#
# Author: Antonio Quartulli <antonio@openvpn.net>
-UDP_PEERS_FILE=${UDP_PEERS_FILE:-udp_peers.txt}
-TCP_PEERS_FILE=${TCP_PEERS_FILE:-tcp_peers.txt}
+OVPN_UDP_PEERS_FILE=${OVPN_UDP_PEERS_FILE:-udp_peers.txt}
+OVPN_TCP_PEERS_FILE=${OVPN_TCP_PEERS_FILE:-tcp_peers.txt}
OVPN_CLI=${OVPN_CLI:-./ovpn-cli}
-YNL_CLI=${YNL_CLI:-../../../../net/ynl/pyynl/cli.py}
-ALG=${ALG:-aes}
-PROTO=${PROTO:-UDP}
-FLOAT=${FLOAT:-0}
-SYMMETRIC_ID=${SYMMETRIC_ID:-0}
+OVPN_YNL=${OVPN_YNL:-../../../../net/ynl/pyynl/cli.py}
+OVPN_ALG=${OVPN_ALG:-aes}
+OVPN_PROTO=${OVPN_PROTO:-UDP}
+OVPN_FLOAT=${OVPN_FLOAT:-0}
+OVPN_SYMMETRIC_ID=${OVPN_SYMMETRIC_ID:-0}
-export ID_OFFSET=$(( 9 * (SYMMETRIC_ID == 0) ))
+export OVPN_ID_OFFSET=$(( 9 * (OVPN_SYMMETRIC_ID == 0) ))
-JQ_FILTER='map(if type == "array" then .[] else . end) |
+OVPN_JQ_FILTER='map(if type == "array" then .[] else . end) |
map(select(.msg.peer | has("remote-ipv6") | not)) |
map(del(.msg.ifindex)) | sort_by(.msg.peer.id)[]'
-LAN_IP="11.11.11.11"
+OVPN_LAN_IP="11.11.11.11"
-declare -A tmp_jsons=()
-declare -A listener_pids=()
+declare -A OVPN_TMP_JSONS=()
+declare -A OVPN_LISTENER_PIDS=()
-create_ns() {
- ip netns add peer${1}
+ovpn_create_ns() {
+ ip netns add "ovpn_peer${1}"
}
-setup_ns() {
+ovpn_setup_ns() {
+ local peer="ovpn_peer${1}"
+ local server_ns="ovpn_peer0"
+ local peer_ns
MODE="P2P"
if [ ${1} -eq 0 ]; then
MODE="MP"
- for p in $(seq 1 ${NUM_PEERS}); do
- ip link add veth${p} netns peer0 type veth peer name veth${p} netns peer${p}
-
- ip -n peer0 addr add 10.10.${p}.1/24 dev veth${p}
- ip -n peer0 addr add fd00:0:0:${p}::1/64 dev veth${p}
- ip -n peer0 link set veth${p} up
-
- ip -n peer${p} addr add 10.10.${p}.2/24 dev veth${p}
- ip -n peer${p} addr add fd00:0:0:${p}::2/64 dev veth${p}
- ip -n peer${p} link set veth${p} up
+ for p in $(seq 1 ${OVPN_NUM_PEERS}); do
+ peer_ns="ovpn_peer${p}"
+ ip link add veth${p} netns "${server_ns}" type veth \
+ peer name veth${p} netns "${peer_ns}"
+
+ ip -n "${server_ns}" addr add 10.10.${p}.1/24 dev \
+ veth${p}
+ ip -n "${server_ns}" addr add fd00:0:0:${p}::1/64 dev \
+ veth${p}
+ ip -n "${server_ns}" link set veth${p} up
+
+ ip -n "${peer_ns}" addr add 10.10.${p}.2/24 dev veth${p}
+ ip -n "${peer_ns}" addr add fd00:0:0:${p}::2/64 dev \
+ veth${p}
+ ip -n "${peer_ns}" link set veth${p} up
done
fi
- ip netns exec peer${1} ${OVPN_CLI} new_iface tun${1} $MODE
- ip -n peer${1} addr add ${2} dev tun${1}
+ ip netns exec "${peer}" ${OVPN_CLI} new_iface tun${1} $MODE
+ ip -n "${peer}" addr add ${2} dev tun${1}
# add a secondary IP to peer 1, to test a LAN behind a client
- if [ ${1} -eq 1 -a -n "${LAN_IP}" ]; then
- ip -n peer${1} addr add ${LAN_IP} dev tun${1}
