OLD | NEW |
1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | 1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
4 | 4 |
5 import logging, re, time | 5 import logging, re, time |
6 from autotest_lib.client.common_lib import error | 6 from autotest_lib.client.common_lib import error |
7 | 7 |
8 class LinuxServer(object): | 8 class LinuxServer(object): |
9 """ | 9 """ |
10 Linux Server: A machine which hosts network services. | 10 Linux Server: A machine which hosts network services. |
11 | 11 |
12 """ | 12 """ |
13 | 13 |
14 def __init__(self, server, params): | 14 def __init__(self, server, wifi_ip): |
15 self.server = server # Server host. | 15 self.server = server # Server host. |
16 self.vpn_kind = None | 16 self.vpn_kind = None |
17 self.conf = {} | 17 self.wifi_ip = wifi_ip |
| 18 self.openvpn_config = {} |
18 | 19 |
19 def vpn_server_config(self, params): | 20 def vpn_server_config(self, params): |
20 """ Configure & launch the server side of the VPN. | 21 """ Configure & launch the server side of the VPN. |
21 | 22 |
22 Parameters, in 'params': | 23 Parameters, in 'params': |
23 | 24 |
24 kind : required | 25 kind : required |
25 | 26 |
26 The kind of VPN which should be configured and | 27 The kind of VPN which should be configured and |
27 launched. | 28 launched. |
28 | 29 |
29 Valid values: | 30 Valid values: |
30 | 31 |
31 openvpn | 32 openvpn |
| 33 l2tpipsec (StrongSwan PSK or certificates) |
32 | 34 |
33 config: required | 35 config: required |
34 | 36 |
35 The configuration information associated with | 37 The configuration information associated with |
36 the VPN server. | 38 the VPN server. |
37 | 39 |
38 This is a dict which contains key/value pairs | 40 This is a dict which contains key/value pairs |
39 representing the VPN's configuration. | 41 representing the VPN's configuration. |
40 | 42 |
41 The values stored in the 'config' param must all be | 43 The values stored in the 'config' param must all be |
42 supported by the specified VPN kind. | 44 supported by the specified VPN kind. |
43 """ | 45 """ |
44 self.vpn_server_kill({}) # Must be first. Relies on self.vpn_kind. | 46 self.vpn_server_kill({}) # Must be first. Relies on self.vpn_kind. |
45 | |
46 self.vpn_kind = params.get('kind', None) | 47 self.vpn_kind = params.get('kind', None) |
47 | 48 |
48 # Read configuration information & create server configuration file. | |
49 # | |
50 # As VPN kinds other than 'openvpn' are supported, and | |
51 # since 'self.conf' is cummulative, perhaps there should be | |
52 # a method which will clear 'self.conf'; different types of | |
53 # VPN will likely not have the same configuration | |
54 # parameters. This is only really needed if a test is | |
55 # written to switch between two differents kinds of VPN. | |
56 for k, v in params.get('config', {}).iteritems(): | |
57 self.conf[k] = v | |
58 self.server.run("cat <<EOF >%s\n%s\nEOF\n" % | |
59 ('/tmp/vpn-server.conf', '\n'.join( | |
60 "%s %s" % kv for kv in self.conf.iteritems()))) | |
61 | |
62 # Launch specified VPN server. | 49 # Launch specified VPN server. |
63 if self.vpn_kind is None: | 50 if self.vpn_kind is None: |
64 raise error.TestFail('No VPN kind specified for this test.'); | 51 raise error.TestFail('No VPN kind specified for this test.') |
65 elif self.vpn_kind == 'openvpn': | 52 elif self.vpn_kind == 'openvpn': |
66 self.server.run("/usr/sbin/openvpn --config /tmp/vpn-server.conf &") | 53 # Read config information & create server configuration file. |
