def test_generate_client_ns_cert_type_empty(self): client_config = OpenVpn.generate_client('vpn1.test.com', { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "example-vpn", "proto": "udp", "tls_server": True, "ns_cert_type": "", }) o = OpenVpn({"openvpn": [client_config]}) expected = """# openvpn config: example-vpn ca ca.pem cert cert.pem dev tap0 dev-type tap key key.pem mode client nobind proto udp remote vpn1.test.com 1195 resolv-retry tls-client """ self.assertEqual(o.render(), expected)
def test_auto_client_ns_cert_type_empty(self): client_config = OpenVpn.auto_client('vpn1.test.com', { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "example-vpn", "proto": "udp", "server": "10.8.0.0 255.255.0.0", "tls_server": True, "ns_cert_type": "", }) o = OpenVpn(client_config) expected = """# openvpn config: example-vpn ca ca.pem cert cert.pem dev tap0 dev-type tap key key.pem mode p2p nobind proto udp pull remote vpn1.test.com 1195 resolv-retry tls-client """ self.assertEqual(o.render(), expected)
def test_auto_client_tls(self): client_config = OpenVpn.auto_client('vpn2.test.com', { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "example-vpn", "port": 1196, "proto": "tcp-server", "tls_server": True }) o = OpenVpn({"openvpn": [client_config]}) expected = """# openvpn config: example-vpn ca ca.pem cert cert.pem dev tap0 dev-type tap key key.pem mode client nobind proto tcp-client remote vpn2.test.com 1196 resolv-retry tls-client """ self.assertEqual(o.render(), expected)
def test_auto_client_simple(self): client_config = OpenVpn.auto_client('vpn1.test.com', { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "example-vpn", "proto": "udp", }) o = OpenVpn(client_config) expected = """# openvpn config: example-vpn ca ca.pem cert cert.pem dev tap0 dev-type tap key key.pem mode p2p nobind proto udp remote vpn1.test.com 1195 resolv-retry """ self.assertEqual(o.render(), expected)
def test_auto_client_tls(self): client_config = OpenVpn.auto_client('vpn2.test.com', { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "example-vpn", "port": 1196, "proto": "tcp-server", "server_bridge": "10.8.0.4 255.255.255.0 10.8.0.128 10.8.0.254", "tls_server": True }) o = OpenVpn(client_config) expected = """# openvpn config: example-vpn ca ca.pem cert cert.pem dev tap0 dev-type tap key key.pem mode p2p nobind proto tcp-client pull remote vpn2.test.com 1196 resolv-retry infinite tls-client """ self.assertEqual(o.render(), expected)
def test_no_status_file(self): c = OpenVpn({ "openvpn": [{ "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "test-no-status", "proto": "udp", "status": "", "status_version": 1, "tls_server": True }] }) expected = """# openvpn config: test-no-status ca ca.pem cert cert.pem dev tap0 dev-type tap dh dh.pem key key.pem mode server proto udp tls-server """ self.assertEqual(c.render(), expected)
def test_server_bridge_proxy(self): c = OpenVpn({ "openvpn": [{ "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "bridged-proxy", "proto": "udp", "server_bridge": "", "tls_server": True, }] }) expected = """# openvpn config: bridged-proxy ca ca.pem cert cert.pem dev tap0 dev-type tap dh dh.pem key key.pem mode server proto udp server-bridge tls-server """ self.assertEqual(c.render(), expected)
def test_auto_client_tls(self): client_config = OpenVpn.auto_client('vpn2.test.com', { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "example-vpn", "port": 1196, "proto": "tcp-server", "server_bridge": "10.8.0.4 255.255.255.0 10.8.0.128 10.8.0.254", "tls_server": True }) o = OpenVpn(client_config) expected = """# openvpn config: example-vpn ca ca.pem cert cert.pem dev tap0 dev-type tap key key.pem mode p2p nobind proto tcp-client pull remote vpn2.test.com 1196 resolv-retry tls-client """ self.assertEqual(o.render(), expected)