- ip -n peer0 route add ${LAN_IP} via $(echo ${2} |sed -e s'!/.*!!') dev tun0
+ if [ ${1} -eq 1 -a -n "${OVPN_LAN_IP}" ]; then
+ ip -n "${peer}" addr add ${OVPN_LAN_IP} dev tun${1}
+ ip -n "${server_ns}" route add ${OVPN_LAN_IP} via \
+ $(echo ${2} |sed -e s'!/.*!!') dev tun0
fi
if [ -n "${3}" ]; then
- ip -n peer${1} link set mtu ${3} dev tun${1}
+ ip -n "${peer}" link set mtu ${3} dev tun${1}
fi
- ip -n peer${1} link set tun${1} up
+ ip -n "${peer}" link set tun${1} up
}
-build_capture_filter() {
+ovpn_build_capture_filter() {
# match the first four bytes of the openvpn data payload
- if [ "${PROTO}" == "UDP" ]; then
+ if [ "${OVPN_PROTO}" == "UDP" ]; then
# For UDP, libpcap transport indexing only works for IPv4, so
# use an explicit IPv4 or IPv6 expression based on the peer
# address. The IPv6 branch assumes there are no extension
fi
}
-setup_listener() {
+ovpn_setup_listener() {
+ local peer_ns="ovpn_peer${p}"
file=$(mktemp)
- PYTHONUNBUFFERED=1 ip netns exec peer${p} ${YNL_CLI} --family ovpn \
- --subscribe peers --output-json --duration 40 > ${file} &
- listener_pids[$1]=$!
- tmp_jsons[$1]="${file}"
+ PYTHONUNBUFFERED=1 ip netns exec "${peer_ns}" "${OVPN_YNL}" --family \
+ ovpn --subscribe peers --output-json --duration 40 > ${file} &
+ OVPN_LISTENER_PIDS[$1]=$!
+ OVPN_TMP_JSONS[$1]="${file}"
}
-add_peer() {
+ovpn_add_peer() {
labels=("ASYMM" "SYMM")
- M_ID=${labels[SYMMETRIC_ID]}
+ local peer_ns
+ local server_ns="ovpn_peer0"
+ M_ID=${labels[OVPN_SYMMETRIC_ID]}
- if [ "${PROTO}" == "UDP" ]; then
+ if [ "${OVPN_PROTO}" == "UDP" ]; then
if [ ${1} -eq 0 ]; then
- ip netns exec peer0 ${OVPN_CLI} new_multi_peer tun0 1 \
- ${M_ID} ${UDP_PEERS_FILE}
+ ip netns exec "${server_ns}" ${OVPN_CLI} \
+ new_multi_peer tun0 1 ${M_ID} \
+ ${OVPN_UDP_PEERS_FILE}
- for p in $(seq 1 ${NUM_PEERS}); do
- ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 1 0 ${ALG} 0 \
+ for p in $(seq 1 ${OVPN_NUM_PEERS}); do
+ ip netns exec "${server_ns}" ${OVPN_CLI} \
+ new_key tun0 ${p} 1 0 ${OVPN_ALG} 0 \
data64.key
done
else
- if [ "${SYMMETRIC_ID}" -eq 1 ]; then
+ peer_ns="ovpn_peer${1}"
+ if [ "${OVPN_SYMMETRIC_ID}" -eq 1 ]; then
PEER_ID=${1}
TX_ID="none"
else
PEER_ID=$(awk "NR == ${1} {print \$2}" \
- ${UDP_PEERS_FILE})
+ ${OVPN_UDP_PEERS_FILE})
TX_ID=${1}
fi
- RADDR=$(awk "NR == ${1} {print \$3}" ${UDP_PEERS_FILE})
- RPORT=$(awk "NR == ${1} {print \$4}" ${UDP_PEERS_FILE})
- LPORT=$(awk "NR == ${1} {print \$6}" ${UDP_PEERS_FILE})
- ip netns exec peer${1} ${OVPN_CLI} new_peer tun${1} \
- ${PEER_ID} ${TX_ID} ${LPORT} ${RADDR} ${RPORT}
- ip netns exec peer${1} ${OVPN_CLI} new_key tun${1} \
- ${PEER_ID} 1 0 ${ALG} 1 data64.key
+ RADDR=$(awk "NR == ${1} {print \$3}" \
+ ${OVPN_UDP_PEERS_FILE})
