OLD | NEW |
1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | 1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
4 # | 4 # |
5 # An example of how to set up a VPN from the Client (DUT), through the | 5 # An example of how to set up an OpenVPN VPN from the Client (DUT), |
6 # Router to to the Server. | 6 # through the Router to to the Server. |
7 # | 7 # |
8 | 8 |
9 { "name":"VPNGenesis", | 9 { "name":"VPNGenesis", |
10 "steps":[ | 10 "steps":[ |
11 ### Create WiFi connection from Client to Router. | 11 # Create WiFi connection from Client to Router. |
12 [ "create", { "type":"hostap" } ], | 12 [ "create", { "type":"hostap" } ], |
13 [ "config", { "channel":"2412", "mode":"11b" } ], | 13 [ "config", { "channel":"2412", "mode":"11b" } ], |
14 [ "connect", { "security":"none" } ], | 14 [ "connect", { "security":"none" } ], |
15 | 15 |
16 ### Create Client & Server VPN configurations. | 16 # Create Client & Server VPN configurations. |
17 ### | 17 # |
18 ### o Install certficiates files on Server, and Client. | 18 # o Install certficiates files on Server, and Client. |
19 ### o Create VPN configuration on the Server. | 19 # o Create VPN configuration on the Server. |
20 | 20 |
21 [ "install_files", { "system" : "server", | 21 [ "install_files", { "system" : "server", |
22 "files" : | 22 "files" : |
23 { "/tmp/vpn-ca.crt": | 23 { "/tmp/vpn-ca.crt": |
24 site_eap_certs.ca_cert_1, | 24 site_eap_certs.ca_cert_1, |
25 "/tmp/vpn-server.crt": | 25 "/tmp/vpn-server.crt": |
26 site_eap_certs.server_cert_1, | 26 site_eap_certs.server_cert_1, |
27 "/tmp/vpn-server.key": | 27 "/tmp/vpn-server.key": |
28 site_eap_certs.server_private_key_1, | 28 site_eap_certs.server_private_key_1, |
29 "/tmp/vpn-dh1024.pem": | 29 "/tmp/vpn-dh1024.pem": |
30 site_eap_certs.dh1024_pem_key_1 | 30 site_eap_certs.dh1024_pem_key_1 |
31 }}], | 31 }}], |
32 [ "install_files", { "system" : "client", | 32 [ "install_files", { "system" : "client", |
33 "files" : | 33 "files" : |
34 { "/tmp/vpn-ca.crt": | 34 { "/tmp/vpn-ca.crt": |
35 site_eap_certs.ca_cert_1, | 35 site_eap_certs.ca_cert_1, |
36 "/tmp/vpn-client.crt": | 36 "/tmp/vpn-client.crt": |
37 site_eap_certs.client_cert_1, | 37 site_eap_certs.client_cert_1, |
38 "/tmp/vpn-client.key": | 38 "/tmp/vpn-client.key": |
39 site_eap_certs.client_private_key_1 | 39 site_eap_certs.client_private_key_1 |
40 }}], | 40 }}], |
41 | 41 |
42 ### Configure and launch the VPN server. | 42 # Configure and launch the VPN server. Automatically kills any |
43 ### Automatically kills any previously running server. | 43 # previously running server. |
44 ### | 44 # |
45 ### There are two vpn_server_config() uses to ensure that the | 45 # There are two vpn_server_config() uses to ensure that the |
46 ### internal configuration is persistent across invocations. | 46 # internal configuration is persistent across invocations. |
47 ### | 47 # |
48 [ "vpn_server_config", { "kind" : "openvpn", | 48 [ "vpn_server_config", { "kind" : "openvpn", |
49 "config" : | 49 "config" : |
50 { "port":"1194", | 50 { "port":"1194", |
51 "proto":"udp", | 51 "proto":"udp", |
52 "dev":"tun", | 52 "dev":"tun", |
53 "ca":"/tmp/vpn-ca.crt", | 53 "ca":"/tmp/vpn-ca.crt", |
54 "cert":"/tmp/vpn-server.crt", | 54 "cert":"/tmp/vpn-server.crt", |
55 "key":"/tmp/vpn-server.key", | 55 "key":"/tmp/vpn-server.key", |
56 "dh":"/tmp/vpn-dh1024.pem", | 56 "dh":"/tmp/vpn-dh1024.pem", |