def test_auto_client_ns_cert_type_empty(self): client_config = OpenVpn.auto_client('vpn1.test.com', { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "example-vpn", "proto": "udp", "server": "10.8.0.0 255.255.0.0", "tls_server": True, "ns_cert_type": "", }) o = OpenVpn(client_config) expected = """# openvpn config: example-vpn ca ca.pem cert cert.pem dev tap0 dev-type tap key key.pem mode p2p nobind proto udp pull remote vpn1.test.com 1195 resolv-retry infinite tls-client """ self.assertEqual(o.render(), expected)
def test_server_routed(self): c = OpenVpn({ "openvpn": [{ "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "routed", "proto": "udp", "server": "10.8.0.0 255.255.0.0", "tls_server": True, }] }) expected = """# openvpn config: routed ca ca.pem cert cert.pem dev tap0 dev-type tap dh dh.pem key key.pem mode server proto udp server 10.8.0.0 255.255.0.0 tls-server """ self.assertEqual(c.render(), expected)
def test_auto_client_simple(self): client_config = OpenVpn.auto_client('vpn1.test.com', { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "example-vpn", "proto": "udp", }) o = OpenVpn(client_config) expected = """# openvpn config: example-vpn ca ca.pem cert cert.pem dev tap0 dev-type tap key key.pem mode p2p nobind proto udp remote vpn1.test.com 1195 resolv-retry infinite """ self.assertEqual(o.render(), expected)
def test_generate(self): o = OpenVpn({ "openvpn": [{ "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "test-1", "proto": "udp", "tls_server": True }, { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "test-2", "port": 1195, "proto": "udp", "tls_server": True }] }) tar = tarfile.open(fileobj=o.generate(), mode='r') self.assertEqual(len(tar.getmembers()), 2) # network vpn1 = tar.getmember('test-1.conf') contents = tar.extractfile(vpn1).read().decode() expected = """ca ca.pem cert cert.pem dev tap0 dev-type tap dh dh.pem key key.pem mode server proto udp tls-server """ self.assertEqual(contents, expected) # vpn 2 vpn2 = tar.getmember('test-2.conf') contents = tar.extractfile(vpn2).read().decode() expected = """ca ca.pem cert cert.pem dev tap0 dev-type tap dh dh.pem key key.pem mode server port 1195 proto udp tls-server """ self.assertEqual(contents, expected)
def test_double(self): o = OpenVpn( { "openvpn": [ { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "test-1", "proto": "udp", "tls_server": True, }, { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "test-2", "port": 1195, "proto": "udp", "tls_server": True, }, ] } ) expected = """# openvpn config: test-1 ca ca.pem cert cert.pem dev tap0 dev-type tap dh dh.pem key key.pem mode server proto udp tls-server # openvpn config: test-2 ca ca.pem cert cert.pem dev tap0 dev-type tap dh dh.pem key key.pem mode server port 1195 proto udp tls-server """ self.assertEqual(o.render(), expected)
def test_double(self): o = OpenVpn({ "openvpn": [ { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "test-1", "proto": "udp", "tls_server": True }, { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "test-2", "port": 1195, "proto": "udp", "tls_server": True } ] }) expected = """# openvpn config: test-1 ca ca.pem cert cert.pem dev tap0 dev-type tap dh dh.pem key key.pem mode server proto udp tls-server # openvpn config: test-2 ca ca.pem cert cert.pem dev tap0 dev-type tap dh dh.pem key key.pem mode server port 1195 proto udp tls-server """ self.assertEqual(o.render(), expected)
def test_parse_tar_bytesio(self): conf = deepcopy(self._multiple_vpn) conf.update({ "files": [{ "path": "/etc/dummy", "mode": "0644", "contents": "testing!" }] }) tar = OpenVpn(conf).generate() o = OpenVpn(native=tar) self.assertDictEqual(o.config, self._multiple_vpn)
def test_parse_text(self): native = """# openvpn config: bridged ca ca.pem cert cert.pem dev tap0 dev-type tap dh dh.pem key key.pem mode server proto udp server-bridge 10.8.0.4 255.255.255.0 10.8.0.128 10.8.0.254 tls-server """ o = OpenVpn(native=native) expected = { "openvpn": [{ "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "bridged", "proto": "udp", "server_bridge": "10.8.0.4 255.255.255.0 10.8.0.128 10.8.0.254", "tls_server": True, }] } self.assertDictEqual(o.config, expected)