+ RPORT=$(awk "NR == ${1} {print \$4}" \
+ ${OVPN_UDP_PEERS_FILE})
+ LPORT=$(awk "NR == ${1} {print \$6}" \
+ ${OVPN_UDP_PEERS_FILE})
+ ip netns exec "${peer_ns}" ${OVPN_CLI} new_peer \
+ tun${1} ${PEER_ID} ${TX_ID} ${LPORT} ${RADDR} \
+ ${RPORT}
+ ip netns exec "${peer_ns}" ${OVPN_CLI} new_key tun${1} \
+ ${PEER_ID} 1 0 ${OVPN_ALG} 1 data64.key
fi
else
if [ ${1} -eq 0 ]; then
- (ip netns exec peer0 ${OVPN_CLI} listen tun0 1 ${M_ID} \
- ${TCP_PEERS_FILE} && {
- for p in $(seq 1 ${NUM_PEERS}); do
- ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 1 0 \
- ${ALG} 0 data64.key
+ (ip netns exec "${server_ns}" ${OVPN_CLI} listen tun0 \
+ 1 ${M_ID} ${OVPN_TCP_PEERS_FILE} && {
+ for p in $(seq 1 ${OVPN_NUM_PEERS}); do
+ ip netns exec "${server_ns}" \
+ ${OVPN_CLI} new_key tun0 ${p} \
+ 1 0 ${OVPN_ALG} 0 data64.key
done
}) &
sleep 5
else
- if [ "${SYMMETRIC_ID}" -eq 1 ]; then
+ peer_ns="ovpn_peer${1}"
+ if [ "${OVPN_SYMMETRIC_ID}" -eq 1 ]; then
PEER_ID=${1}
TX_ID="none"
else
PEER_ID=$(awk "NR == ${1} {print \$2}" \
- ${TCP_PEERS_FILE})
+ ${OVPN_TCP_PEERS_FILE})
TX_ID=${1}
fi
- ip netns exec peer${1} ${OVPN_CLI} connect tun${1} \
+ ip netns exec "${peer_ns}" ${OVPN_CLI} connect tun${1} \
${PEER_ID} ${TX_ID} 10.10.${1}.1 1 data64.key
fi
fi
}
-compare_ntfs() {
+ovpn_compare_ntfs() {
local diff_rc=0
local diff_file
- if [ ${#tmp_jsons[@]} -gt 0 ]; then
+ if [ ${#OVPN_TMP_JSONS[@]} -gt 0 ]; then
suffix=""
- [ "${SYMMETRIC_ID}" -eq 1 ] && suffix="${suffix}-symm"
- [ "$FLOAT" == 1 ] && suffix="${suffix}-float"
+ [ "${OVPN_SYMMETRIC_ID}" -eq 1 ] && suffix="${suffix}-symm"
+ [ "$OVPN_FLOAT" == 1 ] && suffix="${suffix}-float"
expected="json/peer${1}${suffix}.json"
- received="${tmp_jsons[$1]}"
+ received="${OVPN_TMP_JSONS[$1]}"
diff_file=$(mktemp)
- kill -TERM ${listener_pids[$1]} || true
- wait ${listener_pids[$1]} || true
+ kill -TERM ${OVPN_LISTENER_PIDS[$1]} || true
+ wait ${OVPN_LISTENER_PIDS[$1]} || true
printf "Checking notifications for peer ${1}... "
- if diff <(jq -s "${JQ_FILTER}" ${expected}) \
- <(jq -s "${JQ_FILTER}" ${received}) \
+ if diff <(jq -s "${OVPN_JQ_FILTER}" ${expected}) \
+ <(jq -s "${OVPN_JQ_FILTER}" ${received}) \
>"${diff_file}" 2>&1; then
echo "OK"
else
return "${diff_rc}"
}
-cleanup() {
+ovpn_cleanup() {
+ local peer_ns
# some ovpn-cli processes sleep in background so they need manual poking
killall $(basename ${OVPN_CLI}) 2>/dev/null || true
# netns peer0 is deleted without erasing ifaces first
for p in $(seq 1 10); do
- ip -n peer${p} link set tun${p} down 2>/dev/null || true
- ip netns exec peer${p} ${OVPN_CLI} del_iface tun${p} 2>/dev/null || true
+ peer_ns="ovpn_peer${p}"
+ ip -n "${peer_ns}" link set tun${p} down 2>/dev/null || true
