def test_120_natOneToOneWanDown(self):
# create a 1:1 NAT and then down the wan which the NAT is set to
# if there are more than one WAN
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
if (len(indexOfWans) < 2):
raise unittest2.SkipTest("Need at least two WANS for combination of wan-balancer and wan failover tests")
pre_count = global_functions.get_app_metric_value(appWanFailover,"changed")
# raise unittest2.SkipTest('Skipping test_120_natOneToOneWanDown as not possible with current network layout ')
netsettings = uvmContext.networkManager().getNetworkSettings()
nukeWanBalancerRules();
nukeFailoverRules()
# create valid failover tests
for wanIndexTup in indexOfWans:
wanIndex = wanIndexTup[0]
buildWanTestRule(wanIndex)
for wanIndexTup in indexOfWans:
# get the WAN IP address which was source routed
wanIndex = wanIndexTup[0]
wanIP = wanIndexTup[1]
wanExternalIP = wanIndexTup[2]
# Add networking route which does not handle re-routing if WAN is down
netsettings['natRules']['list']=[]
netsettings['natRules']['list'].append(buildNatRule("DST_ADDR",ip_address_testdestination,wanIP))
uvmContext.networkManager().setNetworkSettings(netsettings)
# Test that only the routed interface is used 5 times
subprocess.check_output("ip route flush cache", shell=True)
for x in range(0, 5):
result = global_functions.get_public_ip_address()
print("NAT 1:1 IP %s External IP %s and retrieved IP %s" % (wanIP, wanExternalIP, result))
assert (result == wanExternalIP)
# now down the selected wan and see if traffic flows out the other wan
buildWanTestRule(wanIndex, "ping", "192.168.244.1")
# Wait for targeted the WAN to be off line before testing that the WAN is off line.
timeout = 50000
online = True
offlineWanIndex = wanIndex
while online and timeout > 0:
timeout -= 1
wanStatus = appWanFailover.getWanStatus()
for statusInterface in wanStatus['list']:
if statusInterface['interfaceId'] == offlineWanIndex:
online = statusInterface['online']
time.sleep(10) # Let WAN balancer see that the interface is down
subprocess.check_output("ip route flush cache", shell=True)
for x in range(0, 5):
result = global_functions.get_public_ip_address()
print("WAN Down NAT 1:1 IP %s External IP %s and retrieved IP %s" % (wanIP, wanExternalIP, result))
assert (result == wanExternalIP)
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
nukeFailoverRules()
# Check to see if the faceplate counters have incremented.
post_count = global_functions.get_app_metric_value(appWanFailover,"changed")
assert(pre_count < post_count)
def test_020_testBasicWebCache(self):
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
pre_events_hit = global_functions.get_app_metric_value(app, "hit")
app.clearSquidCache()
for x in range(0, 10):
result = remote_control.run_command(
"wget -q -O /dev/null -4 -t 2 --timeout=5 http://test.untangle.com/"
)
time.sleep(1)
assert (result == 0)
time.sleep(65) # summary-events only written every 60 seconds
events = global_functions.get_events('Web Cache', 'Web Cache Events',
None, 1)
assert (events != None)
# verify at least one hit
assert (events['list'][0])
assert (events['list'][0]['hits'])
# Check to see if the faceplate counters have incremented.
post_events_hit = global_functions.get_app_metric_value(app, "hit")
assert (pre_events_hit < post_events_hit)
def test_020_smtpQuarantinedPhishBlockerTest(self):
if (not canRelay):
raise unittest2.SkipTest('Unable to relay through' +
smtpServerHost)
pre_events_quarantine = global_functions.get_app_metric_value(
app, "quarantine")
appData['smtpConfig']['scanWanMail'] = True
appData['smtpConfig']['strength'] = 5
app.setSettings(appData)
# Get the IP address of test.untangle.com
result = remote_control.run_command("host " + smtpServerHost,
stdout=True)
match = re.search(r'\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', result)
ip_address_testuntangle = match.group()
# sometimes the load is very high >7 and sending mail will fail
# sleep for a while for the load to go down
try:
if float(file("/proc/loadavg", "r").readline().split(" ")[0]) > 3:
time.sleep(30)
except:
pass
timeout = 12
found = False
email_index = 20
while (not found and timeout > 0):
time.sleep(3)
email_index += 1
from_address = "test0" + str(email_index)
sendPhishMail(mailfrom=from_address)
events = global_functions.get_events('Phish Blocker',
'All Phish Events', None, 1)
assert (events != None)
# print(events['list'][0])
found = global_functions.check_events(
events.get('list'), 5, 'c_server_addr',
ip_address_testuntangle, 's_server_port', 25, 'addr',
'*****@*****.**', 'c_client_addr',
remote_control.clientIP, 'phish_blocker_action', 'Q')
timeout -= 1
assert (found)
