Chromium Code Reviews Chromium Code Reviews
Issue 6765030:
Add automated StrongSwan test (Closed)
Base URL: ssh://gitrw.chromium.org:9222/autotest.git@master| Index: server/site_linux_server.py |
| diff --git a/server/site_linux_server.py b/server/site_linux_server.py |
| index 7e4c1bc1888512a3a123e198f9e14d538036ae5a..86c534fb7c40d00ff45783decb713318365c5c87 100644 |
| --- a/server/site_linux_server.py |
| +++ b/server/site_linux_server.py |
| @@ -11,10 +11,11 @@ class LinuxServer(object): |
| """ |
| - def __init__(self, server, params): |
| - self.server = server # Server host. |
| - self.vpn_kind = None |
| - self.conf = {} |
| + def __init__(self, server, wifi_ip): |
| + self.server = server # Server host. |
| + self.vpn_kind = None |
| + self.wifi_ip = wifi_ip |
| + self.openvpn_config = {} |
| def vpn_server_config(self, params): |
| """ Configure & launch the server side of the VPN. |
| @@ -29,6 +30,7 @@ class LinuxServer(object): |
| Valid values: |
| openvpn |
| + l2tpipsec (StrongSwan PSK or certificates) |
| config: required |
| @@ -42,28 +44,104 @@ class LinuxServer(object): |
| supported by the specified VPN kind. |
| """ |
| self.vpn_server_kill({}) # Must be first. Relies on self.vpn_kind. |
| - |
| self.vpn_kind = params.get('kind', None) |
| - # Read configuration information & create server configuration file. |
| - # |
| - # As VPN kinds other than 'openvpn' are supported, and |
| - # since 'self.conf' is cummulative, perhaps there should be |
| - # a method which will clear 'self.conf'; different types of |
| - # VPN will likely not have the same configuration |
| - # parameters. This is only really needed if a test is |
| - # written to switch between two differents kinds of VPN. |
| - for k, v in params.get('config', {}).iteritems(): |
| - self.conf[k] = v |
| - self.server.run("cat <<EOF >%s\n%s\nEOF\n" % |
| - ('/tmp/vpn-server.conf', '\n'.join( |
| - "%s %s" % kv for kv in self.conf.iteritems()))) |
| - |
| # Launch specified VPN server. |
| if self.vpn_kind is None: |
| - raise error.TestFail('No VPN kind specified for this test.'); |
| + raise error.TestFail('No VPN kind specified for this test.') |
| elif self.vpn_kind == 'openvpn': |
| - self.server.run("/usr/sbin/openvpn --config /tmp/vpn-server.conf &") |
| + # Read config information & create server configuration file. |
| + for k, v in params.get('config', {}).iteritems(): |
| + self.openvpn_config[k] = v |
| + self.server.run("cat <<EOF >/tmp/vpn-server.conf\n%s\nEOF\n" % |
| + ('\n'.join( "%s %s" % kv for kv in |
| + self.openvpn_config.iteritems()))) |
| + self.server.run("/usr/sbin/openvpn " |
| + "--config /tmp/vpn-server.conf &") |
| + elif self.vpn_kind == 'l2tpipsec': # aka 'strongswan' |
| + |
| + configs = { "/etc/ipsec.conf" : |
| + "config setup\n" |
| + " charonstart=no\n" |
| + " plutostart=yes\n" |
| + " plutodebug=%(@plutodebug@)s\n" |
| + "conn L2TP\n" |
| + " keyexchange=ikev1\n" |
| + " authby=psk\n" |
| + " pfs=no\n" |
| + " rekey=no\n" |
| + " left=%(@local-listen-ip@)s\n" |
|
kmixter1
2011/04/05 21:51:33
I assume this is the IP that the wired interface i
|
| + " leftprotoport=17/1701\n" |
| + " right=%%any\n" |
| + " rightprotoport=17/%%any\n" |
| + " auto=add\n", |
| + |
| + "/etc/ipsec.secrets" : |
| + "%(@ipsec-secrets@)s %%any : PSK \"password\"", |
| + |
| + "/etc/xl2tpd/xl2tpd.conf" : |
| + "[global]\n" |
| + "\n" |
| + "[lns default]\n" |
| + " ip range = 192.168.1.128-192.168.1.254\n" |
|
kmixter1
2011/04/05 21:51:33
Is it ok to assume these addresses and the local i
|
| + " local ip = 192.168.1.99\n" |
| + " require chap = yes\n" |
| + " refuse pap = yes\n" |
| + " require authentication = yes\n" |
| + " name = LinuxVPNserver\n" |
| + " ppp debug = yes\n" |
| + " pppoptfile = /etc/ppp/options.xl2tpd\n" |
| + " length bit = yes\n", |
| + |
| +# XXX: or /etc/xl2tpd/xl2tp-secrets? |
|
kmixter1
2011/04/05 21:51:33
remove?
