mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 08:46:58 +08:00
b3fe0d85c2
By default, anyconnect clients will drop all traffic of a given IP version if there is no IP address in that version assigned to the client. The client-bypass-protocol option, if enabled, will send an extra header to the clients telling anyconnect client to bypass VPN tunnel if there is no IP assigned. No impact for openconnect clients, this header will simply be ignored. Signed-off-by: Florian Domain <f.domain@criteo.com>
87 lines
2.4 KiB
Bash
Executable File
87 lines
2.4 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Copyright (C) 2021 Florian Domain
|
|
#
|
|
# This file is part of ocserv.
|
|
#
|
|
# ocserv is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by the
|
|
# Free Software Foundation; either version 2 of the License, or (at
|
|
# your option) any later version.
|
|
#
|
|
# ocserv is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with GnuTLS; if not, write to the Free Software Foundation,
|
|
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
SERV="${SERV:-../src/ocserv}"
|
|
srcdir=${srcdir:-.}
|
|
TMPFILE=$(mktemp)
|
|
|
|
. `dirname $0`/common.sh
|
|
|
|
eval "${GETPORT}"
|
|
|
|
echo "Testing client-bypass-protocol"
|
|
|
|
function finish {
|
|
set +e
|
|
echo " * Cleaning up..."
|
|
test -n "${CONFIG}" && rm -f ${CONFIG} >/dev/null 2>&1
|
|
rm -f $TMPFILE 2>&1
|
|
cleanup
|
|
}
|
|
trap finish EXIT
|
|
|
|
update_config test-client-bypass-protocol.config
|
|
launch_simple_server -d 1 -f -c ${CONFIG}
|
|
PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting... "
|
|
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE} 2>&1
|
|
|
|
echo ok
|
|
|
|
echo -n "Checking client-bypass-protocol is set to false by default... "
|
|
|
|
cat ${TMPFILE}|grep 'X-CSTP-Client-Bypass-Protocol'|grep 'false' >/dev/null
|
|
if test $? != 0;then
|
|
cat ${TMPFILE}|grep 'X-CSTP-Client-Bypass-Protocol'
|
|
echo "Temporary file contents are not correct"
|
|
exit 1
|
|
fi
|
|
|
|
echo ok
|
|
|
|
kill $PID
|
|
sleep 5
|
|
|
|
echo "Enabling client-bypass-protocol in config... "
|
|
echo 'client-bypass-protocol = true' >> ${CONFIG}
|
|
launch_simple_server -d 1 -f -c ${CONFIG}
|
|
PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Reconnecting..."
|
|
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE} 2>&1
|
|
|
|
echo ok
|
|
|
|
echo -n "Checking client-bypass-protocol is now set to true..."
|
|
|
|
cat ${TMPFILE}|grep 'X-CSTP-Client-Bypass-Protocol'|grep 'true' >/dev/null
|
|
if test $? != 0;then
|
|
cat ${TMPFILE}|grep 'X-CSTP-Client-Bypass-Protocol'
|
|
echo "Temporary file contents are not correct"
|
|
exit 1
|
|
fi
|
|
|
|
echo ok
|
|
|
|
exit 0
|