# Check to see if the faceplate counters have incremented.
post_events_quarantine = global_functions.get_app_metric_value(
app, "quarantine")
assert (pre_events_quarantine < post_events_quarantine)
def test_026_protoRule_Pandora(self):
pre_count = global_functions.get_app_metric_value(app,"pass")
touchProtoRule("Pandora",False,False)
result1 = remote_control.run_command("wget --no-check-certificate -q -O /dev/null -4 -t 2 --timeout=5 https://pandora.com/")
touchProtoRule("Pandora",True,True)
result2 = remote_control.run_command("wget --no-check-certificate -q -O /dev/null -4 -t 2 --timeout=5 https://pandora.com/")
touchProtoRule("Pandora",False,False)
assert (result1 == 0)
assert (result2 != 0)
# Check to see if the faceplate counters have incremented.
post_count = global_functions.get_app_metric_value(app,"pass")
assert(pre_count < post_count)
def test_015_httpEicarBlocked(self):
if platform.machine().startswith('arm'):
raise unittest2.SkipTest("local scanner not available on ARM")
pre_events_scan = global_functions.get_app_metric_value(app,"scan")
pre_events_block = global_functions.get_app_metric_value(app,"block")
result = remote_control.run_command("wget -q -O - http://test.untangle.com/virus/eicar.zip 2>&1 | grep -q blocked")
assert (result == 0)
post_events_scan = global_functions.get_app_metric_value(app,"scan")
post_events_block = global_functions.get_app_metric_value(app,"block")
assert(pre_events_scan < post_events_scan)
assert(pre_events_block < post_events_block)
def test_050_severely_limited_web_filter_flagged(self):
global app, app_web_filter
nuke_rules()
pre_count = global_functions.get_app_metric_value(app, "prioritize")
priority_level = 7
# This test might need web filter for http to start
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed(
download_server="test.untangle.com")
# Create WEB_FILTER_FLAGGED based rule to limit bandwidth
append_rule(
create_single_condition_rule("WEB_FILTER_FLAGGED", "true",
"SET_PRIORITY", priority_level))
# Test.untangle.com is listed as Software, Hardware in web filter. As of 1/2014 its in Technology
settingsWF = app_web_filter.getSettings()
i = 0
untangleCats = ["Software,", "Technology"]
for webCategories in settingsWF['categories']['list']:
if any(x in webCategories['name'] for x in untangleCats):
settingsWF['categories']['list'][i]['flagged'] = "true"
i += 1
app_web_filter.setSettings(settingsWF)
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed(
download_server="test.untangle.com")
print_results(wget_speed_pre, wget_speed_post, wget_speed_pre * 0.1,
wget_speed_pre * limited_acceptance_ratio)
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control',
'Prioritized Sessions', None, 5)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
"bandwidth_control_priority",
priority_level, "c_client_addr",
remote_control.clientIP)
assert (found)
# Check to see if the faceplate counters have incremented.
post_count = global_functions.get_app_metric_value(app, "prioritize")
assert (pre_count < post_count)
def test_060_createIpsecTunnelHostname(self):
if (ipsecHostResult != 0):
raise unittest2.SkipTest("No paried IPSec server available")
pre_events_enabled = global_functions.get_app_metric_value(
app, "enabled")
wan_IP = uvmContext.networkManager().getFirstWanAddress()
pairMatchNotFound = True
listOfPairs = ""
addDNSRule(createDNSRule(ipsecHost, ipsecHostname))
# verify L2TP is off NGFW-7212
ipsecSettings = app.getSettings()
ipsecSettings["vpnflag"] = False
app.setSettings(ipsecSettings)
for hostConfig in configuredHostIPs:
print hostConfig[0]
listOfPairs += str(hostConfig[0]) + ", "
if (wan_IP in hostConfig[0]):
appendTunnel(
addIPSecTunnel(ipsecHostname, ipsecHostLAN, hostConfig[0],
hostConfig[1], hostConfig[2]))
pairMatchNotFound = False
if (pairMatchNotFound):
raise unittest2.SkipTest("IPsec test only configed for IPs %s" %
(listOfPairs))
timeout = 10
ipsecHostLANResult = 1
while (ipsecHostLANResult != 0 and timeout > 0):
timeout -= 1
time.sleep(1)
