test: Drop dependence on --net=host
* This is really hard to work on other things while running this test when the host networking stack is being manipulated, primarily the default route. * Propagate DEBUG flag deeper where possible.
This commit is contained in:
parent
dc81347dd1
commit
192ce97375
|
@ -36,17 +36,30 @@ docker run -v $OVPN_DATA:/etc/openvpn --rm $IMG ovpn_listclients | grep $CLIENT_
|
|||
#
|
||||
|
||||
# Run in shell bg to get logs, setup trap to clean-up
|
||||
trap "{ jobs -p | xargs -r kill; wait; }" EXIT
|
||||
docker run --name "ovpn-test-udp" -v $OVPN_DATA:/etc/openvpn --rm -p 1194:1194/udp --cap-add=NET_ADMIN $IMG &
|
||||
docker run --name "ovpn-test-tcp" -v $OVPN_DATA:/etc/openvpn --rm -p 443:1194/tcp --cap-add=NET_ADMIN $IMG ovpn_run --proto tcp &
|
||||
trap "{ jobs -p | xargs -r kill; wait; docker volume rm ${OVPN_DATA}; }" EXIT
|
||||
docker run --name "ovpn-test-udp" -v $OVPN_DATA:/etc/openvpn --rm --cap-add=NET_ADMIN -e DEBUG $IMG &
|
||||
docker run --name "ovpn-test-tcp" -v $OVPN_DATA:/etc/openvpn --rm --cap-add=NET_ADMIN -e DEBUG $IMG ovpn_run --proto tcp --port 443 &
|
||||
|
||||
# Update configs
|
||||
for i in $(seq 10); do
|
||||
SERV_IP_INTERNAL=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' "ovpn-test-udp" 2>/dev/null || true)
|
||||
test -n "$SERV_IP_INTERNAL" && break
|
||||
sleep 0.1
|
||||
done
|
||||
sed -i -e s:$SERV_IP:$SERV_IP_INTERNAL:g $CLIENT_DIR/config.ovpn
|
||||
|
||||
for i in $(seq 10); do
|
||||
SERV_IP_INTERNAL=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' "ovpn-test-tcp" 2>/dev/null || true)
|
||||
test -n "$SERV_IP_INTERNAL" && break
|
||||
sleep 0.1
|
||||
done
|
||||
sed -i -e s:$SERV_IP:$SERV_IP_INTERNAL:g $CLIENT_DIR/config-tcp.ovpn
|
||||
|
||||
#
|
||||
# Fire up a clients in a containers since openvpn is disallowed by Travis-CI, don't NAT
|
||||
# the host as it confuses itself:
|
||||
# "Incoming packet rejected from [AF_INET]172.17.42.1:1194[2], expected peer address: [AF_INET]10.240.118.86:1194"
|
||||
# Fire up a clients in a containers since openvpn is disallowed by Travis-CI
|
||||
#
|
||||
docker run --rm --net=host --cap-add=NET_ADMIN --volume $CLIENT_DIR:/client $IMG /client/wait-for-connect.sh
|
||||
docker run --rm --net=host --cap-add=NET_ADMIN --volume $CLIENT_DIR:/client $IMG /client/wait-for-connect.sh "/client/config-tcp.ovpn"
|
||||
docker run --rm --cap-add=NET_ADMIN -v $CLIENT_DIR:/client -e DEBUG $IMG /client/wait-for-connect.sh
|
||||
docker run --rm --cap-add=NET_ADMIN -v $CLIENT_DIR:/client -e DEBUG $IMG /client/wait-for-connect.sh "/client/config-tcp.ovpn"
|
||||
|
||||
#
|
||||
# Celebrate
|
||||
|
|
|
@ -53,14 +53,15 @@ trap "{ jobs -p | xargs -r kill; wait; }" EXIT
|
|||
docker run --name "ovpn-test" -v $OVPN_DATA:/etc/openvpn --rm --cap-add=NET_ADMIN $IMG &
|
||||
|
||||
for i in $(seq 10); do
|
||||
SERV_IP_INTERNAL=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}')
|
||||
SERV_IP_INTERNAL=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' "ovpn-test" 2>/dev/null || true)
|
||||
test -n "$SERV_IP_INTERNAL" && break
|
||||
sleep 0.1
|
||||
done
|
||||
sed -ie s:$SERV_IP:$SERV_IP:g $CLIENT_DIR/config.ovpn
|
||||
sed -i -e s:$SERV_IP:$SERV_IP_INTERNAL:g $CLIENT_DIR/config.ovpn
|
||||
|
||||
#
|
||||
# Fire up a client in a container since openvpn is disallowed by Travis-CI
|
||||
docker run --rm --net=host --cap-add=NET_ADMIN --volume $CLIENT_DIR:/client $IMG /client/wait-for-connect.sh
|
||||
docker run --rm --cap-add=NET_ADMIN --volume $CLIENT_DIR:/client -e DEBUG $IMG /client/wait-for-connect.sh
|
||||
|
||||
#
|
||||
# Celebrate
|
||||
|
|
|
@ -29,7 +29,7 @@ function finish {
|
|||
trap finish EXIT
|
||||
|
||||
# Put the server in the background
|
||||
docker run -d -v $OVPN_DATA:/etc/openvpn --cap-add=NET_ADMIN -p 1194:1194/udp --name $NAME $IMG
