def test_046_dstPortRuleUDP(self):
global app, appWF, wanLimitMbit
# only use 30% because QoS will limit to 10% and we want to make sure it takes effect
# really high levels will actually be limited by the untangle-vm throughput instead of QoS
# which can interfere with the test
targetSpeedMbit = str(wanLimitMbit*.3)+"M"
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
# We will use iperf server and iperf for this test.
wan_IP = uvmContext.networkManager().getFirstWanAddress()
iperfAvailable = global_functions.verify_iperf_configuration(wan_IP)
if (not iperfAvailable):
raise unittest2.SkipTest("Iperf server and/or iperf not available, skipping alternate port forwarding test")
# Enabled QoS
netsettings = uvmContext.networkManager().getNetworkSettings()
nukeRules()
appendRule(createBandwidthSingleConditionRule("DST_PORT","5000","SET_PRIORITY",1))
pre_UDP_speed = global_functions.get_udp_download_speed( receiverIP=global_functions.iperfServer, senderIP=remote_control.clientIP, targetRate=targetSpeedMbit )
# Create DST_PORT based rule to limit bandwidth
nukeRules()
appendRule(createBandwidthSingleConditionRule("DST_PORT","5000","SET_PRIORITY",7))
post_UDP_speed = global_functions.get_udp_download_speed( receiverIP=global_functions.iperfServer, senderIP=remote_control.clientIP, targetRate=targetSpeedMbit )
printResults( pre_UDP_speed, post_UDP_speed, (wanLimitKbit/8)*0.1, pre_UDP_speed*.9 )
assert (post_UDP_speed < pre_UDP_speed*.9)
def test_035_arp_test_wan_offline(self):
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
if (len(indexOfWans) < 2):
raise unittest2.SkipTest(
"Need at least two WANS for test_035_addArpFailTestForWans")
nuke_rules()
orig_offline_count = offline_wan_count()
netsettings = uvmContext.networkManager().getNetworkSettings()
# Add a fake gateway for each of the interfaces
for wanIndexTup in indexOfWans:
wanIndex = wanIndexTup[0]
# set gateway to fake gateway
set_interface_field(wanIndex, netsettings, 'v4StaticGateway',
'192.168.244.' + str(wanIndex))
set_interface_field(wanIndex, netsettings, 'v4AutoGatewayOverride',
'192.168.244.' + str(wanIndex))
build_wan_test(wanIndex, "arp")
uvmContext.networkManager().setNetworkSettings(netsettings)
wait_for_wan_offline()
offline_count = offline_wan_count()
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
assert (offline_count > orig_offline_count)
result = remote_control.is_online()
assert (result == 0)
def test_015_qos_nobpass_custom_rules_tcp(self):
global app
nuke_rules()
priority_level = 7
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed()
# Create SRC_ADDR based custom Q0S rule to limit bypass QoS
netsettings = copy.deepcopy(orig_network_settings_with_qos)
netsettings['qosSettings']['qosRules']["list"].append(
create_qos_custom_rule("SRC_ADDR", remote_control.clientIP,
priority_level))
uvmContext.networkManager().setNetworkSettings(netsettings)
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed()
# Restore original network settings
uvmContext.networkManager().setNetworkSettings(
orig_network_settings_with_qos)
# Because the session is NOT bypassed, the QoS rule should not take effect
print_results(wget_speed_pre, wget_speed_post, wget_speed_pre * 0.1,
wget_speed_pre * limited_acceptance_ratio)
assert ((wget_speed_pre) and (wget_speed_post))
assert (
not (wget_speed_pre * limited_acceptance_ratio > wget_speed_post))
def test_045_dns_test_wan_offline(self):
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
if (len(indexOfWans) < 2):
raise unittest2.SkipTest(
"Need at least two WANS for test_045_addDNSFailTestForWans")
nuke_rules()
orig_offline_count = offline_wan_count()
netsettings = uvmContext.networkManager().getNetworkSettings()
# Add a fake DNS for each of the interfaces
for wanIndexTup in indexOfWans:
wanIndex = wanIndexTup[0]
# set DNS values to fake DNS
set_interface_field(wanIndex, netsettings, 'v4StaticDns1',
'192.168.244.' + str(wanIndex))
set_interface_field(wanIndex, netsettings, 'v4StaticDns2',
'192.168.244.' + str(wanIndex))