| 54 for k, v in params.get('config', {}).iteritems(): |
| 55 self.openvpn_config[k] = v |
| 56 self.server.run("cat <<EOF >/tmp/vpn-server.conf\n%s\nEOF\n" % |
| 57 ('\n'.join( "%s %s" % kv for kv in |
| 58 self.openvpn_config.iteritems()))) |
| 59 self.server.run("/usr/sbin/openvpn " |
| 60 "--config /tmp/vpn-server.conf &") |
| 61 elif self.vpn_kind == 'l2tpipsec': |
| 62 |
| 63 configs = { "/etc/ipsec.conf" : |
| 64 "config setup\n" |
| 65 " charonstart=no\n" |
| 66 " plutostart=yes\n" |
| 67 " plutodebug=%(@plutodebug@)s\n" |
| 68 "conn L2TP\n" |
| 69 " keyexchange=ikev1\n" |
| 70 " authby=psk\n" |
| 71 " pfs=no\n" |
| 72 " rekey=no\n" |
| 73 " left=%(@local-listen-ip@)s\n" |
| 74 " leftprotoport=17/1701\n" |
| 75 " right=%%any\n" |
| 76 " rightprotoport=17/%%any\n" |
| 77 " auto=add\n", |
| 78 |
| 79 "/etc/ipsec.secrets" : |
| 80 "%(@ipsec-secrets@)s %%any : PSK \"password\"", |
| 81 |
| 82 "/etc/xl2tpd/xl2tpd.conf" : |
| 83 "[global]\n" |
| 84 "\n" |
| 85 "[lns default]\n" |
| 86 " ip range = 192.168.1.128-192.168.1.254\n" |
| 87 " local ip = 192.168.1.99\n" |
| 88 " require chap = yes\n" |
| 89 " refuse pap = yes\n" |
| 90 " require authentication = yes\n" |
| 91 " name = LinuxVPNserver\n" |
| 92 " ppp debug = yes\n" |
| 93 " pppoptfile = /etc/ppp/options.xl2tpd\n" |
| 94 " length bit = yes\n", |
| 95 |
| 96 "/etc/xl2tpd/l2tp-secrets" : |
| 97 "* them l2tp-secret", |
| 98 |
| 99 "/etc/ppp/chap-secrets" : |
| 100 "chapuser * chapsecret *", |
| 101 |
| 102 "/etc/ppp/options.xl2tpd" : |
| 103 "ipcp-accept-local\n" |
| 104 "ipcp-accept-remote\n" |
| 105 "noccp\n" |
| 106 "auth\n" |
| 107 "crtscts\n" |
| 108 "idle 1800\n" |
| 109 "mtu 1410\n" |
| 110 "mru 1410\n" |
| 111 "nodefaultroute\n" |
| 112 "debug\n" |
| 113 "lock\n" |
| 114 "proxyarp\n" |
| 115 "connect-delay 5000\n" |
| 116 } |
| 117 |
| 118 replacements = params.get("replacements", {}) |
| 119 # These two replacements must match up to the same |
| 120 # adapter, or a connection will not be established. |
| 121 replacements["@local-listen-ip@"] = "%defaultroute" |
| 122 replacements["@ipsec-secrets@"] = self.server.ip |
| 123 |
| 124 for cfg, template in configs.iteritems(): |
| 125 contents = template % (replacements) |
| 126 self.server.run("cat <<EOF >%s\n%s\nEOF\n" % (cfg, contents)) |
| 127 |
| 128 self.server.run("/usr/sbin/ipsec start") |
| 129 |
| 130 # Restart xl2tpd to ensure use of newly-created config files. |
| 131 self.server.run("sh /etc/init.d/xl2tpd restart") |
67 else: | 132 else: |
68 raise error.TestFail('(internal error): No config case ' | 133 raise error.TestFail('(internal error): No config case ' |
69 'for VPN kind (%s)' % self.vpn_kind) | 134 'for VPN kind (%s)' % self.vpn_kind) |
70 | 135 |
71 def vpn_server_kill(self, params): | 136 def vpn_server_kill(self, params): |
72 """ Kill the VPN server. """ | 137 """ Kill the VPN server. """ |
73 if self.vpn_kind is not None: | 138 if self.vpn_kind is not None: |
74 if self.vpn_kind == 'openvpn': | 139 if self.vpn_kind == 'openvpn': |
75 self.server.run("pkill /usr/sbin/openvpn") | 140 self.server.run("pkill /usr/sbin/openvpn") |
| 141 elif self.vpn_kind == 'l2tpipsec': |
| 142 self.server.run("/usr/sbin/ipsec stop") |
76 else: | 143 else: |
77 raise error.TestFail('(internal error): No kill case ' | 144 raise error.TestFail('(internal error): No kill case ' |
78 'for VPN kind (%s)' % self.vpn_kind) | 145 'for VPN kind (%s)' % self.vpn_kind) |
79 self.vpn_kind = None; | 146 self.vpn_kind = None |
OLD | NEW |