def test_120_natOneToOneWanDown(self): # create a 1:1 NAT and then down the wan which the NAT is set to # if there are more than one WAN if remote_control.quickTestsOnly: raise unittest2.SkipTest('Skipping a time consuming test') if (len(indexOfWans) < 2): raise unittest2.SkipTest("Need at least two WANS for combination of wan-balancer and wan failover tests") pre_count = global_functions.get_app_metric_value(appWanFailover,"changed") # raise unittest2.SkipTest('Skipping test_120_natOneToOneWanDown as not possible with current network layout ') netsettings = uvmContext.networkManager().getNetworkSettings() nukeWanBalancerRules(); nukeFailoverRules() # create valid failover tests for wanIndexTup in indexOfWans: wanIndex = wanIndexTup[0] buildWanTestRule(wanIndex) for wanIndexTup in indexOfWans: # get the WAN IP address which was source routed wanIndex = wanIndexTup[0] wanIP = wanIndexTup[1] wanExternalIP = wanIndexTup[2] # Add networking route which does not handle re-routing if WAN is down netsettings['natRules']['list']=[] netsettings['natRules']['list'].append(buildNatRule("DST_ADDR",ip_address_testdestination,wanIP)) uvmContext.networkManager().setNetworkSettings(netsettings) # Test that only the routed interface is used 5 times subprocess.check_output("ip route flush cache", shell=True) for x in range(0, 5): result = global_functions.get_public_ip_address() print("NAT 1:1 IP %s External IP %s and retrieved IP %s" % (wanIP, wanExternalIP, result)) assert (result == wanExternalIP) # now down the selected wan and see if traffic flows out the other wan buildWanTestRule(wanIndex, "ping", "192.168.244.1") # Wait for targeted the WAN to be off line before testing that the WAN is off line. timeout = 50000 online = True offlineWanIndex = wanIndex while online and timeout > 0: timeout -= 1 wanStatus = appWanFailover.getWanStatus() for statusInterface in wanStatus['list']: if statusInterface['interfaceId'] == offlineWanIndex: online = statusInterface['online'] time.sleep(10) # Let WAN balancer see that the interface is down subprocess.check_output("ip route flush cache", shell=True) for x in range(0, 5): result = global_functions.get_public_ip_address() print("WAN Down NAT 1:1 IP %s External IP %s and retrieved IP %s" % (wanIP, wanExternalIP, result)) assert (result == wanExternalIP) uvmContext.networkManager().setNetworkSettings(orig_netsettings) nukeFailoverRules() # Check to see if the faceplate counters have incremented. post_count = global_functions.get_app_metric_value(appWanFailover,"changed") assert(pre_count < post_count)
def test_020_testBasicWebCache(self): if remote_control.quickTestsOnly: raise unittest2.SkipTest('Skipping a time consuming test') pre_events_hit = global_functions.get_app_metric_value(app, "hit") app.clearSquidCache() for x in range(0, 10): result = remote_control.run_command( "wget -q -O /dev/null -4 -t 2 --timeout=5 http://test.untangle.com/" ) time.sleep(1) assert (result == 0) time.sleep(65) # summary-events only written every 60 seconds events = global_functions.get_events('Web Cache', 'Web Cache Events', None, 1) assert (events != None) # verify at least one hit assert (events['list'][0]) assert (events['list'][0]['hits']) # Check to see if the faceplate counters have incremented. post_events_hit = global_functions.get_app_metric_value(app, "hit") assert (pre_events_hit < post_events_hit)
def test_020_smtpQuarantinedPhishBlockerTest(self): if (not canRelay): raise unittest2.SkipTest('Unable to relay through' + smtpServerHost) pre_events_quarantine = global_functions.get_app_metric_value( app, "quarantine") appData['smtpConfig']['scanWanMail'] = True appData['smtpConfig']['strength'] = 5 app.setSettings(appData) # Get the IP address of test.untangle.com result = remote_control.run_command("host " + smtpServerHost, stdout=True) match = re.search(r'\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', result) ip_address_testuntangle = match.group() # sometimes the load is very high >7 and sending mail will fail # sleep for a while for the load to go down try: if float(file("/proc/loadavg", "r").readline().split(" ")[0]) > 3: time.sleep(30) except: pass timeout = 12 found = False email_index = 20 while (not found and timeout > 0): time.sleep(3) email_index += 1 from_address = "test0" + str(email_index) sendPhishMail(mailfrom=from_address) events = global_functions.get_events('Phish Blocker', 'All Phish Events', None, 1) assert (events != None) # print(events['list'][0]) found = global_functions.check_events( events.get('list'), 5, 'c_server_addr', ip_address_testuntangle, 's_server_port', 25, 'addr', '*****@*****.