+ ip netns exec "${peer_ns}" ${OVPN_CLI} del_iface tun${p} \
+ 2>/dev/null || true
done
for p in $(seq 1 10); do
- ip -n peer0 link del veth${p} 2>/dev/null || true
+ ip -n ovpn_peer0 link del veth${p} 2>/dev/null || true
done
for p in $(seq 0 10); do
- ip netns del peer${p} 2>/dev/null || true
+ ip netns del "ovpn_peer${p}" 2>/dev/null || true
done
}
-if [ "${PROTO}" == "UDP" ]; then
- NUM_PEERS=${NUM_PEERS:-$(wc -l ${UDP_PEERS_FILE} | awk '{print $1}')}
+if [ "${OVPN_PROTO}" == "UDP" ]; then
+ OVPN_NUM_PEERS=${OVPN_NUM_PEERS:-$(wc -l ${OVPN_UDP_PEERS_FILE} | \
+ awk '{print $1}')}
else
- NUM_PEERS=${NUM_PEERS:-$(wc -l ${TCP_PEERS_FILE} | awk '{print $1}')}
+ OVPN_NUM_PEERS=${OVPN_NUM_PEERS:-$(wc -l ${OVPN_TCP_PEERS_FILE} | \
+ awk '{print $1}')}
fi
#
# Author: Antonio Quartulli <antonio@openvpn.net>
-ALG="chachapoly"
+OVPN_ALG="chachapoly"
source test.sh
#
# Author: Antonio Quartulli <antonio@openvpn.net>
-PROTO="TCP"
+OVPN_PROTO="TCP"
source test-close-socket.sh
set -e
source ./common.sh
+server_ns="ovpn_peer0"
-cleanup
+ovpn_cleanup
modprobe -q ovpn || true
-for p in $(seq 0 ${NUM_PEERS}); do
- create_ns ${p}
+for p in $(seq 0 ${OVPN_NUM_PEERS}); do
+ ovpn_create_ns ${p}
done
-for p in $(seq 0 ${NUM_PEERS}); do
- setup_ns ${p} 5.5.5.$((${p} + 1))/24
+for p in $(seq 0 ${OVPN_NUM_PEERS}); do
+ ovpn_setup_ns ${p} 5.5.5.$((${p} + 1))/24
done
-for p in $(seq 0 ${NUM_PEERS}); do
- add_peer ${p}
+for p in $(seq 0 ${OVPN_NUM_PEERS}); do
+ ovpn_add_peer ${p}
done
-for p in $(seq 1 ${NUM_PEERS}); do
- ip netns exec peer0 ${OVPN_CLI} set_peer tun0 ${p} 60 120
- ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} $((${p}+9)) 60 120
+for p in $(seq 1 ${OVPN_NUM_PEERS}); do
+ ip netns exec "${server_ns}" ${OVPN_CLI} set_peer tun0 ${p} 60 120
+ ip netns exec "ovpn_peer${p}" ${OVPN_CLI} set_peer tun${p} $((${p}+9)) \
+ 60 120
done
sleep 1
-for p in $(seq 1 ${NUM_PEERS}); do
- ip netns exec peer0 ping -qfc 500 -w 3 5.5.5.$((${p} + 1))
+for p in $(seq 1 ${OVPN_NUM_PEERS}); do
+ ip netns exec "${server_ns}" ping -qfc 500 -w 3 5.5.5.$((${p} + 1))
done
-ip netns exec peer0 iperf3 -1 -s &
+ip netns exec "${server_ns}" iperf3 -1 -s &
sleep 1
-ip netns exec peer1 iperf3 -Z -t 3 -c 5.5.5.1
+ip netns exec ovpn_peer1 iperf3 -Z -t 3 -c 5.5.5.1
-cleanup
+ovpn_cleanup
modprobe -r ovpn || true
#
# Author: Antonio Quartulli <antonio@openvpn.net>
-FLOAT="1"
+OVPN_FLOAT="1"
source test.sh
MARK=1056
source ./common.sh
+server_ns="ovpn_peer0"
-cleanup
+ovpn_cleanup
modprobe -q ovpn || true
-for p in $(seq 0 "${NUM_PEERS}"); do
- create_ns "${p}"
+for p in $(seq 0 "${OVPN_NUM_PEERS}"); do
+ ovpn_create_ns "${p}"
done
for p in $(seq 0 3); do
- setup_ns "${p}" 5.5.5.$((p + 1))/24