# ping the remote LAN to see if the IPsec tunnel is connected.
ipsecHostLANResult = remote_control.run_command(
"wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/"
% ipsecHostLANIP)
post_events_enabled = global_functions.get_app_metric_value(
app, "enabled")
nukeIPSecTunnels()
assert (ipsecHostLANResult == 0)
# Check to see if the faceplate counters have incremented.
assert (pre_events_enabled < post_events_enabled)
def test_020_createIpsecTunnel(self):
global tunnelUp
if (ipsecHostResult != 0):
raise unittest2.SkipTest("No paried IPSec server available")
pre_events_enabled = global_functions.get_app_metric_value(
app, "enabled")
wan_IP = uvmContext.networkManager().getFirstWanAddress()
pairMatchNotFound = True
listOfPairs = ""
for hostConfig in configuredHostIPs:
print hostConfig[0]
listOfPairs += str(hostConfig[0]) + ", "
if (wan_IP in hostConfig[0]):
appendTunnel(
addIPSecTunnel(ipsecHost, ipsecHostLAN, hostConfig[0],
hostConfig[1], hostConfig[2]))
pairMatchNotFound = False
if (pairMatchNotFound):
raise unittest2.SkipTest("IPsec test only configed for IPs %s" %
(listOfPairs))
timeout = 10
ipsecHostLANResult = 1
while (ipsecHostLANResult != 0 and timeout > 0):
timeout -= 1
time.sleep(1)
# ping the remote LAN to see if the IPsec tunnel is connected.
ipsecHostLANResult = remote_control.run_command(
"wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/"
% ipsecHostLANIP)
assert (ipsecHostLANResult == 0)
ipsecPcLanResult = remote_control.run_command("ping -c 1 %s" %
ipsecPcLANIP)
assert (ipsecPcLanResult == 0)
tunnelUp = True
# Check to see if the faceplate counters have incremented.
post_events_enabled = global_functions.get_app_metric_value(
app, "enabled")
assert (pre_events_enabled < post_events_enabled)
def test_065_all_wan_offline_but_one(self):
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
if (len(indexOfWans) < 2):
raise unittest2.SkipTest(
"Need at least two WANS for test_065_downAllButOneWan")
pre_count = global_functions.get_app_metric_value(app, "changed")
validWanIP = None
# loop through the WANs keeping one up and the rest down.
for upWanIndexTup in indexOfWans:
upWanIndex = upWanIndexTup[0]
nuke_rules()
for wanIndexTup in indexOfWans:
wanIndex = wanIndexTup[0]
if upWanIndex != wanIndex:
# make this interface test disconnected
build_wan_test(wanIndex, "ping", pingHost="192.168.244.1")
else:
validWanIP = wanIndexTup[2]
build_wan_test(upWanIndex, "ping", pingHost="8.8.8.8")
print "validIP is %s" % validWanIP
wait_for_wan_offline()
online_count = online_wan_count()
offline_count = offline_wan_count()
assert (online_count == 1)
assert (offline_count > 0)
for x in range(0, 8):
result = global_functions.get_public_ip_address()
print "IP address %s and validWanIP %s" % (result, validWanIP)
assert (result == validWanIP)
# Check to see if the faceplate counters have incremented.
post_count = global_functions.get_app_metric_value(app, "changed")
assert (pre_count < post_count)
def test_903_blockLocalEventLog(self):
rules_clear()
rule_append(create_rule_single_condition("CLIENT_COUNTRY", "XL"))
pre_events_block = global_functions.get_app_metric_value(app, "block")
result = remote_control.run_command(
"wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/")
assert (result != 0)
events = global_functions.get_events('Firewall', 'Blocked Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
'c_client_addr',
remote_control.clientIP,
'client_country', "XL",
'firewall_blocked', True,
'firewall_flagged', True)
assert (found)