**', 'c_client_addr', remote_control.clientIP, 'phish_blocker_action', 'Q') timeout -= 1 assert (found) # Check to see if the faceplate counters have incremented. post_events_quarantine = global_functions.get_app_metric_value( app, "quarantine") assert (pre_events_quarantine < post_events_quarantine)
def test_026_protoRule_Pandora(self): pre_count = global_functions.get_app_metric_value(app,"pass") touchProtoRule("Pandora",False,False) result1 = remote_control.run_command("wget --no-check-certificate -q -O /dev/null -4 -t 2 --timeout=5 https://pandora.com/") touchProtoRule("Pandora",True,True) result2 = remote_control.run_command("wget --no-check-certificate -q -O /dev/null -4 -t 2 --timeout=5 https://pandora.com/") touchProtoRule("Pandora",False,False) assert (result1 == 0) assert (result2 != 0) # Check to see if the faceplate counters have incremented. post_count = global_functions.get_app_metric_value(app,"pass") assert(pre_count < post_count)
def test_015_httpEicarBlocked(self): if platform.machine().startswith('arm'): raise unittest2.SkipTest("local scanner not available on ARM") pre_events_scan = global_functions.get_app_metric_value(app,"scan") pre_events_block = global_functions.get_app_metric_value(app,"block") result = remote_control.run_command("wget -q -O - http://test.untangle.com/virus/eicar.zip 2>&1 | grep -q blocked") assert (result == 0) post_events_scan = global_functions.get_app_metric_value(app,"scan") post_events_block = global_functions.get_app_metric_value(app,"block") assert(pre_events_scan < post_events_scan) assert(pre_events_block < post_events_block)
def test_050_severely_limited_web_filter_flagged(self): global app, app_web_filter nuke_rules() pre_count = global_functions.get_app_metric_value(app, "prioritize") priority_level = 7 # This test might need web filter for http to start # Record average speed without bandwidth control configured wget_speed_pre = global_functions.get_download_speed( download_server="test.untangle.com") # Create WEB_FILTER_FLAGGED based rule to limit bandwidth append_rule( create_single_condition_rule("WEB_FILTER_FLAGGED", "true", "SET_PRIORITY", priority_level)) # Test.untangle.com is listed as Software, Hardware in web filter. As of 1/2014 its in Technology settingsWF = app_web_filter.getSettings() i = 0 untangleCats = ["Software,", "Technology"] for webCategories in settingsWF['categories']['list']: if any(x in webCategories['name'] for x in untangleCats): settingsWF['categories']['list'][i]['flagged'] = "true" i += 1 app_web_filter.setSettings(settingsWF) # Download file and record the average speed in which the file was download wget_speed_post = global_functions.get_download_speed( download_server="test.untangle.com") print_results(wget_speed_pre, wget_speed_post, wget_speed_pre * 0.1, wget_speed_pre * limited_acceptance_ratio) assert ((wget_speed_post) and (wget_speed_post)) assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post) events = global_functions.get_events('Bandwidth Control', 'Prioritized Sessions', None, 5) assert (events != None) found = global_functions.check_events(events.get('list'), 5, "bandwidth_control_priority", priority_level, "c_client_addr", remote_control.clientIP) assert (found) # Check to see if the faceplate counters have incremented. post_count = global_functions.get_app_metric_value(app, "prioritize") assert (pre_count < post_count)