def test_parse_exception(self): try: OpenVpn(native=10) except Exception as e: self.assertIsInstance(e, ParseError) else: self.fail('Exception not raised')
def test_additional_properties(self): c = OpenVpn( { "openvpn": [ { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "test-properties", "proto": "udp", "tls_server": True, "z_falsy": False, "z_list": ["test1", "test2"], "z_number": 5, "z_string": "string", "z_true_val": True, } ] } ) expected = """# openvpn config: test-properties ca ca.pem cert cert.pem dev tap0 dev-type tap dh dh.pem key key.pem mode server proto udp tls-server z-list test1 z-list test2 z-number 5 z-string string z-true-val """ self.assertEqual(c.render(), expected)
def _get_client(self): return OpenVpn.auto_client('vpn1.test.com', { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "example-vpn", "proto": "udp", })
def test_generate_client_complex(self): client_config = OpenVpn.generate_client('vpn1.test.com', { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "example-vpn", "proto": "tcp-server", "tls_server": True, "comp_lzo": "yes", "auth": "RSA-SHA1", "cipher": "AES-128-CFB", "engine": "dynamic", "ns_cert_type": "client", }) o = OpenVpn({"openvpn": [client_config]}) expected = """# openvpn config: example-vpn auth RSA-SHA1 ca ca.pem cert cert.pem cipher AES-128-CFB comp-lzo yes dev tap0 dev-type tap key key.pem mode client nobind ns-cert-type server proto tcp-client remote vpn1.test.com 1195 resolv-retry tls-client """ self.assertEqual(o.render(), expected)
def test_additional_properties(self): c = OpenVpn({ "openvpn": [{ "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "test-properties", "proto": "udp", "tls_server": True, "z_falsy": False, "z_list": ["test1", "test2"], "z_number": 5, "z_string": "string", "z_true_val": True, }] }) expected = """# openvpn config: test-properties ca ca.pem cert cert.pem dev tap0 dev-type tap dh dh.pem key key.pem mode server proto udp tls-server z-list test1 z-list test2 z-number 5 z-string string z-true-val """ self.assertEqual(c.render(), expected)
def test_override(self): template = { "openvpn": [{ "name": "test", "ca": "TEST", "cert": "TEST", "dev": "TEST", "dev_type": "TEST", "dh": "TEST", "key": "TEST", }] } o = OpenVpn(self._simple_conf, templates=[template]) # ensure dummy values in template have been overridden self.assertDictEqual(o.config, self._simple_conf)
def test_double_rendering(self): o = OpenVpn(self._simple_conf) self.assertEqual(o.render(), o.render())
def test_resolv_retry_invalid(self): client = self._get_client() client['openvpn'][0]['resolv_retry'] = 'true' o = OpenVpn(client) with self.assertRaises(ValidationError): o.validate()
def test_resolv_retry_not_present(self): client = self._get_client() del client['openvpn'][0]['resolv_retry'] o = OpenVpn(client) self.assertNotIn('resolv-retry', o.render())
def test_resolv_retry_infinite(self): client = self._get_client() client['openvpn'][0]['resolv_retry'] = 'infinite' o = OpenVpn(client) self.assertIn('resolv-retry infinite', o.render())
def test_resolv_retry_disabled(self): client = self._get_client() client['openvpn'][0]['resolv_retry'] = '0' o = OpenVpn(client) self.assertIn('resolv-retry 0', o.render())
def test_parse_tar_file(self): o = OpenVpn(self._multiple_vpn) o.write(name='test', path='/tmp') OpenVpn(native=open('/tmp/test.tar.gz')) os.remove('/tmp/test.tar.gz') self.assertDictEqual(o.config, self._multiple_vpn)