+ ovpn_setup_ns "${p}" 5.5.5.$((p + 1))/24
done
# add peer0 with mark
-ip netns exec peer0 "${OVPN_CLI}" new_multi_peer tun0 1 ASYMM \
- "${UDP_PEERS_FILE}" \
+ip netns exec "${server_ns}" "${OVPN_CLI}" new_multi_peer tun0 1 ASYMM \
+ "${OVPN_UDP_PEERS_FILE}" \
${MARK}
for p in $(seq 1 3); do
- ip netns exec peer0 "${OVPN_CLI}" new_key tun0 "${p}" 1 0 "${ALG}" 0 \
- data64.key
+ ip netns exec "${server_ns}" "${OVPN_CLI}" new_key tun0 "${p}" 1 0 \
+ "${OVPN_ALG}" 0 data64.key
done
for p in $(seq 1 3); do
- add_peer "${p}"
+ ovpn_add_peer "${p}"
done
for p in $(seq 1 3); do
- ip netns exec peer0 "${OVPN_CLI}" set_peer tun0 "${p}" 60 120
- ip netns exec peer"${p}" "${OVPN_CLI}" set_peer tun"${p}" \
+ ip netns exec "${server_ns}" "${OVPN_CLI}" set_peer tun0 "${p}" 60 120
+ ip netns exec "ovpn_peer${p}" "${OVPN_CLI}" set_peer tun"${p}" \
$((p + 9)) 60 120
done
sleep 1
for p in $(seq 1 3); do
- ip netns exec peer0 ping -qfc 500 -w 3 5.5.5.$((p + 1))
+ ip netns exec "${server_ns}" ping -qfc 500 -w 3 5.5.5.$((p + 1))
done
echo "Adding an nftables drop rule based on mark value ${MARK}"
-ip netns exec peer0 nft flush ruleset
-ip netns exec peer0 nft 'add table inet filter'
-ip netns exec peer0 nft 'add chain inet filter output {
+ip netns exec "${server_ns}" nft flush ruleset
+ip netns exec "${server_ns}" nft 'add table inet filter'
+ip netns exec "${server_ns}" nft 'add chain inet filter output {
type filter hook output priority 0;
policy accept;
}'
-ip netns exec peer0 nft add rule inet filter output \
+ip netns exec "${server_ns}" nft add rule inet filter output \
meta mark == ${MARK} \
counter drop
-DROP_COUNTER=$(ip netns exec peer0 nft list chain inet filter output \
+DROP_COUNTER=$(ip netns exec "${server_ns}" nft list chain inet filter output \
| sed -n 's/.*packets \([0-9]*\).*/\1/p')
sleep 1
# ping should fail
for p in $(seq 1 3); do
- PING_OUTPUT=$(ip netns exec peer0 ping \
+ PING_OUTPUT=$(ip netns exec "${server_ns}" ping \
-qfc 500 -w 1 5.5.5.$((p + 1)) 2>&1) && exit 1
echo "${PING_OUTPUT}"
LOST_PACKETS=$(echo "$PING_OUTPUT" \
done
# check if the final nft counter matches our counter
-TOTAL_COUNT=$(ip netns exec peer0 nft list chain inet filter output \
+TOTAL_COUNT=$(ip netns exec "${server_ns}" nft list chain inet filter output \
| sed -n 's/.*packets \([0-9]*\).*/\1/p')
if [ "${DROP_COUNTER}" -ne "${TOTAL_COUNT}" ]; then
echo "Expected ${TOTAL_COUNT} drops, got ${DROP_COUNTER}"
fi
echo "Removing the drop rule"
-ip netns exec peer0 nft flush ruleset
+ip netns exec "${server_ns}" nft flush ruleset
sleep 1
for p in $(seq 1 3); do
- ip netns exec peer0 ping -qfc 500 -w 3 5.5.5.$((p + 1))
+ ip netns exec "${server_ns}" ping -qfc 500 -w 3 5.5.5.$((p + 1))