set_interface_field(wanIndex, netsettings, 'v4AutoDns1Override',
'192.168.244.' + str(wanIndex))
set_interface_field(wanIndex, netsettings, 'v4AutoDns2Override',
'192.168.244.' + str(wanIndex))
uvmContext.networkManager().setNetworkSettings(netsettings)
for wanIndexTup in indexOfWans:
build_wan_test(wanIndex, "dns")
wait_for_wan_offline()
offline_count = offline_wan_count()
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
assert (offline_count > orig_offline_count)
def test_080_routedWanVsNetworkRoute(self):
# Test that Networking routes override routed rules in WAN Balancer
if (len(indexOfWans) < 2):
raise unittest2.SkipTest("Need at least two WANS for test_080_routedWanVsNetworkRoute")
netsettings = netsettings = uvmContext.networkManager().getNetworkSettings()
nukeWanBalancerRouteRules()
setWeightOfWan("all", 0)
weightedIndexTup = indexOfWans[0]
routedIndexTup = indexOfWans[1]
setWeightOfWan(weightedIndexTup[0], 100) # set primary to 100%
# configure route in network which uses the second WAN for test.untangle.com
routedIP = routedIndexTup[2]
routedIPGateway = routedIndexTup[3]
appendRouteRule(createRouteRule(ip_address_testdestination,32,routedIPGateway))
result1 = global_functions.get_public_ip_address()
print("Routed IP %s and retrieved IP %s" % (routedIP, result1))
# Add WAN route IP to Balancer
buildSingleWanRouteRule("DST_ADDR",ip_address_testdestination,weightedIndexTup[0])
result2 = global_functions.get_public_ip_address(extra_options="--no-check-certificate --secure-protocol=auto")
print("Routed IP %s and retrieved IP %s" % (routedIP, result2))
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
assert (result1 == routedIP)
assert (result2 == routedIP)
def test_120_natOneToOneWanDown(self):
# create a 1:1 NAT and then down the wan which the NAT is set to
# if there are more than one WAN
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
if (len(indexOfWans) < 2):
raise unittest2.SkipTest("Need at least two WANS for combination of wan-balancer and wan failover tests")
pre_count = global_functions.get_app_metric_value(appWanFailover,"changed")
# raise unittest2.SkipTest('Skipping test_120_natOneToOneWanDown as not possible with current network layout ')
netsettings = uvmContext.networkManager().getNetworkSettings()
nukeWanBalancerRules();
nukeFailoverRules()
# create valid failover tests
for wanIndexTup in indexOfWans:
wanIndex = wanIndexTup[0]
buildWanTestRule(wanIndex)
for wanIndexTup in indexOfWans:
# get the WAN IP address which was source routed
wanIndex = wanIndexTup[0]
wanIP = wanIndexTup[1]
wanExternalIP = wanIndexTup[2]
# Add networking route which does not handle re-routing if WAN is down
netsettings['natRules']['list']=[]
netsettings['natRules']['list'].append(buildNatRule("DST_ADDR",ip_address_testdestination,wanIP))
uvmContext.networkManager().setNetworkSettings(netsettings)
# Test that only the routed interface is used 5 times
subprocess.check_output("ip route flush cache", shell=True)
for x in range(0, 5):
result = global_functions.get_public_ip_address()
print("NAT 1:1 IP %s External IP %s and retrieved IP %s" % (wanIP, wanExternalIP, result))
assert (result == wanExternalIP)
# now down the selected wan and see if traffic flows out the other wan
buildWanTestRule(wanIndex, "ping", "192.168.244.1")
# Wait for targeted the WAN to be off line before testing that the WAN is off line.
timeout = 50000
online = True
offlineWanIndex = wanIndex
while online and timeout > 0:
timeout -= 1
wanStatus = appWanFailover.getWanStatus()
for statusInterface in wanStatus['list']:
if statusInterface['interfaceId'] == offlineWanIndex:
online = statusInterface['online']
time.sleep(10) # Let WAN balancer see that the interface is down
subprocess.check_output("ip route flush cache", shell=True)
for x in range(0, 5):
result = global_functions.get_public_ip_address()
print("WAN Down NAT 1:1 IP %s External IP %s and retrieved IP %s" % (wanIP, wanExternalIP, result))
assert (result == wanExternalIP)
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
nukeFailoverRules()
# Check to see if the faceplate counters have incremented.
post_count = global_functions.get_app_metric_value(appWanFailover,"changed")
assert(pre_count < post_count)
def test_021_shieldOffNmap(self):
# enable logging of blocked settings
netsettings = uvmContext.networkManager().getNetworkSettings()
netsettings['logBlockedSessions'] = True
netsettings['logBypassedSessions'] = True
uvmContext.networkManager().setNetworkSettings(netsettings)
settings = app.getSettings()
settings['shieldEnabled'] = False
app.setSettings(settings)
start_time = datetime.now()
result = remote_control.run_command(
"nmap -PN -sT -T5 --min-parallelism 15 -p10000-10100 1.2.3.5 2>&1 >/dev/null"
)
assert (result == 0)
events = global_functions.get_events('Shield',
'Blocked Session Events', None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'),
5,
'c_client_addr',
remote_control.clientIP,
's_server_addr',
'1.2.3.5',
min_date=start_time)
assert (not found)
def test_070_bypass_udp_block(self):
"""
UDP blocked but bypassed so UDP should work
"""
raise unittest2.SkipTest(
'test correctly fails - disabling for 13.0 - NGFW-10144')
global app
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
tracerouteExists = remote_control.run_command(
"test -x /usr/sbin/traceroute")
if tracerouteExists != 0:
raise unittest2.SkipTest(
"Traceroute app needs to be installed on client")
# use IP address instead of hostname to avoid false positive with DNS IPS block.
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
netsettings = copy.deepcopy(orig_netsettings)
netsettings['bypassRules']['list'].append(
createBypassConditionRule("SRC_ADDR", remote_control.clientIP))
# netsettings['logBypassedSessions'] = True
uvmContext.networkManager().setNetworkSettings(netsettings)
test_untangle_com_ip = socket.gethostbyname("test.untangle.com")
startTime = datetime.now()
rule = self.intrusion_prevention_interface.create_rule(msg="UDP Block",
type="udp",
block=True,
directive="")
self.intrusion_prevention_interface.config_request(
"save",
self.intrusion_prevention_interface.create_patch(
"rule", "add", rule))
app.reconfigure()
result = remote_control.run_command(
"/usr/sbin/traceroute -U -m 3 -p 1234 " + test_untangle_com_ip)
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention',
'All Events', None, 500)
assert (events != None)
found = global_functions.check_events(events.get('list'),
500,
"source_addr",
remote_control.clientIP,
"dest_addr",
test_untangle_com_ip,
"dest_port",
1234,
"protocol",
17,
"blocked",
True,
min_date=startTime)
print("found: %s" % str(found))
assert (not found)
def test_110_networkRouteWanDown(self):
# create a network route and then down the wan which the route is set to
# if there are more than one WAN
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
if (len(indexOfWans) < 2):
raise unittest2.SkipTest(
"Need at least two WANS for combination of wan-balancer and wan failover tests"
)
netsettings = netsettings = uvmContext.networkManager(
).getNetworkSettings()
nukeWanBalancerRules()
for wanIndexTup in indexOfWans:
# Add networking route which does not handle re-routing if WAN is down
# get the WAN IP address which was source routed
wanIndex = wanIndexTup[0]
# Get the external IP of the interface selected.
routedIP = wanIndexTup[2]
wanGatewayIP = wanIndexTup[3]
netsettings['staticRoutes']['list'] = []
netsettings['staticRoutes']['list'].append(
createRouteRule(ip_address_testdestination, 32, wanGatewayIP))
uvmContext.networkManager().setNetworkSettings(netsettings)
# Test that only the routed interface is used 5 times
subprocess.check_output("ip route flush cache", shell=True)
for x in range(0, 5):
result = remote_control.run_command(
"wget --timeout=4 -q -O - \"$@\" test.untangle.com/cgi-bin/myipaddress.py",
stdout=True)
print "Network Routed IP %s and retrieved IP %s" % (routedIP,
result)
assert (result == routedIP)
# now down the selected wan and see if traffic flows out the other wan
buildWanTestRule(wanIndex, "ping", "192.168.244.1")
# Wait for targeted the WAN to be off line before testing that the WAN is off line.
timeout = 50000
online = True
offlineWanIndex = wanIndex
while online and timeout > 0:
timeout -= 1
wanStatus = appWanFailover.getWanStatus()
for statusInterface in wanStatus['list']:
if statusInterface['interfaceId'] == offlineWanIndex:
online = statusInterface['online']
time.sleep(10) # Let WAN balancer see that the interface is down
subprocess.check_output("ip route flush cache", shell=True)
for x in range(0, 5):
result = global_functions.get_public_ip_address()
print "WAN Down Network Routed IP %s and retrieved IP %s" % (
routedIP, result)
assert (result == routedIP)
nukeFailoverRules()
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
def finalTearDown(self):
global app, appWanFailover
# Restore original settings to return to initial settings
if app != None:
uvmContext.appManager().destroy( app.getAppSettings()["id"] )
app = None
if appWanFailover != None:
uvmContext.appManager().destroy( appWanFailover.getAppSettings()["id"] )
appWanFailover = None
if orig_netsettings != None:
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
def finalTearDown(self):
global app, appAD
# Restore original settings to return to initial settings
# print "orig_netsettings <%s>" % orig_netsettings
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
if app != None:
uvmContext.appManager().destroy(app.getAppSettings()["id"])
app = None
if appAD != None:
uvmContext.appManager().destroy(appAD.getAppSettings()["id"])
appAD = None
def initialSetUp(self):
global app, app_web_filter, orig_network_settings, orig_network_settings_with_qos, orig_network_settings_without_qos, pre_down_speed_kbit, wan_limit_kbit, wan_limit_mbit
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
default_policy_id)
settings = app.getSettings()
settings["configured"] = True
app.setSettings(settings)
app.start()
if (uvmContext.appManager().isInstantiated(self.appNameWF())):
raise Exception('app %s already instantiated' % self.appNameWF())
app_web_filter = uvmContext.appManager().instantiate(
self.appNameWF(), default_policy_id)
if orig_network_settings == None:
orig_network_settings = uvmContext.networkManager(
).getNetworkSettings()
# disable QoS
netsettings = copy.deepcopy(orig_network_settings)
netsettings['qosSettings']['qosEnabled'] = False
uvmContext.networkManager().setNetworkSettings(netsettings)
# measure speed
pre_down_speed_kbit = global_functions.get_download_speed(
download_server="test.untangle.com")
# calculate QoS limits
wan_limit_kbit = int((pre_down_speed_kbit * 8) * .9)
# set max to 100Mbit, so that other limiting factors dont interfere
if wan_limit_kbit > 100000: wan_limit_kbit = 100000
wan_limit_mbit = round(wan_limit_kbit / 1024, 2)
# turn on QoS and set wan speed limits
netsettings = copy.deepcopy(orig_network_settings)
netsettings['qosSettings']['qosEnabled'] = True
i = 0
for interface in netsettings['interfaces']['list']:
if interface['isWan']:
netsettings['interfaces']['list'][i][
'downloadBandwidthKbps'] = wan_limit_kbit
netsettings['interfaces']['list'][i][
'uploadBandwidthKbps'] = wan_limit_kbit
i += 1
netsettings['bypassRules']['list'] = []
netsettings['qosSettings']['qosRules']['list'] = []
# These store the "new" defaults with and without QoS
orig_network_settings_with_qos = copy.deepcopy(netsettings)
orig_network_settings_with_qos['qosSettings']['qosEnabled'] = True
orig_network_settings_without_qos = copy.deepcopy(netsettings)
orig_network_settings_without_qos['qosSettings']['qosEnabled'] = False
uvmContext.networkManager().setNetworkSettings(
orig_network_settings_with_qos)
def test_071_bypass_tcp_block(self):
"""
TCP blocked but bypassed so TCP should work
"""
raise unittest2.SkipTest(
'test correctly fails - disabling for 13.0 - NGFW-10144')
global app
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
netsettings = copy.deepcopy(orig_netsettings)
netsettings['bypassRules']['list'].append(
createBypassConditionRule("SRC_ADDR", remote_control.clientIP))
# netsettings['logBypassedSessions'] = True
uvmContext.networkManager().setNetworkSettings(netsettings)
test_untangle_com_ip = socket.gethostbyname("test.untangle.com")
startTime = datetime.now()
rule = self.intrusion_prevention_interface.create_rule(msg="TCP Block",
type="tcp",
block=True,
directive="")
self.intrusion_prevention_interface.config_request(
"save",
self.intrusion_prevention_interface.create_patch(
"rule", "add", rule))
app.reconfigure()
result = remote_control.run_command(
"wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/")
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention',
'All Events', None, 500)
assert (events != None)
found = global_functions.check_events(events.get('list'),
500,
"source_addr",
remote_control.clientIP,
"dest_addr",
test_untangle_com_ip,
"dest_port",
80,
"protocol",
6,
"blocked",
True,
min_date=startTime)
print("found: %s" % str(found))
assert (not found)
def finalTearDown(self):
global orig_netsettings
# Restore original settings to return to initial settings
# print "orig_netsettings <%s>" % orig_netsettings
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
settings = app.getSettings()
settings['shieldEnabled'] = default_enabled
app.setSettings(settings)
# sleep so the reputation goes down so it will not interfere with any future tests
time.sleep(3)
def test_014_qosBypassCustomRulesUDP(self):
global wanLimitMbit
targetSpeedMbit = str(wanLimitMbit)+"M"
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
# We will use iperf server and iperf for this test.
wan_IP = uvmContext.networkManager().getFirstWanAddress()
iperfAvailable = global_functions.verify_iperf_configuration(wan_IP)
if (not iperfAvailable):
raise unittest2.SkipTest("Iperf server and/or iperf not available")
netsettings = uvmContext.networkManager().getNetworkSettings()
netsettings['bypassRules']['list'].append( createBypassConditionRule("DST_PORT","5000") )
netsettings['qosSettings']['qosRules']["list"].append( createQoSCustomRule("DST_PORT","5000", 1) )
uvmContext.networkManager().setNetworkSettings( netsettings )
pre_UDP_speed = global_functions.get_udp_download_speed( receiverIP=global_functions.iperfServer, senderIP=remote_control.clientIP, targetRate=targetSpeedMbit )
netsettings['qosSettings']['qosRules']['list'] = []
netsettings['qosSettings']['qosRules']["list"].append( createQoSCustomRule("DST_PORT","5000", 7) )
uvmContext.networkManager().setNetworkSettings( netsettings )
post_UDP_speed = global_functions.get_udp_download_speed( receiverIP=global_functions.iperfServer, senderIP=remote_control.clientIP, targetRate=targetSpeedMbit )
# Restore original network settings
uvmContext.networkManager().setNetworkSettings( origNetworkSettingsWithQoS )
printResults( pre_UDP_speed, post_UDP_speed, (wanLimitKbit/8)*0.1, pre_UDP_speed*.9 )
assert (post_UDP_speed < pre_UDP_speed*.9)
def test_040_windowsL2TPlocalDirectory(self):
wan_IP = uvmContext.networkManager().getFirstWanAddress()
if (l2tpClientHostResult != 0):
raise unittest2.SkipTest("l2tpClientHostResult not available")
if (not wan_IP in l2tpServerHosts):
raise unittest2.SkipTest("No paried L2TP client available")
uvmContext.localDirectory().setUsers(createLocalDirectoryUser())
createL2TPconfig("LOCAL_DIRECTORY")
timeout = 480
found = False
# Send command for Windows VPN connect.
vpnServerResult = remote_control.run_command(
"rasdial.exe %s %s %s" %
(wan_IP, l2tpLocalUser, l2tpLocalPassword),
host=l2tpClientHost)
while not found and timeout > 0:
timeout -= 1
time.sleep(1)
virtUsers = app.getVirtualUsers()
for user in virtUsers['list']:
if user['clientUsername'] == l2tpLocalUser:
found = True
# Send command for Windows VPN disconnect.
vpnServerResult = remote_control.run_command("rasdial.exe %s /d" %
(wan_IP),
host=l2tpClientHost)
uvmContext.localDirectory().setUsers(removeLocalDirectoryUser())
assert (found)
def initialSetUp(self):
global app, appWeb, appData, vpnHostResult, vpnClientResult, vpnServerResult
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
defaultRackId)
app.start()
appWeb = None
if (uvmContext.appManager().isInstantiated(self.appWebName())):
raise Exception('app %s already instantiated' % self.appWebName())
appWeb = uvmContext.appManager().instantiate(self.appWebName(),
defaultRackId)
vpnHostResult = subprocess.call(
["ping", "-W", "5", "-c", "1", global_functions.vpnServerVpnIP],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
vpnClientResult = subprocess.call(
["ping", "-W", "5", "-c", "1", global_functions.vpnClientVpnIP],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
wanIP = uvmContext.networkManager().getFirstWanAddress()
if vpnClientResult == 0:
vpnServerResult = remote_control.run_command(
"ping -W 5 -c 1 " + wanIP,
host=global_functions.vpnClientVpnIP)
else:
vpnServerResult = 1
def test_050_windowsL2TPRadiusDirectory(self):
global appAD
wan_IP = uvmContext.networkManager().getFirstWanAddress()
if (radiusResult != 0):
raise unittest2.SkipTest("No RADIUS server available")
if (l2tpClientHostResult != 0):
raise unittest2.SkipTest("l2tpClientHostResult not available")
if (not wan_IP in l2tpServerHosts):
raise unittest2.SkipTest("No paried L2TP client available")
# Configure RADIUS settings
appAD.setSettings(createRadiusSettings())
createL2TPconfig("RADIUS_SERVER")
timeout = 480
found = False
vpnServerResult = remote_control.run_command(
"rasdial.exe %s %s %s" %
(wan_IP, l2tpRadiusUser, l2tpRadiusPassword),
host=l2tpClientHost)
while not found and timeout > 0:
timeout -= 1
time.sleep(1)
virtUsers = app.getVirtualUsers()
for user in virtUsers['list']:
if user['clientUsername'] == l2tpRadiusUser:
found = True
# Send command for Windows VPN disconnect.
vpnServerResult = remote_control.run_command("rasdial.exe %s /d" %
(wan_IP),
host=l2tpClientHost)
assert (found)
def initialSetUp(self):
global app, orig_netsettings, ipsecHostResult, l2tpClientHostResult, appAD, appDataRD, radiusResult
tunnelUp = False
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
defaultRackId)
if (uvmContext.appManager().isInstantiated(self.appNameAD())):
raise unittest2.SkipTest('app %s already instantiated' %
self.appName())
if orig_netsettings == None:
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
appAD = uvmContext.appManager().instantiate(self.appNameAD(),
defaultRackId)
appDataRD = appAD.getSettings().get('radiusSettings')
ipsecHostResult = subprocess.call(["ping", "-c", "1", ipsecHost],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
l2tpClientHostResult = subprocess.call(
["ping", "-c", "1", l2tpClientHost],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
radiusResult = subprocess.call(
["ping", "-c", "1", global_functions.radiusServer],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
def initialSetUp(self):
global app, appWF, origNetworkSettings, origNetworkSettingsWithQoS, origNetworkSettingsWithoutQoS, preDownSpeedKbsec, wanLimitKbit, wanLimitMbit
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(), defaultRackId)
settings = app.getSettings()
settings["configured"] = True
app.setSettings(settings)
app.start()
if (uvmContext.appManager().isInstantiated(self.appNameWF())):
raise Exception('app %s already instantiated' % self.appNameWF())
appWF = uvmContext.appManager().instantiate(self.appNameWF(), defaultRackId)
if origNetworkSettings == None:
origNetworkSettings = uvmContext.networkManager().getNetworkSettings()
# disable QoS
netsettings = copy.deepcopy( origNetworkSettings )
netsettings['qosSettings']['qosEnabled'] = False
uvmContext.networkManager().setNetworkSettings( netsettings )
# measure speed
preDownSpeedKbsec = global_functions.get_download_speed()
# calculate QoS limits
wanLimitKbit = int((preDownSpeedKbsec*8) * .9)
# set max to 100Mbit, so that other limiting factors dont interfere
if wanLimitKbit > 100000: wanLimitKbit = 100000
wanLimitMbit = round(wanLimitKbit/1024,2)
# turn on QoS and set wan speed limits
netsettings = copy.deepcopy( origNetworkSettings )
netsettings['qosSettings']['qosEnabled'] = True
i = 0
for interface in netsettings['interfaces']['list']:
if interface['isWan']:
netsettings['interfaces']['list'][i]['downloadBandwidthKbps']=wanLimitKbit
netsettings['interfaces']['list'][i]['uploadBandwidthKbps']=wanLimitKbit
i += 1
netsettings['bypassRules']['list'] = []
netsettings['qosSettings']['qosRules']['list'] = []
# These store the "new" defaults with and without QoS
origNetworkSettingsWithQoS = copy.deepcopy( netsettings )
origNetworkSettingsWithQoS['qosSettings']['qosEnabled'] = True
origNetworkSettingsWithoutQoS = copy.deepcopy( netsettings )
origNetworkSettingsWithoutQoS['qosSettings']['qosEnabled'] = False
uvmContext.networkManager().setNetworkSettings(origNetworkSettingsWithQoS)
def initialSetUp(self):
global app,default_enabled, orig_netsettings
if orig_netsettings == None:
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
if (not uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().app(self.appName())
default_enabled = app.getSettings()['shieldEnabled']
def test_110_hosts_file_manager(self):
# get the hostname and settings from the network manager
fullName = uvmContext.networkManager().getFullyQualifiedHostname()
netsettings = uvmContext.networkManager().getNetworkSettings()
print "Checking HostsFileManager records for " + fullName
# perform a DNS lookup for our hostname against every non-WAN interface
# and make sure the value returned matches the address of the interface
for interface in netsettings['interfaces']['list']:
if interface['isWan'] == False and interface['configType'] == "Addressed":
if 'v4StaticAddress' in interface:
netaddr = interface['v4StaticAddress']
if netaddr:
print "Checking hostname resolution for %s" % netaddr
output = subprocess.check_output("dig +short @" + netaddr + " " + fullName, shell=True)
result = output.strip()
assert(result == netaddr)
def test_030_restartNetworkVerifyIpsecTunnel(self):
# save a setting in networking and test ipsec tunnel is set connected.
global tunnelUp
if (not tunnelUp):
raise unittest2.SkipTest(
"Test test_020_createIpsecTunnel success required ")
netsettings = uvmContext.networkManager().getNetworkSettings()
uvmContext.networkManager().setNetworkSettings(netsettings)
time.sleep(10) # wait for networking to restart
ipsecHostLANResult = remote_control.run_command(
"wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/"
% ipsecHostLANIP)
ipsecPcLanResult = remote_control.run_command("ping -c 1 %s" %
ipsecPcLANIP)
# delete tunnel
nukeIPSecTunnels()
tunnelUp = False
assert (ipsecHostLANResult == 0)
assert (ipsecPcLanResult == 0)
def initialSetUp(self):
global indexOfWans, appData, app, orig_netsettings
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
defaultRackId)
app.start()
appData = app.getSettings()
indexOfWans = global_functions.get_wan_tuples()
def test_100_wanBalancerRouteWanDown(self):
# create a source route and then down the wan which the route is set to
# if there are more than one WAN
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
if (len(index_of_wans) < 2):
raise unittest2.SkipTest(
"Need at least two WANS for combination of wan-balancer and wan failover tests"
)
if same_wan_network(index_of_wans):
raise unittest2.SkipTest("WANS on same network")
netsettings = uvmContext.networkManager().getNetworkSettings()
for wanIndexTup in index_of_wans:
wanIndex = wanIndexTup[0]
nuke_wan_balancer_rules()
# Get the external IP of the interface selected.
routedIP = wanIndexTup[2]
# WAN index for route rules is from networking list. Balance is zero
build_single_wan_route_rule("DST_ADDR", ip_address_testdestination,
wanIndex)
# Test that only the routed interface is used 5 times2
subprocess.check_output("ip route flush cache", shell=True)
for x in range(0, 5):
result = remote_control.run_command(
"wget --timeout=4 -q -O - \"$@\" test.untangle.com/cgi-bin/myipaddress.py",
stdout=True)
print("WAN Balancer Routed IP %s and retrieved IP %s" %
(routedIP, result))
assert (result == routedIP)
# now down the selected wan and see if traffic flows out the other wan
build_wan_test_rule(wanIndex, "ping", "192.168.244.1")
# Wait for targeted the WAN to be off line before testing that the WAN is off line.
timeout = 50000
online = True
offlineWanIndex = wanIndex
while online and timeout > 0:
timeout -= 1
wanStatus = app_wan_failover.getWanStatus()
for statusInterface in wanStatus['list']:
if statusInterface['interfaceId'] == offlineWanIndex:
online = statusInterface['online']
time.sleep(10) # Let WAN balancer see that the interface is down
subprocess.check_output("ip route flush cache", shell=True)
for x in range(0, 5):
result = global_functions.get_public_ip_address()
print(
"WAN Down WAN Balancer Routed IP %s and retrieved IP %s" %
(routedIP, result))
assert (result != routedIP)
nuke_wan_balancer_rules()
nuke_wan_failover_rules()
def test_013_qosBypassCustomRules(self):
global app
nukeRules()
priority_level = 7
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed()
# Create SRC_ADDR based custom Q0S rule to limit bypass QoS
netsettings = copy.deepcopy( origNetworkSettingsWithQoS )
netsettings['qosSettings']['qosRules']["list"].append( createQoSCustomRule("SRC_ADDR",remote_control.clientIP,priority_level) )
netsettings['bypassRules']['list'].append( createBypassConditionRule("SRC_ADDR",remote_control.clientIP) )
uvmContext.networkManager().setNetworkSettings( netsettings )
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed()
# Restore original network settings
uvmContext.networkManager().setNetworkSettings( origNetworkSettingsWithQoS )
printResults( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limitedAcceptanceRatio )
assert ((wget_speed_pre) and (wget_speed_post))
assert (wget_speed_pre * limitedAcceptanceRatio > wget_speed_post)
def initialSetUp(self):
global indexOfWans, app, appData, appWanFailover, appDataWanFailover, orig_netsettings, ip_address_testdestination
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(), default_policy_id)
app.start()
appData = app.getSettings()
if (uvmContext.appManager().isInstantiated(self.appNameWanFailover())):
raise Exception('app %s already instantiated' % self.appNameWanFailover())
appWanFailover = uvmContext.appManager().instantiate(self.appNameWanFailover(), default_policy_id)
appWanFailover.start()
appWanFailoverData = appWanFailover.getSettings()
indexOfWans = global_functions.get_wan_tuples()
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
ip_address_testdestination = socket.gethostbyname("test.untangle.com")
class ReportsTests(unittest2.TestCase):
@staticmethod
def appName():
return "reports"
@staticmethod
def webAppName():
return "web-filter"
@staticmethod
def vendorName():
return "Untangle"
@staticmethod
def initialSetUp(self):
global app, orig_settings, test_email_address, can_relay, can_syslog, syslog_server_host, web_app
if (uvmContext.appManager().isInstantiated(self.appName())):
# report app is normally installed.
# print("App %s already installed" % self.appName())
# raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().app(self.appName())
else:
app = uvmContext.appManager().instantiate(self.appName(),
default_policy_id)
reportSettings = app.getSettings()
orig_settings = copy.deepcopy(reportSettings)
if (uvmContext.appManager().isInstantiated(self.webAppName())):
raise Exception('app %s already instantiated' % self.webAppName())
web_app = uvmContext.appManager().instantiate(self.webAppName(),
default_policy_id)
# Skip checking relaying is possible if we have determined it as true on previous test.
try:
can_relay = global_functions.send_test_email()
except Exception, e:
can_relay = False
if can_syslog == None:
can_syslog = False
wan_IP = uvmContext.networkManager().getFirstWanAddress()
syslog_server_host = global_functions.find_syslog_server(wan_IP)
if syslog_server_host:
portResult = remote_control.run_command(
"sudo lsof -i :514", host=syslog_server_host)
if portResult == 0:
can_syslog = True
def initialSetUp(self):
global app, appWeb, appDC, tunnelApp, appData, vpnHostResult, vpnClientResult, vpnServerResult, vpnUserPassHostResult, adResult, radiusResult
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
default_policy_id)
app.start()
appWeb = None
appDC = None
tunnelApp = None
if (uvmContext.appManager().isInstantiated(self.appWebName())):
raise Exception('app %s already instantiated' % self.appWebName())
appWeb = uvmContext.appManager().instantiate(self.appWebName(),
default_policy_id)
vpnHostResult = subprocess.call(
["ping", "-W", "5", "-c", "1", global_functions.VPN_SERVER_IP],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
vpnUserPassHostResult = subprocess.call([
"ping", "-W", "5", "-c", "1",
global_functions.VPN_SERVER_USER_PASS_IP
],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
vpnClientResult = subprocess.call(
["ping", "-W", "5", "-c", "1", global_functions.VPN_CLIENT_IP],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
wanIP = uvmContext.networkManager().getFirstWanAddress()
if vpnClientResult == 0:
vpnServerResult = remote_control.run_command(
"ping -W 5 -c 1 " + wanIP, host=global_functions.VPN_CLIENT_IP)
else:
vpnServerResult = 1
adResult = subprocess.call(
["ping", "-c", "1", global_functions.AD_SERVER],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
radiusResult = subprocess.call(
["ping", "-c", "1", global_functions.RADIUS_SERVER],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
def test_060_createIpsecTunnelHostname(self):
if (ipsecHostResult != 0):
raise unittest2.SkipTest("No paried IPSec server available")
pre_events_enabled = global_functions.get_app_metric_value(
app, "enabled")
wan_IP = uvmContext.networkManager().getFirstWanAddress()
pairMatchNotFound = True
listOfPairs = ""
addDNSRule(createDNSRule(ipsecHost, ipsecHostname))
# verify L2TP is off NGFW-7212
ipsecSettings = app.getSettings()
ipsecSettings["vpnflag"] = False
app.setSettings(ipsecSettings)
for hostConfig in configuredHostIPs:
print hostConfig[0]
listOfPairs += str(hostConfig[0]) + ", "
if (wan_IP in hostConfig[0]):
appendTunnel(
addIPSecTunnel(ipsecHostname, ipsecHostLAN, hostConfig[0],
hostConfig[1], hostConfig[2]))
pairMatchNotFound = False
if (pairMatchNotFound):
raise unittest2.SkipTest("IPsec test only configed for IPs %s" %
(listOfPairs))
timeout = 10
ipsecHostLANResult = 1
while (ipsecHostLANResult != 0 and timeout > 0):
timeout -= 1
time.sleep(1)
# ping the remote LAN to see if the IPsec tunnel is connected.
ipsecHostLANResult = remote_control.run_command(
"wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/"
% ipsecHostLANIP)
post_events_enabled = global_functions.get_app_metric_value(
app, "enabled")
nukeIPSecTunnels()
assert (ipsecHostLANResult == 0)
# Check to see if the faceplate counters have incremented.
assert (pre_events_enabled < post_events_enabled)
