Page MenuHomeFreeBSD

if_ovpn: basic test case
ClosedPublic

Authored by kp on Apr 26 2022, 3:53 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Dec 14, 10:16 PM
Unknown Object (File)
Nov 23 2024, 9:48 PM
Unknown Object (File)
Nov 23 2024, 1:25 AM
Unknown Object (File)
Nov 21 2024, 12:24 PM
Unknown Object (File)
Nov 20 2024, 11:21 AM
Unknown Object (File)
Nov 19 2024, 12:00 PM
Unknown Object (File)
Nov 15 2024, 3:53 PM
Unknown Object (File)
Nov 8 2024, 12:04 AM

Details

Reviewers
None
Group Reviewers
network
pfsense
Commits
rG067acae2f3a4: if_ovpn tests: basic test case
Summary

Set up an OpenVPN tunnel between two jails, send traffic through them to
confirm basic function.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp requested review of this revision.Apr 26 2022, 3:53 PM
olivier added inline comments.
tests/sys/net/if_ovpn/client.crt
10

Shouldn't we use a very long validity period here ?

tests/sys/net/if_ovpn/if_ovpn.sh
35

Do we need a specific minimum version of openvpn, or with specific build option set ?

tests/sys/net/if_ovpn/server.crt
10

Same remark about the short validity date here.

tests/sys/net/if_ovpn/if_ovpn.sh
35

We do, in ovpn_init.

We can't run anything in a test head, so we have to do those checks in the test body. Much like we do for pf, where we check if the module is loaded.

Improve logging

ensure we print log output from all openvpn instances, prefixed with the jail name.

Can we include the command(s) used to generate the certs somewhere, maybe a comment in the test?

Can we include the command(s) used to generate the certs somewhere, maybe a comment in the test?

They're pretty standard certs, generated by openssl, but I did create a CA config file. It's a bit much for a comment. Not to mention that I've already forgotten how I've done it.

I initially started with the certs from openvpn's samples, but switched to these because the openvpn certs expire in two years.

This revision was not accepted when it landed; it landed in state Needs Review.Jun 28 2022, 12:00 PM
This revision was automatically updated to reflect the committed changes.