done
-cleanup
+ovpn_cleanup
modprobe -r ovpn || true
# Author: Ralf Lici <ralf@mandelbit.com>
# Antonio Quartulli <antonio@openvpn.net>
-SYMMETRIC_ID="1"
-FLOAT="1"
+OVPN_SYMMETRIC_ID="1"
+OVPN_FLOAT="1"
source test.sh
# Author: Ralf Lici <ralf@mandelbit.com>
# Antonio Quartulli <antonio@openvpn.net>
-PROTO="TCP"
-SYMMETRIC_ID=1
+OVPN_PROTO="TCP"
+OVPN_SYMMETRIC_ID=1
source test.sh
# Author: Ralf Lici <ralf@mandelbit.com>
# Antonio Quartulli <antonio@openvpn.net>
-SYMMETRIC_ID="1"
+OVPN_SYMMETRIC_ID="1"
source test.sh
#
# Author: Antonio Quartulli <antonio@openvpn.net>
-PROTO="TCP"
+OVPN_PROTO="TCP"
source test.sh
set -e
source ./common.sh
+server_ns="ovpn_peer0"
-cleanup
+ovpn_cleanup
modprobe -q ovpn || true
-for p in $(seq 0 ${NUM_PEERS}); do
- create_ns ${p}
+for p in $(seq 0 ${OVPN_NUM_PEERS}); do
+ ovpn_create_ns ${p}
done
-for p in $(seq 0 ${NUM_PEERS}); do
- setup_listener ${p}
+for p in $(seq 0 ${OVPN_NUM_PEERS}); do
+ ovpn_setup_listener ${p}
done
-for p in $(seq 0 ${NUM_PEERS}); do
- setup_ns ${p} 5.5.5.$((${p} + 1))/24 ${MTU}
+for p in $(seq 0 ${OVPN_NUM_PEERS}); do
+ ovpn_setup_ns ${p} 5.5.5.$((${p} + 1))/24 ${MTU}
done
-for p in $(seq 0 ${NUM_PEERS}); do
- add_peer ${p}
+for p in $(seq 0 ${OVPN_NUM_PEERS}); do
+ ovpn_add_peer ${p}
done
-for p in $(seq 1 ${NUM_PEERS}); do
- ip netns exec peer0 ${OVPN_CLI} set_peer tun0 ${p} 60 120
- ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} \
- $((${p}+ID_OFFSET)) 60 120
+for p in $(seq 1 ${OVPN_NUM_PEERS}); do
+ ip netns exec "${server_ns}" ${OVPN_CLI} set_peer tun0 ${p} 60 120
+ ip netns exec "ovpn_peer${p}" ${OVPN_CLI} set_peer tun${p} \
+ $((${p}+OVPN_ID_OFFSET)) 60 120
done
sleep 1
TCPDUMP_TIMEOUT="1.5s"
-for p in $(seq 1 ${NUM_PEERS}); do
+for p in $(seq 1 ${OVPN_NUM_PEERS}); do
# The first part of the data packet header consists of:
# - TCP only: 2 bytes for the packet length
# - 5 bits for opcode ("9" for DATA_V2)
# - with asymmetric ID: "${p}" one way and "${p} + 9" the other way
# - with symmetric ID: "${p}" both ways
HEADER1=$(printf "0x4800000%x" ${p})
- HEADER2=$(printf "0x4800000%x" $((${p} + ID_OFFSET)))
+ HEADER2=$(printf "0x4800000%x" $((${p} + OVPN_ID_OFFSET)))
RADDR=""
- if [ "${PROTO}" == "UDP" ]; then
- RADDR=$(awk "NR == ${p} {print \$3}" ${UDP_PEERS_FILE})
+ if [ "${OVPN_PROTO}" == "UDP" ]; then
+ RADDR=$(awk "NR == ${p} {print \$3}" ${OVPN_UDP_PEERS_FILE})
fi
- timeout ${TCPDUMP_TIMEOUT} ip netns exec peer${p} \
+ timeout ${TCPDUMP_TIMEOUT} ip netns exec "ovpn_peer${p}" \
tcpdump --immediate-mode -p -ni veth${p} -c 1 \
- "$(build_capture_filter "${HEADER1}" "${RADDR}")" \
+ "$(ovpn_build_capture_filter "${HEADER1}" "${RADDR}")" \
>/dev/null 2>&1 &
TCPDUMP_PID1=$!