57 "server":"10.8.0.0 255.255.255.0", | 57 "server":"10.8.0.0 255.255.255.0", |
58 "ifconfig-pool-persist":"/tmp/ipp.txt", | 58 "ifconfig-pool-persist":"/tmp/ipp.txt", |
59 "keepalive":"10 120", | 59 "keepalive":"10 120", |
60 "persist-key":"", | 60 "persist-key":"", |
61 "persist-tun":"", | 61 "persist-tun":"", |
62 "status":"/tmp/openvpn-status.log", | 62 "status":"/tmp/openvpn-status.log", |
63 "verb":"0" | 63 "verb":"0" |
64 } | 64 } |
65 }], | 65 }], |
66 # Having two vpn_server_config invocations back-to-back results in | 66 # Having two vpn_server_config invocations back-to-back results in |
67 # a failure with 'pkill' right after an rspro boot. There seems | 67 # a failure with 'pkill' right after an rspro boot. There seems |
68 # to be some significant latency when starting openvpn the first | 68 # to be some significant latency when starting the first time, so |
69 # time, so slow the system down a tad to avoid spurious errors. | 69 # slow the system down a tad to avoid spurious errors. |
70 [ "sleep", { "time": "1" } ], | 70 [ "sleep", { "time": "1" } ], |
71 [ "vpn_server_config", { "kind" : "openvpn", | 71 [ "vpn_server_config", { "kind" : "openvpn", |
72 "config" : { "comp-lzo":"" } | 72 "config" : { "comp-lzo":"" } |
73 }], | 73 }], |
74 ### Launch the VPN Client. | 74 # Launch the VPN Client. |
75 [ "vpn_client_load_tunnel" ], | 75 [ "vpn_client_load_tunnel" ], |
76 [ "vpn_client_config", { "kind":"openvpn", | 76 [ "vpn_client_config", { "kind":"openvpn", |
77 "files":{ | 77 "files":{ |
78 "ca-certificate":"/tmp/vpn-ca.crt", | 78 "ca-certificate":"/tmp/vpn-ca.crt", |
79 "client-certificate":"/tmp/vpn-client.crt", | 79 "client-certificate":"/tmp/vpn-client.crt", |
80 "client-key":"/tmp/vpn-client.key" }, | 80 "client-key":"/tmp/vpn-client.key" }, |
81 "remote-cert-tls":"none" | 81 "remote-cert-tls":"none" |
82 }], | 82 }], |
83 ### Verify the client is connected to the server | 83 # Verify the client is connected to the server |
84 [ "client_ping", { "ping_ip":"10.8.0.1", | 84 [ "client_ping", { "ping_ip":"10.8.0.1", |
85 "count":"10" } ], | 85 "count":"10" } ], |
86 | 86 |
87 ### Ensure the VPN also works with the client-side default of | 87 # Ensure the VPN also works with the client-side default of |
88 ### '--remote-cert-tls server'. | 88 # '--remote-cert-tls server'. |
89 [ "vpn_client_config", { "kind":"openvpn", | 89 [ "vpn_client_config", { "kind":"openvpn", |
90 "files":{ | 90 "files":{ |
91 "ca-certificate":"/tmp/vpn-ca.crt", | 91 "ca-certificate":"/tmp/vpn-ca.crt", |
92 "client-certificate":"/tmp/vpn-client.crt", | 92 "client-certificate":"/tmp/vpn-client.crt", |
93 "client-key":"/tmp/vpn-client.key" }, | 93 "client-key":"/tmp/vpn-client.key" }, |
94 }], | 94 }], |
95 ### Verify the client is connected to the server | 95 # Verify the client is connected to the server |
96 [ "client_ping", { "ping_ip":"10.8.0.1", | 96 [ "client_ping", { "ping_ip":"10.8.0.1", |
97 "count":"10" } ], | 97 "count":"10" } ], |
98 | 98 |
99 [ "vpn_server_kill" ], # Shut down the VPN Server. | 99 [ "vpn_server_kill" ], # Shut down the VPN Server. |
100 [ "vpn_client_kill" ], # Shut down the VPN Client. | 100 [ "vpn_client_kill" ], # Shut down the VPN Client. |
101 [ "disconnect" ], # Disconnect WiFi setup | 101 [ "disconnect" ], # Disconnect WiFi setup |
102 ], | 102 ], |
103 } | 103 } |
OLD | NEW |