From nobody Tue Jun 28 11:59:42 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id D3DAF863B59; Tue, 28 Jun 2022 11:59:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LXNSH5SMpz3Qtg; Tue, 28 Jun 2022 11:59:43 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1656417584; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NoNZcHlDEpHXbxDm4C29oqStONFgYxnVcbAhawymOTs=; b=Bz0bSf3owF62v6Ku5HtlzBihnMa4KwsTlGItwj9ylp6wBf6Ck9esDh6ZqV54oQcjkoiDAc 4EYdQo1CO9ZUuGnY2N1Z0+/jDlID27RdgBKDz/TrWxjnlvOnyKTNAOM8dGCMV+fCuP78jl jHojtsie1gISLIWVmFlr74lFR/+ub15n/tubHfsjKZBZbRu64WN70KbmPXGgp1z6S2TawP 6Jtqr0GUQ0sf0uZTd9yTnVW8cPvm6BYiT5fVtOx+I1a0KgN/5rAT7RFYcz/HM7/D0qqMtu YyEp6O/52l9b0mCz2CQHkDJjHpwjeuVPbW27kcg5b1lAI5xEf2ax/3e1Bi9aSA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C57CF1C63E; Tue, 28 Jun 2022 11:59:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 25SBxgWh055812; Tue, 28 Jun 2022 11:59:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 25SBxgK5055811; Tue, 28 Jun 2022 11:59:42 GMT (envelope-from git) Date: Tue, 28 Jun 2022 11:59:42 GMT Message-Id: <202206281159.25SBxgK5055811@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 1e5ef2a7e11d - main - if_ovpn tests: extend multi_client test with an iroute test List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 1e5ef2a7e11d5b3a4b87c34c60c414f894ccb2ce Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1656417584; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NoNZcHlDEpHXbxDm4C29oqStONFgYxnVcbAhawymOTs=; b=cnPy3gr2N7pCMCbTwU+6S/cZZlUP562wanjhuHYmD4A2HrsK7cQszBp8OvjrV4znNiJGIU Rf8Pc0up3Yguczm/0eYU4AuMqELyNBnV5/zMW6f+HTvU+4f1ahRhwb+0mBrMIk1qMyGtbq XfOL8VGmcV9LbuEqjQXhgYZAnTZMLBsESycAW4OZpnLDzHb4nWAfQEJ5x6w5iySPoyG0Qh XagYbJzx58BtHuHcxX2WfR3aACkpG66aEozZKRzhN3wxP/ycza1GczpY/T97bWpc36cgBN k9tZfticnglqQcMlJv2snqtBmd+28ZU3kR3QnhBsQQ+eXZu9Ibd2S6BrR6SbJg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1656417584; a=rsa-sha256; cv=none; b=YeKGdnnZsY+OXUi3YPafzb1PMbcqui1xLkH/lr2Z6EYkVkV8ztiXi6Cq8oQsTiC3sFR7RP fSPYjejQ3guje9TVU1FTeSJTlWkYvVPObgdGEgimfP3mbnclo+ut8Nsck8AyabT7RnDIbg yr6lus1Sym2BDYCmlrjqNi7nTuc1dah3z9069D6o9S+zlePMvRSmOVBlJeFRNriuZDT2b6 roZBS6/hIj2J58D8D1Wyvg94jOEM4cDxPNkQYA+j7RZ0TViywPPBeZPgujOvgtIQeIy2UY