- timeout ${TCPDUMP_TIMEOUT} ip netns exec peer${p} \
+ timeout ${TCPDUMP_TIMEOUT} ip netns exec "ovpn_peer${p}" \
tcpdump --immediate-mode -p -ni veth${p} -c 1 \
- "$(build_capture_filter "${HEADER2}" "${RADDR}")" \
+ "$(ovpn_build_capture_filter "${HEADER2}" "${RADDR}")" \
>/dev/null 2>&1 &
TCPDUMP_PID2=$!
sleep 0.3
- ip netns exec peer0 ping -qfc 500 -w 3 5.5.5.$((${p} + 1))
- ip netns exec peer0 ping -qfc 500 -s 3000 -w 3 5.5.5.$((${p} + 1))
+ ip netns exec "${server_ns}" ping -qfc 500 -w 3 5.5.5.$((${p} + 1))
+ ip netns exec "${server_ns}" ping -qfc 500 -s 3000 -w 3 \
+ 5.5.5.$((${p} + 1))
wait ${TCPDUMP_PID1}
wait ${TCPDUMP_PID2}
done
# ping LAN behind client 1
-ip netns exec peer0 ping -qfc 500 -w 3 ${LAN_IP}
+ip netns exec "${server_ns}" ping -qfc 500 -w 3 ${OVPN_LAN_IP}
-if [ "$FLOAT" == "1" ]; then
+if [ "$OVPN_FLOAT" == "1" ]; then
# make clients float..
- for p in $(seq 1 ${NUM_PEERS}); do
- ip -n peer${p} addr del 10.10.${p}.2/24 dev veth${p}
- ip -n peer${p} addr add 10.10.${p}.3/24 dev veth${p}
+ for p in $(seq 1 ${OVPN_NUM_PEERS}); do
+ ip -n "ovpn_peer${p}" addr del 10.10.${p}.2/24 dev veth${p}
+ ip -n "ovpn_peer${p}" addr add 10.10.${p}.3/24 dev veth${p}
done
- for p in $(seq 1 ${NUM_PEERS}); do
- ip netns exec peer${p} ping -qfc 500 -w 3 5.5.5.1
+ for p in $(seq 1 ${OVPN_NUM_PEERS}); do
+ ip netns exec "ovpn_peer${p}" ping -qfc 500 -w 3 5.5.5.1
done
fi
-ip netns exec peer0 iperf3 -1 -s &
+ip netns exec "${server_ns}" iperf3 -1 -s &
sleep 1
-ip netns exec peer1 iperf3 -Z -t 3 -c 5.5.5.1
+ip netns exec ovpn_peer1 iperf3 -Z -t 3 -c 5.5.5.1
echo "Adding secondary key and then swap:"
-for p in $(seq 1 ${NUM_PEERS}); do
- ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 2 1 ${ALG} 0 \
- data64.key
- ip netns exec peer${p} ${OVPN_CLI} new_key tun${p} \
- $((${p} + ID_OFFSET)) 2 1 ${ALG} 1 data64.key
- ip netns exec peer${p} ${OVPN_CLI} swap_keys tun${p} \
- $((${p} + ID_OFFSET))
+for p in $(seq 1 ${OVPN_NUM_PEERS}); do
+ ip netns exec "${server_ns}" ${OVPN_CLI} new_key tun0 ${p} 2 1 \
+ ${OVPN_ALG} 0 data64.key
+ ip netns exec "ovpn_peer${p}" ${OVPN_CLI} new_key tun${p} \
+ $((${p} + OVPN_ID_OFFSET)) 2 1 ${OVPN_ALG} 1 data64.key
+ ip netns exec "ovpn_peer${p}" ${OVPN_CLI} swap_keys tun${p} \
+ $((${p} + OVPN_ID_OFFSET))
done
sleep 1
echo "Querying all peers:"
-ip netns exec peer0 ${OVPN_CLI} get_peer tun0
-ip netns exec peer1 ${OVPN_CLI} get_peer tun1
+ip netns exec "${server_ns}" ${OVPN_CLI} get_peer tun0
+ip netns exec ovpn_peer1 ${OVPN_CLI} get_peer tun1
echo "Querying peer 1:"
-ip netns exec peer0 ${OVPN_CLI} get_peer tun0 1
+ip netns exec "${server_ns}" ${OVPN_CLI} get_peer tun0 1
echo "Querying non-existent peer 20:"
-ip netns exec peer0 ${OVPN_CLI} get_peer tun0 20 || true