def test_060_createIpsecTunnelHostname(self): if (ipsecHostResult != 0): raise unittest2.SkipTest("No paried IPSec server available") pre_events_enabled = global_functions.get_app_metric_value( app, "enabled") wan_IP = uvmContext.networkManager().getFirstWanAddress() pairMatchNotFound = True listOfPairs = "" addDNSRule(createDNSRule(ipsecHost, ipsecHostname)) # verify L2TP is off NGFW-7212 ipsecSettings = app.getSettings() ipsecSettings["vpnflag"] = False app.setSettings(ipsecSettings) for hostConfig in configuredHostIPs: print hostConfig[0] listOfPairs += str(hostConfig[0]) + ", " if (wan_IP in hostConfig[0]): appendTunnel( addIPSecTunnel(ipsecHostname, ipsecHostLAN, hostConfig[0], hostConfig[1], hostConfig[2])) pairMatchNotFound = False if (pairMatchNotFound): raise unittest2.SkipTest("IPsec test only configed for IPs %s" % (listOfPairs)) timeout = 10 ipsecHostLANResult = 1 while (ipsecHostLANResult != 0 and timeout > 0): timeout -= 1 time.sleep(1) # ping the remote LAN to see if the IPsec tunnel is connected. ipsecHostLANResult = remote_control.run_command( "wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/" % ipsecHostLANIP) post_events_enabled = global_functions.get_app_metric_value( app, "enabled") nukeIPSecTunnels() assert (ipsecHostLANResult == 0) # Check to see if the faceplate counters have incremented. assert (pre_events_enabled < post_events_enabled)
def test_020_createIpsecTunnel(self): global tunnelUp if (ipsecHostResult != 0): raise unittest2.SkipTest("No paried IPSec server available") pre_events_enabled = global_functions.get_app_metric_value( app, "enabled") wan_IP = uvmContext.networkManager().getFirstWanAddress() pairMatchNotFound = True listOfPairs = "" for hostConfig in configuredHostIPs: print hostConfig[0] listOfPairs += str(hostConfig[0]) + ", " if (wan_IP in hostConfig[0]): appendTunnel( addIPSecTunnel(ipsecHost, ipsecHostLAN, hostConfig[0], hostConfig[1], hostConfig[2])) pairMatchNotFound = False if (pairMatchNotFound): raise unittest2.SkipTest("IPsec test only configed for IPs %s" % (listOfPairs)) timeout = 10 ipsecHostLANResult = 1 while (ipsecHostLANResult != 0 and timeout > 0): timeout -= 1 time.sleep(1) # ping the remote LAN to see if the IPsec tunnel is connected. ipsecHostLANResult = remote_control.run_command( "wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/" % ipsecHostLANIP) assert (ipsecHostLANResult == 0) ipsecPcLanResult = remote_control.run_command("ping -c 1 %s" % ipsecPcLANIP) assert (ipsecPcLanResult == 0) tunnelUp = True # Check to see if the faceplate counters have incremented. post_events_enabled = global_functions.get_app_metric_value( app, "enabled") assert (pre_events_enabled < post_events_enabled)
def test_065_all_wan_offline_but_one(self): if remote_control.quickTestsOnly: raise unittest2.SkipTest('Skipping a time consuming test') if (len(indexOfWans) < 2): raise unittest2.SkipTest( "Need at least two WANS for test_065_downAllButOneWan") pre_count = global_functions.get_app_metric_value(app, "changed") validWanIP = None # loop through the WANs keeping one up and the rest down. for upWanIndexTup in indexOfWans: upWanIndex = upWanIndexTup[0] nuke_rules() for wanIndexTup in indexOfWans: wanIndex = wanIndexTup[0] if upWanIndex != wanIndex: # make this interface test disconnected build_wan_test(wanIndex, "ping", pingHost="192.168.244.1") else: validWanIP = wanIndexTup[2] build_wan_test(upWanIndex, "ping", pingHost="8.8.8.8") print "validIP is %s" % validWanIP wait_for_wan_offline() online_count = online_wan_count() offline_count = offline_wan_count() assert (online_count == 1) assert (offline_count > 0) for x in range(0, 8): result = global_functions.get_public_ip_address() print "IP address %s and validWanIP %s" % (result, validWanIP) assert (result == validWanIP) # Check to see if the faceplate counters have incremented. post_count = global_functions.get_app_metric_value(app, "changed") assert (pre_count < post_count)
def test_903_blockLocalEventLog(self): rules_clear() rule_append(create_rule_single_condition("CLIENT_COUNTRY", "XL")) pre_events_block = global_functions.get_app_metric_value(app, "block") result = remote_control.run_command( "wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/") assert (result != 0) events = global_functions.get_events('Firewall', 'Blocked Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'c_client_addr', remote_control.clientIP, 'client_country', "XL", 'firewall_blocked', True, 'firewall_flagged', True) assert (found) # Check to see if the faceplate counters have incremented. post_events_block = global_functions.get_app_metric_value(app, "block") assert (pre_events_block < post_events_block)
