mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 16:57:00 +08:00
17ed47488d
This option supports different listen addresses for tcp and udp such as haproxy for tcp, but support dtls at the same time (haproxy does not support UDP at the moment)
168 lines
4.1 KiB
Bash
Executable File
168 lines
4.1 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Copyright (C) 2018 Nikos Mavrogiannopoulos
|
|
#
|
|
# This file is part of ocserv.
|
|
#
|
|
# ocserv is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by the
|
|
# Free Software Foundation; either version 2 of the License, or (at
|
|
# your option) any later version.
|
|
#
|
|
# ocserv is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
# This tests operation/traffic under compression (lzs or lz4).
|
|
|
|
OCCTL="${OCCTL:-../src/occtl/occtl}"
|
|
SERV="${SERV:-../src/ocserv}"
|
|
srcdir=${srcdir:-.}
|
|
PORT=4569
|
|
PIDFILE=ocserv-pid.$$.tmp
|
|
CLIPID=oc-pid.$$.tmp
|
|
PATH=${PATH}:/usr/sbin
|
|
IP=$(which ip)
|
|
OUTFILE=traffic.$$.tmp
|
|
RADIUSLOG=log.$$.tmp
|
|
RADIUSD=$(which radiusd)
|
|
|
|
if test -z "${RADIUSD}";then
|
|
RADIUSD=$(which freeradius)
|
|
fi
|
|
|
|
. `dirname $0`/common.sh
|
|
|
|
if test -z "${IP}";then
|
|
echo "no IP tool is present"
|
|
exit 77
|
|
fi
|
|
|
|
if test -z "${RADIUSD}";then
|
|
echo "no radiusd is present"
|
|
exit 77
|
|
fi
|
|
|
|
if test "$(id -u)" != "0";then
|
|
echo "This test must be run as root"
|
|
exit 77
|
|
fi
|
|
|
|
echo "Testing ocserv with radius (user config)... "
|
|
|
|
function finish {
|
|
set +e
|
|
echo " * Cleaning up..."
|
|
test -n "${PID}" && kill ${PID} >/dev/null 2>&1
|
|
test -n "${RADIUSPID}" && kill ${RADIUSPID} >/dev/null 2>&1
|
|
test -n "${PIDFILE}" && rm -f ${PIDFILE} >/dev/null 2>&1
|
|
test -n "${CLIPID}" && kill $(cat ${CLIPID}) >/dev/null 2>&1
|
|
test -n "${CLIPID}" && rm -f ${CLIPID} >/dev/null 2>&1
|
|
test -n "${CONFIG}" && rm -f ${CONFIG} >/dev/null 2>&1
|
|
test -n "${RADIUSLOG}" && rm -f ${RADIUSLOG} >/dev/null 2>&1
|
|
rm -f ${OUTFILE} 2>&1
|
|
}
|
|
trap finish EXIT
|
|
|
|
# server address
|
|
ADDRESS=10.102.246.1
|
|
CLI_ADDRESS=10.102.247.1
|
|
|
|
# These addresses must match the radius sent ranges
|
|
VPNNET=192.168.66.0/24
|
|
VPNADDR=192.168.66.1
|
|
CLIVPNADDR=192.168.66.192
|
|
VPNNET6=fd91:6d14:7241:dc6a::/112
|
|
VPNADDR6=fd91:6d14:7241:dc6a::1
|
|
OCCTL_SOCKET=./occtl-radius-$$.socket
|
|
|
|
. `dirname $0`/ns.sh
|
|
|
|
${CMDNS2} ${IP} link set dev lo up
|
|
|
|
# Run servers
|
|
${CMDNS2} ${RADIUSD} -d ${srcdir}/data/raddb/ -s -x -l ${RADIUSLOG} &
|
|
RADIUSPID=$!
|
|
|
|
update_config radius.config
|
|
if test "$VERBOSE" = 1;then
|
|
DEBUG="-d 3"
|
|
fi
|
|
|
|
${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
|
|
|
sleep 4
|
|
|
|
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
|
USERNAME=testtime
|
|
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
fi
|
|
|
|
sleep 3
|
|
|
|
# check whether the interface has the expected address
|
|
${CMDNS1} ${IP} addr show|grep ${CLIVPNADDR}
|
|
if test $? != 0;then
|
|
${CMDNS1} ${IP} addr show
|
|
echo "Did not find expected IP in device"
|
|
exit 1
|
|
fi
|
|
|
|
${CMDNS1} ping -w 5 ${VPNADDR}
|
|
if test $? != 0;then
|
|
echo "Could not ping server IP"
|
|
exit 1
|
|
fi
|
|
|
|
${CMDNS2} ping -w 3 ${CLIVPNADDR}
|
|
if test $? != 0;then
|
|
echo "Could not ping client IP"
|
|
exit 1
|
|
fi
|
|
|
|
#check whether the routes have been applied
|
|
MATCH='192.168.67.0/255.255.255.0'
|
|
${OCCTL} -s ${OCCTL_SOCKET} show user $USERNAME >${OUTFILE} 2>&1
|
|
grep "$MATCH" ${OUTFILE}
|
|
if test $? != 0;then
|
|
echo "could not find user information"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Waiting for accounting report"
|
|
|
|
sleep 28
|
|
|
|
OCTETS=$(cat ${RADIUSLOG}|grep Acct-Input-Octets|tail -1|sed 's/Acct-Input-Octets = //g')
|
|
if test -z "$OCTETS" || test "$OCTETS" = 0;then
|
|
cat ${RADIUSLOG}|grep Acct-Input-Octets
|
|
echo "Interim update showed no data!"
|
|
exit 1
|
|
fi
|
|
echo "Transferred ${OCTETS} bytes"
|
|
|
|
echo "Waiting for disconnection report"
|
|
sleep 60
|
|
|
|
DISC=$(cat ${RADIUSLOG}|grep "Acct-Status-Type = Start"|tail -1)
|
|
if test -z "$DISC";then
|
|
echo "No connect status was detected!"
|
|
exit 1
|
|
fi
|
|
|
|
DISC=$(cat ${RADIUSLOG}|grep "Acct-Terminate-Cause = Session-Timeout"|tail -1)
|
|
if test -z "$DISC";then
|
|
echo "No disconnect was detected!"
|
|
exit 1
|
|
fi
|
|
|
|
exit 0
|