def test_server_mode(self): c = OpenVpn({ "openvpn": [{ "auth": "SHA1", "auth_user_pass_verify": "", "ca": "ca.pem", "cert": "cert.pem", "cipher": "BF-CBC", "client_cert_not_required": False, "client_to_client": False, "comp_lzo": "yes", "crl_verify": "crl.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "down": "", "duplicate_cn": True, "engine": "rsax", "fast_io": True, "fragment": 0, "group": "nogroup", "keepalive": "20 60", "key": "key.pem", "local": "", "log": "/var/log/openvpn.log", "mode": "server", "name": "test-server", "mssfix": 1450, "mtu_disc": "no", "mtu_test": False, "mute": 0, "mute_replay_warnings": True, "ns_cert_type": "", "persist_key": True, "persist_tun": True, "port": 1194, "proto": "udp", "script_security": 0, "secret": "", "status": "/var/log/openvpn.status 10", "status_version": 1, "tls_server": True, "tun_ipv6": False, "up": "", "up_delay": 0, "user": "******", "username_as_common_name": False, "verb": 3 }] }) expected = """# openvpn config: test-server auth SHA1 ca ca.pem cert cert.pem cipher BF-CBC comp-lzo yes crl-verify crl.pem dev tap0 dev-type tap dh dh.pem duplicate-cn engine rsax fast-io group nogroup keepalive 20 60 key key.pem log /var/log/openvpn.log mode server mssfix 1450 mtu-disc no mute-replay-warnings persist-key persist-tun port 1194 proto udp script-security 0 status /var/log/openvpn.status 10 status-version 1 tls-server user nobody verb 3 """ self.assertEqual(c.render(), expected)
def test_auto_client_complex(self): config = { "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "mode": "server", "name": "example-vpn", "proto": "tcp-server", "tls_server": True, "comp_lzo": "yes", "auth": "RSA-SHA1", "cipher": "AES-128-CFB", "engine": "dynamic", "ns_cert_type": "client", "server_bridge": "", } client_config = OpenVpn.auto_client('vpn1.test.com', config, ca_path='{{ca_path_1}}', ca_contents='{{ca_contents_1}}', cert_path='{{cert_path_1}}', cert_contents='{{cert_contents_1}}', key_path='{{key_path_1}}', key_contents='{{key_contents_1}}') o = OpenVpn(client_config) expected = """# openvpn config: example-vpn auth RSA-SHA1 ca {{ca_path_1}} cert {{cert_path_1}} cipher AES-128-CFB comp-lzo yes dev tap0 dev-type tap key {{key_path_1}} mode p2p nobind ns-cert-type server proto tcp-client pull remote vpn1.test.com 1195 resolv-retry infinite tls-client # ---------- files ---------- # # path: {{ca_path_1}} # mode: 0644 {{ca_contents_1}} # path: {{cert_path_1}} # mode: 0644 {{cert_contents_1}} # path: {{key_path_1}} # mode: 0644 {{key_contents_1}} """ self.assertEqual(o.render(), expected)
def test_generate(self): o = OpenVpn({ "openvpn": [ { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "test-1", "proto": "udp", "tls_server": True }, { "ca": "ca.pem", "cert": "cert.pem", "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "key": "key.pem", "mode": "server", "name": "test-2", "port": 1195, "proto": "udp", "tls_server": True } ] }) tar = tarfile.open(fileobj=o.generate(), mode='r') self.assertEqual(len(tar.getmembers()), 2) # network vpn1 = tar.getmember('test-1.conf') contents = tar.extractfile(vpn1).read().decode() expected = """ca ca.pem cert cert.pem dev tap0 dev-type tap dh dh.pem key key.pem mode server proto udp tls-server """ self.assertEqual(contents, expected) # vpn 2 vpn2 = tar.getmember('test-2.conf') contents = tar.extractfile(vpn2).read().decode() expected = """ca ca.pem cert cert.pem dev tap0 dev-type tap dh dh.pem key key.pem mode server port 1195 proto udp tls-server """ self.assertEqual(contents, expected)
def test_auto_client_complex(self): config = { "dev": "tap0", "dev_type": "tap", "dh": "dh.pem", "mode": "server", "name": "example-vpn", "proto": "tcp-server", "tls_server": True, "comp_lzo": "yes", "auth": "RSA-SHA1", "cipher": "AES-128-CFB", "engine": "dynamic", "ns_cert_type": "client", "server_bridge": "", } client_config = OpenVpn.auto_client('vpn1.test.com', config, ca_path='{{ca_path_1}}', ca_contents='{{ca_contents_1}}', cert_path='{{cert_path_1}}', cert_contents='{{cert_contents_1}}', key_path='{{key_path_1}}', key_contents='{{key_contents_1}}') o = OpenVpn(client_config) expected = """# openvpn config: example-vpn auth RSA-SHA1 ca {{ca_path_1}} cert {{cert_path_1}} cipher AES-128-CFB comp-lzo yes dev tap0 dev-type tap key {{key_path_1}} mode p2p nobind ns-cert-type server proto tcp-client pull remote vpn1.test.com 1195 resolv-retry tls-client # ---------- files ---------- # # path: {{ca_path_1}} # mode: 0644 {{ca_contents_1}} # path: {{cert_path_1}} # mode: 0644 {{cert_contents_1}} # path: {{key_path_1}} # mode: 0644 {{key_contents_1}} """ self.assertEqual(o.render(), expected)