def test_060_app_stats(self): """ Checks that the scan, detect, and block stats are properly incremented """ global app if remote_control.quickTestsOnly: raise unittest2.SkipTest('Skipping a time consuming test') signature = self.intrusion_prevention_interface.create_signature( msg="TCP Block", type="tcp", block=True, directive="content:\"CompanySecret\"; nocase;") self.intrusion_prevention_interface.config_request( "save", self.intrusion_prevention_interface.create_patch( "signature", "add", signature)) app.reconfigure() app.forceUpdateStats() time.sleep(5) pre_events_scan = global_functions.get_app_metric_value(app, "scan") pre_events_detect = global_functions.get_app_metric_value( app, "detect") pre_events_block = global_functions.get_app_metric_value(app, "block") result = remote_control.run_command( "wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret" ) time.sleep(5) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention', 'All Events', None, 1) found = global_functions.check_events(events.get('list'), 5, 'msg', signature['msg'], 'blocked', True) assert (found) post_events_scan = global_functions.get_app_metric_value(app, "scan") post_events_detect = global_functions.get_app_metric_value( app, "detect") post_events_block = global_functions.get_app_metric_value(app, "block") print("pre_events_scan: %s post_events_scan: %s" % (str(pre_events_scan), str(post_events_scan))) print("pre_events_detect: %s post_events_detect: %s" % (str(pre_events_detect), str(post_events_detect))) print("pre_events_block: %s post_events_block: %s" % (str(pre_events_block), str(post_events_block))) # assert(pre_events_scan < post_events_scan) assert (pre_events_detect < post_events_detect) assert (pre_events_block < post_events_block)
def test_016_flag_url(self): """verify basic URL blocking the the url block list""" pre_events_scan = global_functions.get_app_metric_value( self.app, "scan") pre_events_pass = global_functions.get_app_metric_value( self.app, "pass") pre_events_block = global_functions.get_app_metric_value( self.app, "block") self.block_url_list_add("test.untangle.com/test/testPage1.html") result = self.get_web_request_results( url="http://test.untangle.com/test/testPage1.html", expected="blockpage") self.block_url_list_clear() assert (result == 0) # verify the faceplate counters have incremented. post_events_scan = global_functions.get_app_metric_value( self.app, "scan") post_events_pass = global_functions.get_app_metric_value( self.app, "pass") post_events_block = global_functions.get_app_metric_value( self.app, "block") assert (pre_events_scan < post_events_scan) assert (pre_events_pass < post_events_pass) assert (pre_events_block == post_events_block)
def test_040_createClientVPNTunnel(self): global appData, vpnServerResult, vpnClientResult if (vpnClientResult != 0 or vpnServerResult != 0): raise unittest2.SkipTest("No paried VPN client available") pre_events_connect = global_functions.get_app_metric_value( app, "connect") running = remote_control.run_command( "pidof openvpn", host=global_functions.vpnClientVpnIP, ) loopLimit = 5 while ((running == 0) and (loopLimit > 0)): # OpenVPN is running, wait 5 sec to see if openvpm is done loopLimit -= 1 time.sleep(5) running = remote_control.run_command( "pidof openvpn", host=global_functions.vpnClientVpnIP) if loopLimit == 0: # try killing the openvpn session as it is probably stuck remote_control.run_command("sudo pkill openvpn", host=global_functions.vpnClientVpnIP) time.sleep(2) running = remote_control.run_command( "pidof openvpn", host=global_functions.vpnClientVpnIP) if running == 0: raise unittest2.SkipTest("OpenVPN test machine already in use") appData = app.getSettings() appData["serverEnabled"] = True siteName = appData['siteName'] appData['exports']['list'].append( create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) app.setSettings(appData) clientLink = app.getClientDistributionDownloadLink( vpnClientName, "zip") # print clientLink # download client config file result = os.system( "wget -o /dev/null -t 1 --timeout=3 http://localhost" + clientLink + " -O /tmp/clientconfig.zip") assert (result == 0) # copy the config file to the remote PC, unzip the files and move to the openvpn directory on the remote device