kmixter1
2011/04/07 07:07:23
In my build of xl2tpd it uses l2tp-secrets.
|
| + "/etc/xl2tpd/xl2tp-secrets" : |
| + "* them l2tp-secret", |
| + |
| +# XXX: or /etc/xl2tpd/l2tp-secrets? |
|
kmixter1
2011/04/05 21:51:33
remove?
|
| + "/etc/xl2tpd/l2tp-secrets" : |
| + "* them l2tp-secret", |
| + |
| + "/etc/ppp/chap-secrets" : |
| + "chapuser * chapsecret *", |
| + |
| + "/etc/ppp/options.xl2tpd" : |
| + "ipcp-accept-local\n" |
| + "ipcp-accept-remote\n" |
| + "ms-dns 192.168.1.1\n" |
|
kmixter1
2011/04/05 21:51:33
Please remove these ms-dns and ms-wins lines since
|
| + "ms-dns 192.168.1.3\n" |
| + "ms-wins 192.168.1.2\n" |
| + "ms-wins 192.168.1.4\n" |
| + "noccp\n" |
| + "auth\n" |
| + "crtscts\n" |
| + "idle 1800\n" |
| + "mtu 1410\n" |
| + "mru 1410\n" |
| + "nodefaultroute\n" |
| + "debug\n" |
| + "lock\n" |
| + "proxyarp\n" |
| + "connect-delay 5000\n" |
| + } |
| + |
| + replacements = params.get("replacements", {}) |
| + if False: |
| + # Using Wifi does not work, yet. |
| + replacements["@local-listen-ip@"] = self.wifi_ip |
| + replacements["@ipsec-secrets@"] = self.wifi_ip |
| + else: |
| + # Works, but does not use WiFi. |
| + replacements["@local-listen-ip@"] = self.server.ip |
| + replacements["@ipsec-secrets@"] = self.server.ip |
| + |
| + for cfg, template in configs.iteritems(): |
| + contents = template % (replacements) |
| + self.server.run("cat <<EOF >%s\n%s\nEOF\n" % (cfg, contents)) |
| + |
| + self.server.run("/usr/sbin/ipsec start") |
| + |
| + # Restart xl2tpd to ensure use of newly-created config files. |
| + self.server.run("sh /etc/init.d/xl2tpd restart") |
| else: |
| raise error.TestFail('(internal error): No config case ' |
| 'for VPN kind (%s)' % self.vpn_kind) |
| @@ -73,7 +151,9 @@ class LinuxServer(object): |
| if self.vpn_kind is not None: |
| if self.vpn_kind == 'openvpn': |
| self.server.run("pkill /usr/sbin/openvpn") |
| + elif self.vpn_kind == 'l2tpipsec': # aka 'strongswan' |
|
kmixter1
2011/04/05 21:51:33
again, strongswan != l2tpipsec. strongswan == ips
|
| + self.server.run("/usr/sbin/ipsec stop") |
| else: |
| raise error.TestFail('(internal error): No kill case ' |
| 'for VPN kind (%s)' % self.vpn_kind) |
| - self.vpn_kind = None; |
| + self.vpn_kind = None |