|
||||
docker run -d -v $OVPN_DATA:/etc/openvpn --cap-add=NET_ADMIN --name $NAME $IMG
|
||||
|
||||
#
|
||||
# Test that easy_rsa generate CRLs with 'next publish' set to 3650 days.
|
||||
|
@ -51,10 +51,18 @@ docker exec -it $NAME easyrsa build-client-full $CLIENT1 nopass
|
|||
docker exec -it $NAME ovpn_getclient $CLIENT1 > $CLIENT_DIR/config.ovpn
|
||||
docker exec -it $NAME bash -c "echo 'yes' | ovpn_revokeclient $CLIENT1"
|
||||
|
||||
# Determine IP address of container running daemon and update config
|
||||
for i in $(seq 10); do
|
||||
SERV_IP_INTERNAL=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' "$NAME" 2>/dev/null || true)
|
||||
test -n "$SERV_IP_INTERNAL" && break
|
||||
sleep 0.1
|
||||
done
|
||||
sed -i -e s:$SERV_IP:$SERV_IP_INTERNAL:g $CLIENT_DIR/config.ovpn
|
||||
|
||||
#
|
||||
# Test that openvpn client can't connect using $CLIENT1 config.
|
||||
#
|
||||
if docker run --rm -v $CLIENT_DIR:/client --cap-add=NET_ADMIN --cap-add=NET_ADMIN --net=host $IMG /client/wait-for-connect.sh; then
|
||||
if docker run --rm -v $CLIENT_DIR:/client --cap-add=NET_ADMIN -e DEBUG $IMG /client/wait-for-connect.sh; then
|
||||
echo "Client was able to connect after revocation test #1." >&2
|
||||
exit 2
|
||||
fi
|
||||
|
@ -66,7 +74,14 @@ docker exec -it $NAME easyrsa build-client-full $CLIENT2 nopass
|
|||
docker exec -it $NAME ovpn_getclient $CLIENT2 > $CLIENT_DIR/config.ovpn
|
||||
docker exec -it $NAME bash -c "echo 'yes' | ovpn_revokeclient $CLIENT2"
|
||||
|
||||
if docker run --rm -v $CLIENT_DIR:/client --cap-add=NET_ADMIN --cap-add=NET_ADMIN --net=host $IMG /client/wait-for-connect.sh; then
|
||||
# Determine IP address of container running daemon and update config
|
||||
for i in $(seq 10); do
|
||||
SERV_IP_INTERNAL=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' "$NAME" 2>/dev/null || true)
|
||||
test -n "$SERV_IP_INTERNAL" && break
|
||||
sleep 0.1
|
||||
done
|
||||
|
||||
if docker run --rm -v $CLIENT_DIR:/client --cap-add=NET_ADMIN -e DEBUG $IMG /client/wait-for-connect.sh; then
|
||||
echo "Client was able to connect after revocation test #2." >&2
|
||||
exit 2
|
||||
fi
|
||||
|
@ -79,7 +94,7 @@ docker stop $NAME && docker start $NAME
|
|||
#
|
||||
# Test for failed connection using $CLIENT2 config again.
|
||||
#
|
||||
if docker run --rm -v $CLIENT_DIR:/client --cap-add=NET_ADMIN --cap-add=NET_ADMIN --net=host $IMG /client/wait-for-connect.sh; then
|
||||
if docker run --rm -v $CLIENT_DIR:/client --cap-add=NET_ADMIN -e DEBUG $IMG /client/wait-for-connect.sh; then
|
||||
echo "Client was able to connect after revocation test #3." >&2
|
||||
exit 2
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue