summaryrefslogtreecommitdiff
path: root/tests/server-tests/white-box
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2017-09-05 18:24:31 -0700
committerelijah <elijah@riseup.net>2017-09-05 18:24:31 -0700
commit6482a4ccb3d72773cc6d00d5fa7933fa83c4cafe (patch)
tree7889f849a75e02d971919f154eb1746ce7e686a3 /tests/server-tests/white-box
parent437f28b2cbfedfc7d119dcf4e228c5626bb8a152 (diff)
Bug: fix vpn network problem caused by vagrant fact
Boolean facts must be escaped with str2bool. This commit includes new tests to catch VPN problems like this in the future.
Diffstat (limited to 'tests/server-tests/white-box')
-rw-r--r--tests/server-tests/white-box/openvpn.rb36
1 files changed, 36 insertions, 0 deletions
diff --git a/tests/server-tests/white-box/openvpn.rb b/tests/server-tests/white-box/openvpn.rb
index 4eed7eb9..adda34a9 100644
--- a/tests/server-tests/white-box/openvpn.rb
+++ b/tests/server-tests/white-box/openvpn.rb
@@ -13,4 +13,40 @@ class OpenVPN < LeapTest
pass
end
+ def test_02_Can_connect_to_openvpn?
+ # because of the way the firewall rules are currently set up, you can only
+ # connect to the standard 1194 openvpn port when you are connecting
+ # from the same host as openvpn is running on.
+ #
+ # so, this is disabled for now:
+ # $node['openvpn']['ports'].each {|port| ...}
+ #
+
+ $node['openvpn']['protocols'].each do |protocol|
+ assert_openvpn_is_bound_to_port($node['openvpn']['gateway_address'], protocol, 1194)
+ end
+ pass
+ end
+
+ private
+
+ #
+ # asserting succeeds if openvpn appears to be correctly bound and we can
+ # connect to it. we don't actually try to establish a vpn connection in this
+ # test, we just check to see that it sort of looks like it is openvpn running
+ # on the port.
+ #
+ def assert_openvpn_is_bound_to_port(ip_address, protocol, port)
+ protocol = protocol.downcase
+ if protocol == 'udp'
+ # this sends a magic string to openvpn to attempt to start the protocol.
+ nc_output = `/bin/echo -e "\\x38\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" | timeout 0.5 nc -u #{ip_address} #{port}`.strip
+ assert !nc_output.empty?, "Could not connect to OpenVPN daemon at #{ip_address} on port #{port} (#{protocol})."
+ elsif protocol == 'tcp'
+ assert system("openssl s_client -connect #{ip_address}:#{port} 2>&1 | grep -q CONNECTED"),
+ "Could not connect to OpenVPN daemon at #{ip_address} on port #{port} (#{protocol})."
+ else
+ assert false, "invalid openvpn protocol #{protocol}"
+ end
+ end
end