+ip netns exec "${server_ns}" ${OVPN_CLI} get_peer tun0 20 || true
echo "Deleting peer 1:"
-ip netns exec peer0 ${OVPN_CLI} del_peer tun0 1
-ip netns exec peer1 ${OVPN_CLI} del_peer tun1 $((1 + ID_OFFSET))
+ip netns exec "${server_ns}" ${OVPN_CLI} del_peer tun0 1
+ip netns exec ovpn_peer1 ${OVPN_CLI} del_peer tun1 $((1 + OVPN_ID_OFFSET))
echo "Querying keys:"
-for p in $(seq 2 ${NUM_PEERS}); do
- ip netns exec peer${p} ${OVPN_CLI} get_key tun${p} \
- $((${p} + ID_OFFSET)) 1
- ip netns exec peer${p} ${OVPN_CLI} get_key tun${p} \
- $((${p} + ID_OFFSET)) 2
+for p in $(seq 2 ${OVPN_NUM_PEERS}); do
+ ip netns exec "ovpn_peer${p}" ${OVPN_CLI} get_key tun${p} \
+ $((${p} + OVPN_ID_OFFSET)) 1
+ ip netns exec "ovpn_peer${p}" ${OVPN_CLI} get_key tun${p} \
+ $((${p} + OVPN_ID_OFFSET)) 2
done
echo "Deleting peer while sending traffic:"
-(ip netns exec peer2 ping -qf -w 4 5.5.5.1)&
+(ip netns exec ovpn_peer2 ping -qf -w 4 5.5.5.1)&
sleep 2
-ip netns exec peer0 ${OVPN_CLI} del_peer tun0 2
+ip netns exec "${server_ns}" ${OVPN_CLI} del_peer tun0 2
# following command fails in TCP mode
# (both ends get conn reset when one peer disconnects)
-ip netns exec peer2 ${OVPN_CLI} del_peer tun2 $((2 + ID_OFFSET)) || true
+ip netns exec ovpn_peer2 ${OVPN_CLI} del_peer tun2 $((2 + OVPN_ID_OFFSET)) || \
+ true
echo "Deleting keys:"
-for p in $(seq 3 ${NUM_PEERS}); do
- ip netns exec peer${p} ${OVPN_CLI} del_key tun${p} \
- $((${p} + ID_OFFSET)) 1
- ip netns exec peer${p} ${OVPN_CLI} del_key tun${p} \
- $((${p} + ID_OFFSET)) 2
+for p in $(seq 3 ${OVPN_NUM_PEERS}); do
+ ip netns exec "ovpn_peer${p}" ${OVPN_CLI} del_key tun${p} \
+ $((${p} + OVPN_ID_OFFSET)) 1
+ ip netns exec "ovpn_peer${p}" ${OVPN_CLI} del_key tun${p} \
+ $((${p} + OVPN_ID_OFFSET)) 2
done
echo "Setting timeout to 3s MP:"
-for p in $(seq 3 ${NUM_PEERS}); do
- ip netns exec peer0 ${OVPN_CLI} set_peer tun0 ${p} 3 3 || true
- ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} \
- $((${p} + ID_OFFSET)) 0 0
+for p in $(seq 3 ${OVPN_NUM_PEERS}); do
+ ip netns exec "${server_ns}" ${OVPN_CLI} set_peer tun0 ${p} 3 3 || true
+ ip netns exec "ovpn_peer${p}" ${OVPN_CLI} set_peer tun${p} \
+ $((${p} + OVPN_ID_OFFSET)) 0 0
done
# wait for peers to timeout
sleep 5
echo "Setting timeout to 3s P2P:"
-for p in $(seq 3 ${NUM_PEERS}); do
- ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} \
- $((${p} + ID_OFFSET)) 3 3
+for p in $(seq 3 ${OVPN_NUM_PEERS}); do
+ ip netns exec "ovpn_peer${p}" ${OVPN_CLI} set_peer tun${p} \
+ $((${p} + OVPN_ID_OFFSET)) 3 3
done
sleep 5
-for p in $(seq 0 ${NUM_PEERS}); do
- compare_ntfs ${p}
+for p in $(seq 0 ${OVPN_NUM_PEERS}); do
+ ovpn_compare_ntfs ${p}
done
-cleanup
+ovpn_cleanup
modprobe -r ovpn || true
projects / thirdparty / kernel / linux.git / commitdiff
