Page MenuHomeFreeBSD

if_ovpn: basic test case
ClosedPublic

Authored by kp on Apr 26 2022, 3:53 PM.

Details

Reviewers
None
Group Reviewers
network
pfsense
Commits
rG067acae2f3a4: if_ovpn tests: basic test case
Summary

Set up an OpenVPN tunnel between two jails, send traffic through them to
confirm basic function.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

kp requested review of this revision.Apr 26 2022, 3:53 PM
olivier added inline comments.
tests/sys/net/if_ovpn/client.crt
9

Shouldn't we use a very long validity period here ?

tests/sys/net/if_ovpn/if_ovpn.sh
34

Do we need a specific minimum version of openvpn, or with specific build option set ?

tests/sys/net/if_ovpn/server.crt
9

Same remark about the short validity date here.

tests/sys/net/if_ovpn/if_ovpn.sh
34

We do, in ovpn_init.

We can't run anything in a test head, so we have to do those checks in the test body. Much like we do for pf, where we check if the module is loaded.

Improve logging

ensure we print log output from all openvpn instances, prefixed with the jail name.

Can we include the command(s) used to generate the certs somewhere, maybe a comment in the test?

Can we include the command(s) used to generate the certs somewhere, maybe a comment in the test?

They're pretty standard certs, generated by openssl, but I did create a CA config file. It's a bit much for a comment. Not to mention that I've already forgotten how I've done it.

I initially started with the certs from openvpn's samples, but switched to these because the openvpn certs expire in two years.

This revision was not accepted when it landed; it landed in state Needs Review.Jun 28 2022, 12:00 PM
This revision was automatically updated to reflect the committed changes.