YNWGHc3p196GJ6HR+L0f7CJhr1uoNPBkntpwiM1yTq97eShnzvJZ0MnIea+5zg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=1e5ef2a7e11d5b3a4b87c34c60c414f894ccb2ce commit 1e5ef2a7e11d5b3a4b87c34c60c414f894ccb2ce Author: Kristof Provost AuthorDate: 2022-06-15 16:24:35 +0000 Commit: Kristof Provost CommitDate: 2022-06-28 11:51:41 +0000 if_ovpn tests: extend multi_client test with an iroute test OpenVPN allows us to push routes for client networks with the 'iroute' directive. Test that this works as expected. Sponsored by: Rubicon Communications, LLC ("Netgate") --- tests/sys/net/if_ovpn/Makefile | 4 +++ tests/sys/net/if_ovpn/ccd/Makefile | 8 ++++++ tests/sys/net/if_ovpn/ccd/Test-Client2 | 2 ++ tests/sys/net/if_ovpn/client2.crt | 32 +++++++++++++++++++++ tests/sys/net/if_ovpn/client2.key | 51 ++++++++++++++++++++++++++++++++++ tests/sys/net/if_ovpn/if_ovpn.sh | 14 ++++++++-- 6 files changed, 109 insertions(+), 2 deletions(-) diff --git a/tests/sys/net/if_ovpn/Makefile b/tests/sys/net/if_ovpn/Makefile index fa226d56d191..6c9d61965dfb 100644 --- a/tests/sys/net/if_ovpn/Makefile +++ b/tests/sys/net/if_ovpn/Makefile @@ -4,10 +4,14 @@ TESTSDIR= ${TESTSBASE}/sys/net/if_ovpn ATF_TESTS_SH+= if_ovpn +TESTS_SUBDIRS+= ccd + ${PACKAGE}FILES+= \ ca.crt \ client.crt \ client.key \ + client2.crt \ + client2.key \ dh.pem \ server.crt \ server.key \ diff --git a/tests/sys/net/if_ovpn/ccd/Makefile b/tests/sys/net/if_ovpn/ccd/Makefile new file mode 100644 index 000000000000..2d3fefa1f321 --- /dev/null +++ b/tests/sys/net/if_ovpn/ccd/Makefile @@ -0,0 +1,8 @@ +PACKAGE= tests + +TESTSDIR= ${TESTSBASE}/sys/net/if_ovpn/ccd + +${PACKAGE}FILES+= \ + Test-Client2 + +.include diff --git a/tests/sys/net/if_ovpn/ccd/Test-Client2 b/tests/sys/net/if_ovpn/ccd/Test-Client2 new file mode 100644 index 000000000000..b378ad0d4394 --- /dev/null +++ b/tests/sys/net/if_ovpn/ccd/Test-Client2 @@ -0,0 +1,2 @@ +iroute 203.0.113.0 255.255.255.0 +ifconfig-push 198.51.100.3 255.255.255.0 diff --git a/tests/sys/net/if_ovpn/client2.crt b/tests/sys/net/if_ovpn/client2.crt new file mode 100644 index 000000000000..83aec7eedaa0 --- /dev/null +++ b/tests/sys/net/if_ovpn/client2.crt @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFbTCCA1UCFC6I/36G1ZhmNxvabxL+BppMd38jMA0GCSqGSIb3DQEBCwUAMGYx +CzAJBgNVBAYTAktHMQswCQYDVQQIDAJOQTEQMA4GA1UEBwwHQklTSEtFSzEVMBMG +A1UECgwMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlk +b21haW4wIBcNMjIwNjE1MTIwNzQzWhgPMjEyMjA1MjIxMjA3NDNaMH4xCzAJBgNV +BAYTAktHMQswCQYDVQQIDAJOQTEQMA4GA1UEBwwHQklTSEtFSzEVMBMGA1UECgwM +T3BlblZQTi1URVNUMRUwEwYDVQQDDAxUZXN0LUNsaWVudDIxIjAgBgkqhkiG9w0B +CQEWE21lMkBteWhvc3QubXlkb21haW4wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDteW+ZsfahA+NJHgTycmGejCIw/jwbVpaFlwYLBe39OsDK44XUjVn1 +i8k4Vce9F1UcGeY9scyLZ797Ify5Sm59ejVkm2EriuA/jQeNpr8A0HxjcmEcn/G5 +5cM/zZYj7f9Bfj+XVgHG0zHVfD9PItwEUHKNp3hVr/86FwbnHKpcQK/QjYlDOFZB +wiIxDUSpaMLT7eFUqLOem1ZmnBd0qT3GPjBJsbpzzK+LZd9V0brvIc8XCnoUGs2V +wzsg8oRCpVpQsKUNrW3mid9lCJQvRAm6j0/14nZHm3sP5BroOTOzcLKiWuYMwizs +QkkEYP0G9ZtipbIhAdnDB4FgjF+9arH3IXw3UZxXNPguA2UasuqcCwiwyp2aPNAf +G0sIv3rvOGyTp0QfhrsQW0/xcJxfYlMONHft9kvuhC9ITKaH1ei8iQuFhm2QZCrO +f/jEf8d6nckpM3GAp/WIze49HZgdVfAIGV3+DcF2u/gwBjKsRe9W4KN5GxLQEx0x +gWLJN34O340N/Sy+NX82KP/kO/Zb3N1rKVmDIZx49ZJy1eN/Kt7pl0+AqifZzneu +pLl9nziwe0csUtCQbIJHZQQon6vwDQVR3VuGwMra/sayxZDY5IOwueEm62/cJhoQ +rxGknCM99WPhJau3S0gBV1nsH7M37AQxyHhC7q3ambdpEqzUDzf3XwIDAQABMA0G +CSqGSIb3DQEBCwUAA4ICAQBtV12w72Yflc0bIJ3IsnQ1om820Fx8/0Ndr9GD8vov +XXupazyuQmfRBpB0qcVR0tStxJrf8S19WRiLFM2UJexT4H8A3Rp788IESYo5JytV +kAvTtJ+LE74EIRXt9M3II5vFaGiFRyozN7Vdr8mUJO5sXNJaZPQkOsAta652J2JV +Qy5rOgAUEylUWZMVKkmSAdU4LGVgJC86XA9eQGtqtbXj09v3YW/EPsobCi0YbFYS +5WgGCunqw7zT4Ko8KP+horaV/bQWZKnKIb3e5xDh9Zkm48RBRU4pYZ0VoOSp1xAy +qzn/818NVPfhKWSXxLFBVWgsIzLO825vH5WEaQNgg+vfq2/AZcfl6UNGn5dufkAk +73t5dNq46H2Z6t02dfOQ7U4tduCUPbWmPXD/kjFqryQ4GXNR8TMKLf6GZRKD5nOt +KRfrkPL4tbsWL8WY9c5KQRC/vaLXETuuavDMVp0AFwTz846tB2njjyTc5jFcTgfY +X8PgUw/miJszbQd6Z9HTDTTH0osv+VNXE5MCYPWe3QaobBJGRjaPJyO5OA/SXZa+ ++9XCXyEBdVvckHpc4yHK9ATlCeiouDi45lzlnXpvuQz6VXwB8v4JKB/qqFlrzO2E +09yAyw3qPH43TBbgvJwtpD+g6k9VvE7ojHS4fl2epyQAm/orT6RLLHMHEkaYqRCU +2A== +-----END CERTIFICATE----- diff --git a/tests/sys/net/if_ovpn/client2.key b/tests/sys/net/if_ovpn/client2.key new file mode 100644 index 000000000000..7e5c6857de1c --- /dev/null +++ b/tests/sys/net/if_ovpn/client2.