# Check to see if the faceplate counters have incremented.
post_events_block = global_functions.get_app_metric_value(app, "block")
assert (pre_events_block < post_events_block)
def test_060_app_stats(self):
"""
Checks that the scan, detect, and block stats are properly incremented
"""
global app
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
signature = self.intrusion_prevention_interface.create_signature(
msg="TCP Block",
type="tcp",
block=True,
directive="content:\"CompanySecret\"; nocase;")
self.intrusion_prevention_interface.config_request(
"save",
self.intrusion_prevention_interface.create_patch(
"signature", "add", signature))
app.reconfigure()
app.forceUpdateStats()
time.sleep(5)
pre_events_scan = global_functions.get_app_metric_value(app, "scan")
pre_events_detect = global_functions.get_app_metric_value(
app, "detect")
pre_events_block = global_functions.get_app_metric_value(app, "block")
result = remote_control.run_command(
"wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret"
)
time.sleep(5)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention',
'All Events', None, 1)
found = global_functions.check_events(events.get('list'), 5, 'msg',
signature['msg'], 'blocked',
True)
assert (found)
post_events_scan = global_functions.get_app_metric_value(app, "scan")
post_events_detect = global_functions.get_app_metric_value(
app, "detect")
post_events_block = global_functions.get_app_metric_value(app, "block")
print("pre_events_scan: %s post_events_scan: %s" %
(str(pre_events_scan), str(post_events_scan)))
print("pre_events_detect: %s post_events_detect: %s" %
(str(pre_events_detect), str(post_events_detect)))
print("pre_events_block: %s post_events_block: %s" %
(str(pre_events_block), str(post_events_block)))
# assert(pre_events_scan < post_events_scan)
assert (pre_events_detect < post_events_detect)
assert (pre_events_block < post_events_block)
def test_016_flag_url(self):
"""verify basic URL blocking the the url block list"""
pre_events_scan = global_functions.get_app_metric_value(
self.app, "scan")
pre_events_pass = global_functions.get_app_metric_value(
self.app, "pass")
pre_events_block = global_functions.get_app_metric_value(
self.app, "block")
self.block_url_list_add("test.untangle.com/test/testPage1.html")
result = self.get_web_request_results(
url="http://test.untangle.com/test/testPage1.html",
expected="blockpage")
self.block_url_list_clear()
assert (result == 0)
# verify the faceplate counters have incremented.
post_events_scan = global_functions.get_app_metric_value(
self.app, "scan")
post_events_pass = global_functions.get_app_metric_value(
self.app, "pass")
post_events_block = global_functions.get_app_metric_value(
self.app, "block")
assert (pre_events_scan < post_events_scan)
assert (pre_events_pass < post_events_pass)
assert (pre_events_block == post_events_block)
def test_040_createClientVPNTunnel(self):
global appData, vpnServerResult, vpnClientResult
if (vpnClientResult != 0 or vpnServerResult != 0):
raise unittest2.SkipTest("No paried VPN client available")
pre_events_connect = global_functions.get_app_metric_value(
app, "connect")
running = remote_control.run_command(
"pidof openvpn",
host=global_functions.vpnClientVpnIP,
)
loopLimit = 5
while ((running == 0) and (loopLimit > 0)):
# OpenVPN is running, wait 5 sec to see if openvpm is done
loopLimit -= 1
time.sleep(5)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.vpnClientVpnIP)
if loopLimit == 0:
# try killing the openvpn session as it is probably stuck
remote_control.run_command("sudo pkill openvpn",
host=global_functions.vpnClientVpnIP)
time.sleep(2)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.vpnClientVpnIP)
if running == 0:
raise unittest2.SkipTest("OpenVPN test machine already in use")
appData = app.getSettings()
appData["serverEnabled"] = True
siteName = appData['siteName']
appData['exports']['list'].append(
create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
app.setSettings(appData)
clientLink = app.getClientDistributionDownloadLink(
vpnClientName, "zip")
# print clientLink
# download client config file
result = os.system(
"wget -o /dev/null -t 1 --timeout=3 http://localhost" +
clientLink + " -O /tmp/clientconfig.zip")
assert (result == 0)
# copy the config file to the remote PC, unzip the files and move to the openvpn directory on the remote device
result = os.system(
"scp -o 'StrictHostKeyChecking=no' -i " +
global_functions.get_prefix() +
"/usr/lib/python2.7/tests/test_shell.key /tmp/clientconfig.zip testshell@"
+ global_functions.vpnClientVpnIP + ":/tmp/>/dev/null 2>&1")
assert (result == 0)
remote_control.run_command(
"sudo unzip -o /tmp/clientconfig.zip -d /tmp/",
host=global_functions.vpnClientVpnIP)
remote_control.run_command(
"sudo rm -f /etc/openvpn/*.conf; sudo rm -f /etc/openvpn/*.ovpn; sudo rm -rf /etc/openvpn/keys",
host=global_functions.vpnClientVpnIP)
remote_control.run_command(
"sudo mv -f /tmp/untangle-vpn/* /etc/openvpn/",
