diff options
author | elijah <elijah@riseup.net> | 2017-09-05 18:24:31 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2017-09-05 18:24:31 -0700 |
commit | 6482a4ccb3d72773cc6d00d5fa7933fa83c4cafe (patch) | |
tree | 7889f849a75e02d971919f154eb1746ce7e686a3 /tests/server-tests/white-box | |
parent | 437f28b2cbfedfc7d119dcf4e228c5626bb8a152 (diff) |
Bug: fix vpn network problem caused by vagrant fact
Boolean facts must be escaped with str2bool. This commit includes
new tests to catch VPN problems like this in the future.
Diffstat (limited to 'tests/server-tests/white-box')
-rw-r--r-- | tests/server-tests/white-box/openvpn.rb | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/tests/server-tests/white-box/openvpn.rb b/tests/server-tests/white-box/openvpn.rb index 4eed7eb9..adda34a9 100644 --- a/tests/server-tests/white-box/openvpn.rb +++ b/tests/server-tests/white-box/openvpn.rb @@ -13,4 +13,40 @@ class OpenVPN < LeapTest pass end + def test_02_Can_connect_to_openvpn? + # because of the way the firewall rules are currently set up, you can only + # connect to the standard 1194 openvpn port when you are connecting + # from the same host as openvpn is running on. + # + # so, this is disabled for now: + # $node['openvpn']['ports'].each {|port| ...} + # + + $node['openvpn']['protocols'].each do |protocol| + assert_openvpn_is_bound_to_port($node['openvpn']['gateway_address'], protocol, 1194) + end + pass + end + + private + + # + # asserting succeeds if openvpn appears to be correctly bound and we can + # connect to it. we don't actually try to establish a vpn connection in this + # test, we just check to see that it sort of looks like it is openvpn running + # on the port. + # + def assert_openvpn_is_bound_to_port(ip_address, protocol, port) + protocol = protocol.downcase + if protocol == 'udp' + # this sends a magic string to openvpn to attempt to start the protocol. + nc_output = `/bin/echo -e "\\x38\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" | timeout 0.5 nc -u #{ip_address} #{port}`.strip + assert !nc_output.empty?, "Could not connect to OpenVPN daemon at #{ip_address} on port #{port} (#{protocol})." + elsif protocol == 'tcp' + assert system("openssl s_client -connect #{ip_address}:#{port} 2>&1 | grep -q CONNECTED"), + "Could not connect to OpenVPN daemon at #{ip_address} on port #{port} (#{protocol})." + else + assert false, "invalid openvpn protocol #{protocol}" + end + end end |