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEA7XlvmbH2oQPjSR4E8nJhnowiMP48G1aWhZcGCwXt/TrAyuOF +1I1Z9YvJOFXHvRdVHBnmPbHMi2e/eyH8uUpufXo1ZJthK4rgP40Hjaa/ANB8Y3Jh +HJ/xueXDP82WI+3/QX4/l1YBxtMx1Xw/TyLcBFByjad4Va//OhcG5xyqXECv0I2J +QzhWQcIiMQ1EqWjC0+3hVKiznptWZpwXdKk9xj4wSbG6c8yvi2XfVdG67yHPFwp6 +FBrNlcM7IPKEQqVaULClDa1t5onfZQiUL0QJuo9P9eJ2R5t7D+Qa6Dkzs3Cyolrm +DMIs7EJJBGD9BvWbYqWyIQHZwweBYIxfvWqx9yF8N1GcVzT4LgNlGrLqnAsIsMqd +mjzQHxtLCL967zhsk6dEH4a7EFtP8XCcX2JTDjR37fZL7oQvSEymh9XovIkLhYZt +kGQqzn/4xH/Hep3JKTNxgKf1iM3uPR2YHVXwCBld/g3Bdrv4MAYyrEXvVuCjeRsS +0BMdMYFiyTd+Dt+NDf0svjV/Nij/5Dv2W9zdaylZgyGcePWSctXjfyre6ZdPgKon +2c53rqS5fZ84sHtHLFLQkGyCR2UEKJ+r8A0FUd1bhsDK2v7GssWQ2OSDsLnhJutv +3CYaEK8RpJwjPfVj4SWrt0tIAVdZ7B+zN+wEMch4Qu6t2pm3aRKs1A83918CAwEA +AQKCAgAGjSMXCmHTb1gF3F4mkiE/Tn5i+6CM4IamiNQR2cgHBGftMPmwM3YX4BNd +CoDIJqyiadSAPzd1YRdXPkjKk9MYgxaV//NeUCZ/mlRrA/6g9x93XuBu+bqhdkU8 +rV9G/nncRK9cbXL/GTR2v0a/2CZZuB5w6f3X31MbNydpmNDaWq5/AmiXAibfCYwH +7mXGhq1ZS2a7/yt1ZLOtgQDkpwadQXnzjoOmTi9JmTXgGDkf/77G0/MqOtMRHqGy +9v3PGOC0+SqUhgRSJ9uR3fq4kxfxnaKHFghNUWzDs3dKkMlsWd+Tuw49q92xZuK8 +zDAu0PfIcOnJH1PynXJkR3scrqTaLuXQab2PeEZYZYABBsKuq+Vik9+MUUVjz8RT +VveYoBFYGGLZrCUC5/RUKzOcBWhHxQnRiODm2zrhun0Sfs7HDeii3r4yNwB0Hibi +rIbgMXnxSNp1bYRPp8rECgAEGGhQBJ90D7bZq1H4AU6dKYCnbgxYZopZN2/nsjZN +HGANyJkeDTUVc6VhP6vMQo1B4jSC9n4wykmInfN/+3k8Yd/IPzRJY1WWmjSgzEyv +s1dam+dSN5woq4bl7sbEVrlJaWv/8/Oa1/xypJl4DKLP8g4sTbsa6Ak3JW7BGXyi +V2PfzPMVBq7k4BHAqRJjNTShQfqq/Gsstje+X1bs7pBoQMAGgQKCAQEA/pZffQgp +Odg87PusKGvVbGsLfgEo1sJoM/b6+BZs3HgMSoWTl7k4ph+d9zFYG8NcUau3RLbV +5v5IytKN5WQVzNhUjAxvCZLTu/6m06rtUs2qOCi6GZK5IZaY7Qxho25xAN2VZdEt +bjae4qmaHl6t4anBuVqdMLhzPIQ6gQYXZNXFo3DxlPBCz/Chn6kkq8r2yMobmoov +ny9ai4Exm8JVnwzFv3NWr/iQB232w05Fr0NIWnok/z31q+FFQ8izJsX8rv0+s1zv +pS0kP9rs0GDBxfA034+vNPGM++i+o09igJmtqlV67fB4vHEq2BZm2EkgsPBqjIY+ +1MeNZvMH8/FBAwKCAQEA7srBPRQCHEigHkjKd9igTr/YGDQ0HVD1m2pE0SvuBHSB +dB1n1AH6HqRqMhYuxxXCH72wpej06fjKo/rqqhub4H3XlEgTBmSQfDBe42WDDGEN +T7XDKVNaa27i8s2ztUfCkumoNR6IbhcvQlCmhwZVW1NsNkk5bY/pA3Qs6vntMT5F +MILJIChPhIWkQpmdNvaJeVE0fIw2J1yXTZwX4TZUrf2MhystD1BAdyNQe8QxstJQ +3WG1GYFH25X8onQ1uCvhpe9xdJv9U1qY/D5V3gf63Dy/wsvm50LGf1/cVxkRthSu +s2tBCtiQImgmJsk2FpK3vAnzX0Ik9gcKd/8P6ENrdQKCAQAOx/JBUyD5n8lhxPbo +3eHlSo2/Qhf56A2evr8xejPV1Q55oSnBjFpyorFMMcw4yG3qu/qG/cqLf8YAKJte +byIo44J9IxerSaALcSyEa48d2J0CZ7LuWytufMziLm7Yy0e6UiMjZzKpDHjLFifB +jaOwz2dU+KLZukvOfqra5Nyk2RiBdcRA7nYiloj7uRlM9BrB66IQpec/6cLrCJQ1 +w+Guu1Ib3Hly/A54r/S8wCWhmFlyD1dojlNeKFUaK2PjY2lZS5DBXyr2vxk0r+RB +8OwvLtQTCseUXlXeJlQzLR+98a44jn/1opmP704af6p28j/4pey5ve2V8wQNrxyO +GDq7AoIBAEs+kpOXeW7GJ8ZDM6F+Hk2SQBqoYH+YYjw9yT+MMy0uNRiMp4nzsYf0 +UQ5FVSognhH4aPBurrYHUntHdqhxmLWtkb/E0lHiYHDxoQTQmPHOpy4l3UBpZoWR +5GuUC/ukiBhZDkrmuyDNp3OjDEZh5YWojOGyQylV/pu7AOhuJqKst4qou42phh0B +K5hc5WBLYVhcEUjpuaq/j2HCPPgXcal9yslQ/prjs9yWwSau1OY/RYHs5u8JgMYd +xgS+z6qgETODduHCwZmBY9GgJtiW9SJu9hIAxFq8/OVoJHtBiAYzEDWzJ0SupwRg +gx0XrDaCtujGzeyHYDQyVccoFTAgBn0CggEBAICbfBKaQyt9xTXazTIgDF+KED6u +E0AVCnAUHT7qkMa0y+LlcOAuCoZrr8yIYU7VjRxUKIuYyUSQ5SRPhL9P2HBhPNFe +yTVT5IC2Lrqh+UTiwacUA/USCUY4XmshXZS0eg8/ZEGpjHMa3gGEVhtVmM40zmLt +XJWrYAahYNCjMW2lVLPSr/m6UDoo1lDO9Xi1Usls2de1cMA+jVAMEO0F+k8PmZ3a +5/2fkGm1+gFevICOzvrzYVtLJaLGfUGVrxsPYC7t0T5o8AEduaGAcpwD/snTdJwg +zLyEZJ/G0v0DOyadQoBSKTdcgrI4XgyUkktFGLAlTND2tkbQdtsdNC6LR1k= +-----END RSA PRIVATE KEY----- diff --git a/tests/sys/net/if_ovpn/if_ovpn.sh b/tests/sys/net/if_ovpn/if_ovpn.sh index 280897031a6d..fcf05372d3b9 100644 --- a/tests/sys/net/if_ovpn/if_ovpn.sh +++ b/tests/sys/net/if_ovpn/if_ovpn.sh @@ -433,6 +433,8 @@ multi_client_body() jexec one ifconfig ${one}b 192.0.2.2/24 up vnet_mkjail two ${two}b jexec two ifconfig ${two}b 192.0.2.3/24 up + jexec two ifconfig lo0 127.0.0.1/8 up + jexec two ifconfig lo0 inet alias 203.0.113.1/24 # Sanity checks atf_check -s exit:0 -o ignore jexec one ping -c 1 192.0.2.1 @@ -450,6 +452,9 @@ multi_client_body() local 192.0.2.1 server 198.51.100.0 255.255.255.0 + + push \"route 203.0.113.0 255.255.255.0 198.51.100.1\" + ca $(atf_get_srcdir)/ca.crt cert $(atf_get_srcdir)/server.crt key $(atf_get_srcdir)/server.key @@ -462,6 +467,8 @@ multi_client_body() topology subnet keepalive 100 600 + + client-config-dir $(atf_get_srcdir)/ccd " ovpn_start one " dev tun0 @@ -489,8 +496,8 @@ multi_client_body() auth-user-pass $(atf_get_srcdir)/user.pass ca $(atf_get_srcdir)/ca.crt - cert $(atf_get_srcdir)/client.crt - key $(atf_get_srcdir)/client.key + cert $(atf_get_srcdir)/client2.crt + key $(atf_get_srcdir)/client2.key dh $(atf_get_srcdir)/dh.pem keepalive 100 600 @@ -505,6 +512,9 @@ multi_client_body() # Client-to-client communication atf_check -s exit:0 -o ignore jexec one ping -c 3 198.51.100.3 atf_check -s exit:0 -o ignore jexec two ping -c 3 198.51.100.2 + + # iroute test + atf_check -s exit:0 -o ignore jexec one ping -c 3 203.0.113.1 } multi_client_cleanup()