host=global_functions.vpnClientVpnIP)
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " +
siteName + ".conf >/dev/null 2>&1 &",
host=global_functions.vpnClientVpnIP)
timeout = waitForClientVPNtoConnect()
# If VPN tunnel has failed to connect so fail the test,
assert (timeout > 0)
# ping the test host behind the Untangle from the remote testbox
result = remote_control.run_command(
"ping -c 2 " + remote_control.clientIP,
host=global_functions.vpnClientVpnIP)
listOfClients = app.getActiveClients()
print "address " + listOfClients['list'][0]['address']
print "vpn address 1 " + listOfClients['list'][0]['poolAddress']
host_result = remote_control.run_command("host test.untangle.com",
stdout=True)
# print "host_result <%s>" % host_result
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}',
host_result)
ip_address_testuntangle = (match.group()).replace('address ', '')
# stop the vpn tunnel on remote box
remote_control.run_command("sudo pkill openvpn",
host=global_functions.vpnClientVpnIP)
time.sleep(3) # openvpn takes time to shut down
assert (result == 0)
assert (listOfClients['list'][0]['address'] ==
global_functions.vpnClientVpnIP)
events = global_functions.get_events('OpenVPN', 'Connection Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
'remote_address',
global_functions.vpnClientVpnIP,
'client_name', vpnClientName)
assert (found)
# Check to see if the faceplate counters have incremented.
post_events_connect = global_functions.get_app_metric_value(
app, "connect")
assert (pre_events_connect < post_events_connect)
def test_079_createClientVPNTunnelADUserPass(self):
global appData, vpnServerResult, vpnClientResult, appDC
if (vpnClientResult != 0 or vpnServerResult != 0):
raise unittest2.SkipTest("No paried VPN client available")
pre_events_connect = global_functions.get_app_metric_value(
app, "connect")
if (adResult != 0):
raise unittest2.SkipTest("No AD server available")
appNameDC = "directory-connector"
if (uvmContext.appManager().isInstantiated(appNameDC)):
print("App %s already installed" % appNameDC)
appDC = uvmContext.appManager().app(appNameDC)
else:
appDC = uvmContext.appManager().instantiate(
appNameDC, default_policy_id)
appDC.setSettings(
createDirectoryConnectorSettings(ad_enable=True, ldap_secure=True))
running = remote_control.run_command(
"pidof openvpn",
host=global_functions.VPN_CLIENT_IP,
)
loopLimit = 5
while ((running == 0) and (loopLimit > 0)):
# OpenVPN is running, wait 5 sec to see if openvpn is done
loopLimit -= 1
time.sleep(5)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if loopLimit == 0:
# try killing the openvpn session as it is probably stuck
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
time.sleep(2)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if running == 0:
raise unittest2.SkipTest("OpenVPN test machine already in use")
appData = app.getSettings()
appData["serverEnabled"] = True
siteName = appData['siteName']
appData['exports']['list'].append(
create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
#enable user/password authentication, set to AD directory
appData['authUserPass'] = True
appData["authenticationType"] = "ACTIVE_DIRECTORY"
app.setSettings(appData)
clientLink = app.getClientDistributionDownloadLink(
vpnClientName, "zip")
#download, unzip, move config to correct directory
result = configureVPNClientForConnection(clientLink)
assert (result == 0)
#create credentials file containing username/password
remote_control.run_command(
"echo " + global_functions.AD_USER +
" > /tmp/authUserPassFile; echo passwd >> /tmp/authUserPassFile",
host=global_functions.VPN_CLIENT_IP)
#connect to openvpn using the file
remote_control.run_command(
"cd /etc/openvpn; sudo nohup openvpn --config " + siteName +
".conf --auth-user-pass /tmp/authUserPassFile >/dev/null 2>&1 &",
host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
# fail if tunnel doesn't connect
assert (timeout > 0)
# ping the test host behind the Untangle from the remote testbox
result = remote_control.run_command(
"ping -c 2 " + remote_control.clientIP,
host=global_functions.VPN_CLIENT_IP)
listOfClients = app.getActiveClients()
print("address " + listOfClients['list'][0]['address'])
print("vpn address 1 " + listOfClients['list'][0]['poolAddress'])
host_result = remote_control.run_command("host test.untangle.com",
stdout=True)
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}',
host_result)
ip_address_testuntangle = (match.group()).replace('address ', '')
# stop the vpn tunnel on remote box
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
# openvpn takes time to shut down
time.sleep(3)
assert (result == 0)
assert (listOfClients['list'][0]['address'] ==
global_functions.VPN_CLIENT_IP)
events = global_functions.get_events('OpenVPN', 'Connection Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
'remote_address',
global_functions.VPN_CLIENT_IP,
'client_name', vpnClientName)
assert (found)
