diff options
| -rwxr-xr-x | bin/run_tests | 10 | ||||
| -rw-r--r-- | provider_base/provider.json | 10 | ||||
| -rw-r--r-- | provider_base/services/openvpn.json | 2 | ||||
| -rw-r--r-- | puppet/modules/site_openvpn/manifests/server_config.pp | 16 | ||||
| -rw-r--r-- | tests/white-box/network.rb | 5 |
5 files changed, 31 insertions, 12 deletions
diff --git a/bin/run_tests b/bin/run_tests index 9102c325..526aa83a 100755 --- a/bin/run_tests +++ b/bin/run_tests @@ -288,6 +288,16 @@ def assert_running(process) end # +# runs the specified command, failing on a non-zero exit status. +# +def assert_run(command) + output = `#{command}` + if $?.exitstatus != 0 + fail "Error running `#{command}`:\n#{output}" + end +end + +# # Custom test runner in order to modify the output. # class LeapRunner < MiniTest::Unit diff --git a/provider_base/provider.json b/provider_base/provider.json index fa69318b..aa7d0513 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -15,12 +15,12 @@ "default_language": "en", "enrollment_policy": "open", "service": { - "levels": [ + "levels": { // bandwidth limit is in Bytes, storage limit is in MB. - {"id": 1, "name": "free", "storage":50}, - {"id": 2, "name": "basic", "storage":1000, "rate": ["US$10", "€10"]}, - {"id": 3, "name": "pro", "storage":10000, "rate": ["US$20", "€20"]} - ], + "1": {"name": "free", "storage":50}, + "2": {"name": "basic", "storage":1000, "rate": ["tba"]}, + "3": {"name": "pro", "storage":10000, "rate": ["tba"]} + }, "default_service_level": 1, "bandwidth_limit": 102400, "allow_free": "= provider.service.levels.select {|l| l['rate'].nil?}.any?", diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 3776aedb..090afcd6 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -20,7 +20,7 @@ "unlimited_prefix": "= provider.ca.client_certificates.unlimited_prefix", "rate_limit": "= openvpn.allow_limited ? provider.service.bandwidth_limit : nil", "configuration": { - "tls-cipher": "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "tls-cipher": "DHE-RSA-AES128-SHA", "auth": "SHA1", "cipher": "AES-128-CBC", "keepalive": "10 30", diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index cbc5f68e..97cf2842 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -78,6 +78,15 @@ define site_openvpn::server_config( } } + # according to openvpn man page: tcp-nodelay is a "generally a good latency optimization". + if $proto == 'tcp' { + openvpn::option { + "tcp-nodelay ${openvpn_configname}": + key => 'tcp-nodelay', + server => $openvpn_configname; + } + } + openvpn::option { "ca ${openvpn_configname}": key => 'ca', @@ -154,7 +163,7 @@ define site_openvpn::server_config( server => $openvpn_configname; "script-security ${openvpn_configname}": key => 'script-security', - value => '2', + value => '1', server => $openvpn_configname; "server ${openvpn_configname}": key => 'server', @@ -176,11 +185,6 @@ define site_openvpn::server_config( key => 'topology', value => 'subnet', server => $openvpn_configname; - # no need for server-up.sh right now - #"up $openvpn_configname": - # key => 'up', - # value => '/etc/openvpn/server-up.sh', - # server => $openvpn_configname; "verb ${openvpn_configname}": key => 'verb', value => '3', diff --git a/tests/white-box/network.rb b/tests/white-box/network.rb index 955857dc..e0b0339d 100644 --- a/tests/white-box/network.rb +++ b/tests/white-box/network.rb @@ -57,4 +57,9 @@ class Network < LeapTest end end + def test_03_Is_shorewall_running? + assert_run('/sbin/shorewall status') + pass + end + end |