport=17/1701\n" |
| 75 " right=%%any\n" |
| 76 " rightprotoport=17/%%any\n" |
| 77 " auto=add\n", |
| 78 |
| 79 "/etc/ipsec.secrets" : |
| 80 "%(@ipsec-secrets@)s %%any : PSK \"password\"", |
| 81 |
| 82 "/etc/xl2tpd/xl2tpd.conf" : |
| 83 "[global]\n" |
| 84 "\n" |
| 85 "[lns default]\n" |
| 86 " ip range = 192.168.1.128-192.168.1.254\n" |
| 87 " local ip = 192.168.1.99\n" |
| 88 " require chap = yes\n" |
| 89 " refuse pap = yes\n" |
| 90 " require authentication = yes\n" |
| 91 " name = LinuxVPNserver\n" |
| 92 " ppp debug = yes\n" |
| 93 " pppoptfile = /etc/ppp/options.xl2tpd\n" |
| 94 " length bit = yes\n", |
| 95 |
| 96 "/etc/xl2tpd/l2tp-secrets" : |
| 97 "* them l2tp-secret", |
| 98 |
| 99 "/etc/ppp/chap-secrets" : |
| 100 "chapuser * chapsecret *", |
| 101 |
| 102 "/etc/ppp/options.xl2tpd" : |
| 103 "ipcp-accept-local\n" |
| 104 "ipcp-accept-remote\n" |
| 105 "noccp\n" |
| 106 "auth\n" |
| 107 "crtscts\n" |
| 108 "idle 1800\n" |
| 109 "mtu 1410\n" |
| 110 "mru 1410\n" |
| 111 "nodefaultroute\n" |
| 112 "debug\n" |
| 113 "lock\n" |
| 114 "proxyarp\n" |
| 115 "connect-delay 5000\n" |
| 116 } |
| 117 |
| 118 replacements = params.get("replacements", {}) |
| 119 # These two replacements must match up to the same |
| 120 # adapter, or a connection will not be established. |
| 121 replacements["@local-listen-ip@"] = "%defaultroute" |
| 122 replacements["@ipsec-secrets@"] = self.server.ip |
| 123 |
| 124 for cfg, template in configs.iteritems(): |
| 125 contents = template % (replacements) |
| 126 self.server.run("cat <<EOF >%s\n%s\nEOF\n" % (cfg, contents)) |
| 127 |
| 128 self.server.run("/usr/sbin/ipsec start") |
| 129 |
| 130 # Restart xl2tpd to ensure use of newly-created config files. |
| 131 self.server.run("sh /etc/init.d/xl2tpd restart") |
| 67 else: | 132 else: |
| 68 raise error.TestFail('(internal error): No config case ' | 133 raise error.TestFail('(internal error): No config case ' |
| 69 'for VPN kind (%s)' % self.vpn_kind) | 134 'for VPN kind (%s)' % self.vpn_kind) |
| 70 | 135 |
| 71 def vpn_server_kill(self, params): | 136 def vpn_server_kill(self, params): |
| 72 """ Kill the VPN server. """ | 137 """ Kill the VPN server. """ |
| 73 if self.vpn_kind is not None: | 138 if self.vpn_kind is not None: |
| 74 if self.vpn_kind == 'openvpn': | 139 if self.vpn_kind == 'openvpn': |
| 75 self.server.run("pkill /usr/sbin/openvpn") | 140 self.server.run("pkill /usr/sbin/openvpn") |
| 141 elif self.vpn_kind == 'l2tpipsec': |
| 142 self.server.run("/usr/sbin/ipsec stop") |
| 76 else: | 143 else: |
| 77 raise error.TestFail('(internal error): No kill case ' | 144 raise error.TestFail('(internal error): No kill case ' |
| 78 'for VPN kind (%s)' % self.vpn_kind) | 145 'for VPN kind (%s)' % self.vpn_kind) |
| 79 self.vpn_kind = None; | 146 self.vpn_kind = None |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6765030:
Add automated StrongSwan test (Closed)
Base URL: ssh://gitrw.chromium.org:9222/autotest.git@master