# Check to see if the faceplate counters have incremented.
post_events_connect = global_functions.get_app_metric_value(
app, "connect")
assert (pre_events_connect < post_events_connect)
def test_060_createDeleteClientVPNTunnel(self):
global appData, vpnServerResult, vpnClientResult
if (vpnClientResult != 0 or vpnServerResult != 0):
raise unittest2.SkipTest("No paried VPN client available")
pre_events_connect = global_functions.get_app_metric_value(
app, "connect")
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
loopLimit = 5
while ((running == 0) and (loopLimit > 0)):
# OpenVPN is running, wait 5 sec to see if openvpn is done
loopLimit -= 1
time.sleep(5)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if loopLimit == 0:
# openvpn is probably stuck, kill it and re-run
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
time.sleep(2)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if running == 0:
raise unittest2.SkipTest("OpenVPN test machine already in use")
appData = app.getSettings()
appData["serverEnabled"] = True
siteName = appData['siteName']
appData['exports']['list'].append(
create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
app.setSettings(appData)
#print(appData)
clientLink = app.getClientDistributionDownloadLink(
vpnClientName, "zip")
print(clientLink)
#download, unzip, move config to correct directory
result = configureVPNClientForConnection(clientLink)
assert (result == 0)
#start openvpn tunnel
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " +
siteName + ".conf >/dev/null 2>&1 &",
host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
# fail test if vpn tunnel does not connect
assert (timeout > 0)
result = remote_control.run_command(
"ping -c 2 " + remote_control.clientIP,
host=global_functions.VPN_CLIENT_IP)
listOfClients = app.getActiveClients()
print("address " + listOfClients['list'][0]['address'])
print("vpn address 1 " + listOfClients['list'][0]['poolAddress'])
host_result = remote_control.run_command("host test.untangle.com",
stdout=True)
print("host_result <%s>" % host_result)
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}',
host_result)
ip_address_testuntangle = (match.group()).replace('address ', '')
#stop the vpn tunnel
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
time.sleep(3) # wait for openvpn to stop
assert (result == 0)
assert (listOfClients['list'][0]['address'] ==
global_functions.VPN_CLIENT_IP)
events = global_functions.get_events('OpenVPN', 'Connection Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
'remote_address',
global_functions.VPN_CLIENT_IP,
'client_name', vpnClientName)
assert (found)
#check to see if the faceplate counters have incremented
post_events_connect = global_functions.get_app_metric_value(
app, "connect")
assert (pre_events_connect < post_events_connect)
#delete the user
appData['remoteClients']['list'][:] = []
app.setSettings(appData)
#attempt to connect with now deleted user
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " +
siteName + ".conf >/dev/null 2>&1 &",
host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
#fail the test if it does connect
assert (timeout <= 0)
#create the same user again
appData['exports']['list'].append(
create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
app.setSettings(appData)
#print(appData)
clientLink = app.getClientDistributionDownloadLink(
vpnClientName, "zip")
print(clientLink)
#download, unzip, move config to correct directory
result = configureVPNClientForConnection(clientLink)
assert (result == 0)
#check the key files to make sure they aren't O length
for x in range(0, 3):
if x == 0:
crtSize = remote_control.run_command(
"du /etc/openvpn/keys/" + siteName + "-" + vpnClientName +
".crt",
host=global_functions.VPN_CLIENT_IP,
stdout=True)
fileSize = int(crtSize[0])
elif x == 1:
cacrtSize = remote_control.run_command(
"du /etc/openvpn/keys/" + siteName + "-" + vpnClientName +
"-ca.crt",
host=global_functions.VPN_CLIENT_IP,
stdout=True)
fileSize = int(cacrtSize[0])
elif x == 2:
keySize = remote_control.run_command(
"du /etc/openvpn/keys/" + siteName + "-" + vpnClientName +
".key",
host=global_functions.VPN_CLIENT_IP,
stdout=True)
fileSize = int(keySize[0])
assert (fileSize > 0)
#start openvpn
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " +
siteName + ".conf >/dev/null 2>&1 &",
host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
# fail test if vpn tunnel does not connect
assert (timeout > 0)
result = remote_control.run_command(
"ping -c 2 " + remote_control.clientIP,
host=global_functions.VPN_CLIENT_IP)
listOfClients = app.getActiveClients()
print("address " + listOfClients['list'][0]['address'])
print("vpn address 1 " + listOfClients['list'][0]['poolAddress'])
host_result = remote_control.run_command("host test.untangle.com",
stdout=True)
print("host_result <%s>" % host_result)
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}',
host_result)
ip_address_testuntangle = (match.group()).replace('address ', '')
#stop the vpn tunnel
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
time.sleep(3) # wait for openvpn to stop
assert (result == 0)
assert (listOfClients['list'][0]['address'] ==
global_functions.VPN_CLIENT_IP)
events = global_functions.get_events('OpenVPN', 'Connection Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
'remote_address',
global_functions.VPN_CLIENT_IP,
'client_name', vpnClientName)
assert (found)
#check to see if the faceplate counters have incremented
post_events_connect = global_functions.get_app_metric_value(
app, "connect")
assert (pre_events_connect < post_events_connect)
def test_040_createClientVPNTunnel(self):
global appData, vpnServerResult, vpnClientResult
if (vpnClientResult != 0 or vpnServerResult != 0):
raise unittest2.SkipTest("No paried VPN client available")
pre_events_connect = global_functions.get_app_metric_value(
app, "connect")
running = remote_control.run_command(
"pidof openvpn",
host=global_functions.VPN_CLIENT_IP,
)
loopLimit = 5
while ((running == 0) and (loopLimit > 0)):
# OpenVPN is running, wait 5 sec to see if openvpm is done
loopLimit -= 1
time.sleep(5)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if loopLimit == 0:
# try killing the openvpn session as it is probably stuck
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
time.sleep(2)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if running == 0:
raise unittest2.SkipTest("OpenVPN test machine already in use")
appData = app.getSettings()
appData["serverEnabled"] = True
siteName = appData['siteName']
appData['exports']['list'].append(
create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
app.setSettings(appData)
clientLink = app.getClientDistributionDownloadLink(
vpnClientName, "zip")
# print(clientLink)
#download, unzip, move config to correct directory
result = configureVPNClientForConnection(clientLink)
assert (result == 0)
#start openvpn tunnel
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " +
siteName + ".conf >/dev/null 2>&1 &",
host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
# If VPN tunnel has failed to connect so fail the test,
assert (timeout > 0)
# ping the test host behind the Untangle from the remote testbox
result = remote_control.run_command(
"ping -c 2 " + remote_control.clientIP,
host=global_functions.VPN_CLIENT_IP)
listOfClients = app.getActiveClients()
print("address " + listOfClients['list'][0]['address'])
print("vpn address 1 " + listOfClients['list'][0]['poolAddress'])
host_result = remote_control.run_command("host test.untangle.com",
stdout=True)
# print("host_result <%s>" % host_result)
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}',
host_result)
ip_address_testuntangle = (match.group()).replace('address ', '')
# stop the vpn tunnel on remote box
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
time.sleep(3) # openvpn takes time to shut down
assert (result == 0)
assert (listOfClients['list'][0]['address'] ==
global_functions.VPN_CLIENT_IP)
events = global_functions.get_events('OpenVPN', 'Connection Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
'remote_address',
global_functions.VPN_CLIENT_IP,
'client_name', vpnClientName)
assert (found)
# Check to see if the faceplate counters have incremented.
post_events_connect = global_functions.get_app_metric_value(
app, "connect")
assert (pre_events_connect < post_events_connect)
