summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xbin/run_tests10
-rw-r--r--provider_base/provider.json10
-rw-r--r--provider_base/services/openvpn.json2
-rw-r--r--puppet/modules/site_openvpn/manifests/server_config.pp16
-rw-r--r--tests/white-box/network.rb5
5 files changed, 31 insertions, 12 deletions
diff --git a/bin/run_tests b/bin/run_tests
index 9102c325..526aa83a 100755
--- a/bin/run_tests
+++ b/bin/run_tests
@@ -288,6 +288,16 @@ def assert_running(process)
end
#
+# runs the specified command, failing on a non-zero exit status.
+#
+def assert_run(command)
+ output = `#{command}`
+ if $?.exitstatus != 0
+ fail "Error running `#{command}`:\n#{output}"
+ end
+end
+
+#
# Custom test runner in order to modify the output.
#
class LeapRunner < MiniTest::Unit
diff --git a/provider_base/provider.json b/provider_base/provider.json
index fa69318b..aa7d0513 100644
--- a/provider_base/provider.json
+++ b/provider_base/provider.json
@@ -15,12 +15,12 @@
"default_language": "en",
"enrollment_policy": "open",
"service": {
- "levels": [
+ "levels": {
// bandwidth limit is in Bytes, storage limit is in MB.
- {"id": 1, "name": "free", "storage":50},
- {"id": 2, "name": "basic", "storage":1000, "rate": ["US$10", "€10"]},
- {"id": 3, "name": "pro", "storage":10000, "rate": ["US$20", "€20"]}
- ],
+ "1": {"name": "free", "storage":50},
+ "2": {"name": "basic", "storage":1000, "rate": ["tba"]},
+ "3": {"name": "pro", "storage":10000, "rate": ["tba"]}
+ },
"default_service_level": 1,
"bandwidth_limit": 102400,
"allow_free": "= provider.service.levels.select {|l| l['rate'].nil?}.any?",
diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json
index 3776aedb..090afcd6 100644
--- a/provider_base/services/openvpn.json
+++ b/provider_base/services/openvpn.json
@@ -20,7 +20,7 @@
"unlimited_prefix": "= provider.ca.client_certificates.unlimited_prefix",
"rate_limit": "= openvpn.allow_limited ? provider.service.bandwidth_limit : nil",
"configuration": {
- "tls-cipher": "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+ "tls-cipher": "DHE-RSA-AES128-SHA",
"auth": "SHA1",
"cipher": "AES-128-CBC",
"keepalive": "10 30",
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index cbc5f68e..97cf2842 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -78,6 +78,15 @@ define site_openvpn::server_config(
}
}
+ # according to openvpn man page: tcp-nodelay is a "generally a good latency optimization".
+ if $proto == 'tcp' {
+ openvpn::option {
+ "tcp-nodelay ${openvpn_configname}":
+ key => 'tcp-nodelay',
+ server => $openvpn_configname;
+ }
+ }
+
openvpn::option {
"ca ${openvpn_configname}":
key => 'ca',
@@ -154,7 +163,7 @@ define site_openvpn::server_config(
server => $openvpn_configname;
"script-security ${openvpn_configname}":
key => 'script-security',
- value => '2',
+ value => '1',
server => $openvpn_configname;
"server ${openvpn_configname}":
key => 'server',
@@ -176,11 +185,6 @@ define site_openvpn::server_config(
key => 'topology',
value => 'subnet',
server => $openvpn_configname;
- # no need for server-up.sh right now
- #"up $openvpn_configname":
- # key => 'up',
- # value => '/etc/openvpn/server-up.sh',
- # server => $openvpn_configname;
"verb ${openvpn_configname}":
key => 'verb',
value => '3',
diff --git a/tests/white-box/network.rb b/tests/white-box/network.rb
index 955857dc..e0b0339d 100644
--- a/tests/white-box/network.rb
+++ b/tests/white-box/network.rb
@@ -57,4 +57,9 @@ class Network < LeapTest
end
end
+ def test_03_Is_shorewall_running?
+ assert_run('/sbin/shorewall status')
+ pass
+ end
+
end