def test_status_file_no_seconds(self): conf = copy.deepcopy(self._simple_conf) conf['openvpn'][0]['status'] = '/var/run/openvpn.status' c = OpenVpn(conf) self.assertIn('status /var/run/openvpn.status', c.render())
def test_no_status_file(self): c = OpenVpn(self._simple_conf) output = c.render() self.assertNotIn('status', output) self.assertNotIn('status-version', output)
def test_multiple_vpn(self): o = OpenVpn(native=self._multiple_vpn_text) self.assertEqual(o.config, self._multiple_vpn)
def test_client_mode(self): c = OpenVpn({ "openvpn": [ { "auth": "SHA256", "auth_user_pass": "", "ca": "ca.pem", "cert": "cert.pem", "cipher": "AES-128-CBC", "comp_lzo": "adaptive", "dev": "tun0", "dev_type": "tun", "down": "/home/user/down-command.sh", "engine": "", "fast_io": False, "fragment": 0, "group": "", "keepalive": "", "key": "key.pem", "local": "", "log": "/var/log/openvpn.log", "mode": "p2p", "mssfix": 1450, "mtu_disc": "yes", "mtu_test": True, "mute": 10, "mute_replay_warnings": True, "name": "test-client", "nobind": True, "ns_cert_type": "server", "persist_key": True, "persist_tun": True, "port": 1195, "proto": "tcp-client", "pull": True, "remote": [ { "host": "vpn1.test.com", "port": 1194 }, { "host": "vpn2.test.com", "port": 1195 } ], "resolv_retry": "infinite", "script_security": 1, "secret": "", "status": "/var/log/openvpn.status 30", "status_version": 1, "tls_client": True, "topology": "p2p", "tun_ipv6": True, "up": "/home/user/up-command.sh", "up_delay": 10, "user": "******", "verb": 1 } ] }) expected = """# openvpn config: test-client auth SHA256 ca ca.pem cert cert.pem cipher AES-128-CBC comp-lzo adaptive dev tun0 dev-type tun down /home/user/down-command.sh key key.pem log /var/log/openvpn.log mode p2p mssfix 1450 mtu-disc yes mtu-test mute 10 mute-replay-warnings nobind ns-cert-type server persist-key persist-tun port 1195 proto tcp-client pull remote vpn1.test.com 1194 remote vpn2.test.com 1195 resolv-retry infinite script-security 1 status /var/log/openvpn.status 30 status-version 1 tls-client topology p2p tun-ipv6 up /home/user/up-command.sh up-delay 10 user nobody verb 1 """ self.assertEqual(c.render(), expected)
def test_client_mode(self): c = OpenVpn({ "openvpn": [ { "auth": "SHA256", "auth_user_pass": "", "ca": "ca.pem", "cert": "cert.pem", "cipher": "AES-128-CBC", "comp_lzo": "adaptive", "dev": "tun0", "dev_type": "tun", "down": "/home/user/down-command.sh", "engine": "", "fast_io": False, "fragment": 0, "group": "", "keepalive": "", "key": "key.pem", "local": "", "log": "/var/log/openvpn.log", "mode": "p2p", "mssfix": 1450, "mtu_disc": "yes", "mtu_test": True, "mute": 10, "mute_replay_warnings": True, "name": "test-client", "nobind": True, "ns_cert_type": "server", "persist_key": True, "persist_tun": True, "port": 1195, "proto": "tcp-client", "pull": True, "remote": [ { "host": "vpn1.test.com", "port": 1194 }, { "host": "vpn2.test.com", "port": 1195 } ], "resolv_retry": True, "script_security": 1, "secret": "", "status": "/var/log/openvpn.status 30", "status_version": 1, "tls_client": True, "tun_ipv6": True, "up": "/home/user/up-command.sh", "up_delay": 10, "user": "******", "verb": 1 } ] }) expected = """# openvpn config: test-client auth SHA256 ca ca.pem cert cert.pem cipher AES-128-CBC comp-lzo adaptive dev tun0 dev-type tun down /home/user/down-command.sh key key.pem log /var/log/openvpn.log mode p2p mssfix 1450 mtu-disc yes mtu-test mute 10 mute-replay-warnings nobind ns-cert-type server persist-key persist-tun port 1195 proto tcp-client pull remote vpn1.test.com 1194 remote vpn2.test.com 1195 resolv-retry script-security 1 status /var/log/openvpn.status 30 status-version 1 tls-client tun-ipv6 up /home/user/up-command.sh up-delay 10 user nobody verb 1 """ self.assertEqual(c.render(), expected)