algo/tests/ipsec-client.sh

#!/usr/bin/env bash

set -euxo pipefail

xmllint --noout ./configs/10.0.8.100/ipsec/apple/user1.mobileconfig

CA_CONSTRAINTS="$(openssl verify -verbose \
  -CAfile ./configs/10.0.8.100/ipsec/.pki/cacert.pem \
  ./configs/10.0.8.100/ipsec/.pki/certs/google-algo-test-pair.com.crt 2>&1)" || true

echo "$CA_CONSTRAINTS" | grep "permitted subtree violation" >/dev/null && \
  echo "Name Constraints test passed" || \
  (echo "Name Constraints test failed" && exit 1)

echo "$CA_CONSTRAINTS"

ansible-playbook deploy_client.yml \
  -e client_ip=localhost \
  -e vpn_user=desktop \
  -e server_ip=10.0.8.100 \
  -e rightsubnet='172.16.0.1/32'

ipsec up algovpn-10.0.8.100

ipsec statusall

ipsec statusall | grep -w ^algovpn-10.0.8.100 | grep -w ESTABLISHED

fping -t 900 -c3 -r3 -Dse 10.0.8.100 172.16.0.1

host google.com 172.16.0.1

echo "IPsec tests passed"

ipsec down algovpn-10.0.8.100
Refactoring, Linting and additional tests (#1397) * Refactoring, Linting and additional tests * Vultr: Undefined variable and deprecation notes fix * Travis-CI enable linters * Azure: Update python requirements * Update main.yml * Update install.sh * Add missing roles to ansible-lint * Linting for skipped roles * add .ansible-lint config 2019-04-26 15:48:28 +00:00			`#!/usr/bin/env bash`

			`set -euxo pipefail`

			`xmllint --noout ./configs/10.0.8.100/ipsec/apple/user1.mobileconfig`

Ca certificate name constraints (#1675) * X.509 Name Constraints * nameConstraints to a random generated uuid * Second level domain * nameConstraints fixes * critical in nameConstraints lost after last refactoring 2020-01-25 13:08:55 +00:00			`CA_CONSTRAINTS="$(openssl verify -verbose \`
			`-CAfile ./configs/10.0.8.100/ipsec/.pki/cacert.pem \`
			`./configs/10.0.8.100/ipsec/.pki/certs/google-algo-test-pair.com.crt 2>&1)" \|\| true`

			`echo "$CA_CONSTRAINTS" \| grep "permitted subtree violation" >/dev/null && \`
			`echo "Name Constraints test passed" \|\| \`
			`(echo "Name Constraints test failed" && exit 1)`

			`echo "$CA_CONSTRAINTS"`

Refactoring, Linting and additional tests (#1397) * Refactoring, Linting and additional tests * Vultr: Undefined variable and deprecation notes fix * Travis-CI enable linters * Azure: Update python requirements * Update main.yml * Update install.sh * Add missing roles to ansible-lint * Linting for skipped roles * add .ansible-lint config 2019-04-26 15:48:28 +00:00			`ansible-playbook deploy_client.yml \`
			`-e client_ip=localhost \`
			`-e vpn_user=desktop \`
			`-e server_ip=10.0.8.100 \`
			`-e rightsubnet='172.16.0.1/32'`

			`ipsec up algovpn-10.0.8.100`

			`ipsec statusall`

			`ipsec statusall \| grep -w ^algovpn-10.0.8.100 \| grep -w ESTABLISHED`

			`fping -t 900 -c3 -r3 -Dse 10.0.8.100 172.16.0.1`

			`host google.com 172.16.0.1`

			`echo "IPsec tests passed"`
Randomly generated IP address for the local dns resolver (#1429) * generate service IPs dynamically * update cloud-init tests * exclude ipsec and wireguard ranges from the random service ip * Update docs * @davidemyers: update wireguard docs for linux * Move to netaddr filter * AllowedIPs fix * WireGuard IPs fix 2019-05-17 12:49:29 +00:00
			`ipsec down algovpn-10.0.8.100`