- print outfile instead of new command; this will help debug when an
issue occurs, to know what was the original output
- also add some time between tests to avoid race; this was failing on
"could not find group information"
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(PSK)-(AES-256-GCM).
inet 192.168.93.190/32 scope global tun0
PING 192.168.93.1 (192.168.93.1) 56(84) bytes of data.
64 bytes from 192.168.93.1: icmp_seq=1 ttl=64 time=0.217 ms
64 bytes from 192.168.93.1: icmp_seq=2 ttl=64 time=0.246 ms
64 bytes from 192.168.93.1: icmp_seq=3 ttl=64 time=0.235 ms
--- 192.168.93.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2052ms
rtt min/avg/max/mdev = 0.217/0.232/0.246/0.011 ms
could not find group information
Signed-off-by: William Dauchy <w.dauchy@criteo.com>
while using udp, we later open a file descriptor for the worker. With a
listen netns config, I overlooked this case which oblige me to move the
struct containing the file descriptor in the main one. Then I can access
them from each worker to make it possible to open the socket in the
correct netns. I also need to keep the netns fd open during the whole
life of the process.
the issue was not visible on a tcp-only case, but while using udp you
can see logs such as:
main[user]: x.x.x.x:54024 bind UDP to 0.0.0.0:443: Cannot assign requested address
worker[user]: x.x.x.x setting up DTLS-PSK connection
main[user]: x.x.x.x:54024 bind UDP to 0.0.0.0:443: Cannot assign requested address
update tests to reflects that:
- instead of creating our own netns, use the one created in common.sh
- we start server in ns1, but listen in ns2, and test client from ns3
(we don't want to listen in ns1 to test listen-ns)
Signed-off-by: William Dauchy <w.dauchy@criteo.com>
This ignores any items following the first group class attribute.
Resolves: #332
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Stop accepting new TCP connections when the server is at maximum active connection capacity & add support for gracefully stopping the server.
Closes#345
See merge request openconnect/ocserv!212
Add support for gracefully stopping the server.
Add primer on using ocserv with L3 load balancer.
Resolves: #345
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Now all tests configs are being auto-generated, so this variable
will be replaced.
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
It is possible to specify multiple domains in X-CSTP-Default-Domain for
openconnect clients; make sure that this is documented.
Resolves: #328
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This disables all the tests that use LD_PRELOAD, and thus limits
the test suite on the tests that are run as root.
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
The previously used HOSTNAME variable is being overriden by bash and
thus was not a reliable one. We switch to setting REMOTE_HOSTNAME,
but keep the HOSTNAME for compatibility.
This also changes 'test-pass-script' to check for the new variable.
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