result = os.system( "scp -o 'StrictHostKeyChecking=no' -i " + global_functions.get_prefix() + "/usr/lib/python2.7/tests/test_shell.key /tmp/clientconfig.zip testshell@" + global_functions.vpnClientVpnIP + ":/tmp/>/dev/null 2>&1") assert (result == 0) remote_control.run_command( "sudo unzip -o /tmp/clientconfig.zip -d /tmp/", host=global_functions.vpnClientVpnIP) remote_control.run_command( "sudo rm -f /etc/openvpn/*.conf; sudo rm -f /etc/openvpn/*.ovpn; sudo rm -rf /etc/openvpn/keys", host=global_functions.vpnClientVpnIP) remote_control.run_command( "sudo mv -f /tmp/untangle-vpn/* /etc/openvpn/", host=global_functions.vpnClientVpnIP) remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " + siteName + ".conf >/dev/null 2>&1 &", host=global_functions.vpnClientVpnIP) timeout = waitForClientVPNtoConnect() # If VPN tunnel has failed to connect so fail the test, assert (timeout > 0) # ping the test host behind the Untangle from the remote testbox result = remote_control.run_command( "ping -c 2 " + remote_control.clientIP, host=global_functions.vpnClientVpnIP) listOfClients = app.getActiveClients() print "address " + listOfClients['list'][0]['address'] print "vpn address 1 " + listOfClients['list'][0]['poolAddress'] host_result = remote_control.run_command("host test.untangle.com", stdout=True) # print "host_result <%s>" % host_result match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ', '') # stop the vpn tunnel on remote box remote_control.run_command("sudo pkill openvpn", host=global_functions.vpnClientVpnIP) time.sleep(3) # openvpn takes time to shut down assert (result == 0) assert (listOfClients['list'][0]['address'] == global_functions.vpnClientVpnIP) events = global_functions.get_events('OpenVPN', 'Connection Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'remote_address', global_functions.vpnClientVpnIP, 'client_name', vpnClientName) assert (found) # Check to see if the faceplate counters have incremented. post_events_connect = global_functions.get_app_metric_value( app, "connect") assert (pre_events_connect < post_events_connect)
def test_079_createClientVPNTunnelADUserPass(self): global appData, vpnServerResult, vpnClientResult, appDC if (vpnClientResult != 0 or vpnServerResult != 0): raise unittest2.SkipTest("No paried VPN client available") pre_events_connect = global_functions.get_app_metric_value( app, "connect") if (adResult != 0): raise unittest2.SkipTest("No AD server available") appNameDC = "directory-connector" if (uvmContext.appManager().isInstantiated(appNameDC)): print("App %s already installed" % appNameDC) appDC = uvmContext.appManager().app(appNameDC) else: appDC = uvmContext.appManager().instantiate( appNameDC, default_policy_id) appDC.setSettings( createDirectoryConnectorSettings(ad_enable=True, ldap_secure=True)) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP, ) loopLimit = 5 while ((running == 0) and (loopLimit > 0)): # OpenVPN is running, wait 5 sec to see if openvpn is done loopLimit -= 1 time.sleep(5) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) if loopLimit == 0: # try killing the openvpn session as it is probably stuck remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(2) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) if running == 0: raise unittest2.SkipTest("OpenVPN test machine already in use") appData = app.getSettings() appData["serverEnabled"] = True siteName = appData['siteName'] appData['exports']['list'].append( create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) #enable user/password authentication, set to AD directory appData['authUserPass'] = True appData["authenticationType"] = "ACTIVE_DIRECTORY" app.setSettings(appData) clientLink = app.getClientDistributionDownloadLink( vpnClientName, "zip") #download, unzip, move config to correct directory result = configureVPNClientForConnection(clientLink) assert (result == 0) #create credentials file containing username/password remote_control.run_command( "echo " + global_functions.AD_USER + " > /tmp/authUserPassFile; echo passwd >> /tmp/authUserPassFile", host=global_functions.VPN_CLIENT_IP) #connect to openvpn using the file remote_control.run_command( "cd /etc/openvpn; sudo nohup openvpn --config " + siteName + ".conf --auth-user-pass /tmp/authUserPassFile >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() # fail if tunnel doesn't connect assert (timeout > 0) # ping the test host behind the Untangle from the remote testbox result = remote_control.run_command( "ping -c 2 " + remote_control.clientIP, host=global_functions.VPN_CLIENT_IP) listOfClients = app.getActiveClients() print("address " + listOfClients['list'][0]['address']) print("vpn address 1 " + listOfClients['list'][0]['poolAddress']) host_result = remote_control.run_command("host test.untangle.com", stdout=True) match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ', '') # stop the vpn tunnel on remote box remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) # openvpn takes time to shut down time.sleep(3) assert (result == 0) assert (listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP) events = global_functions.get_events('OpenVPN', 'Connection Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'remote_address', global_functions.VPN_CLIENT_IP, 'client_name', vpnClientName) assert (found) # Check to see if the faceplate counters have incremented. post_events_connect = global_functions.get_app_metric_value( app, "connect") assert (pre_events_connect < post_events_connect)
def test_060_createDeleteClientVPNTunnel(self): global appData, vpnServerResult, vpnClientResult if (vpnClientResult != 0 or vpnServerResult != 0): raise unittest2.SkipTest("No paried VPN client available") pre_events_connect = global_functions.get_app_metric_value( app, "connect") running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) loopLimit = 5 while ((running == 0) and (loopLimit > 0)): # OpenVPN is running, wait 5 sec to see if openvpn is done loopLimit -= 1 time.sleep(5) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) if loopLimit == 0: # openvpn is probably stuck, kill it and re-run remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(2) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) if running == 0: raise unittest2.SkipTest("OpenVPN test machine already in use") appData = app.getSettings() appData["serverEnabled"] = True siteName = appData['siteName'] appData['exports']['list'].append( create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) app.setSettings(appData) #print(appData) clientLink = app.getClientDistributionDownloadLink( vpnClientName, "zip") print(clientLink) #download, unzip, move config to correct directory result = configureVPNClientForConnection(clientLink) assert (result == 0) #start openvpn tunnel remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " + siteName + ".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() # fail test if vpn tunnel does not connect assert (timeout > 0) result = remote_control.run_command( "ping -c 2 " + remote_control.clientIP, host=global_functions.VPN_CLIENT_IP) listOfClients = app.getActiveClients() print("address " + listOfClients['list'][0]['address']) print("vpn address 1 " + listOfClients['list'][0]['poolAddress']) host_result = remote_control.run_command("host test.untangle.com", stdout=True) print("host_result <%s>" % host_result) match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ', '') #stop the vpn tunnel remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(3) # wait for openvpn to stop assert (result == 0) assert (listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP) events = global_functions.get_events('OpenVPN', 'Connection Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'remote_address', global_functions.VPN_CLIENT_IP, 'client_name', vpnClientName) assert (found) #check to see if the faceplate counters have incremented post_events_connect = global_functions.get_app_metric_value( app, "connect") assert (pre_events_connect < post_events_connect) #delete the user appData['remoteClients']['list'][:] = [] app.setSettings(appData) #attempt to connect with now deleted user remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " + siteName + ".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() #fail the test if it does connect assert (timeout <= 0) #create the same user again appData['exports']['list'].append( create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) app.setSettings(appData) #print(appData) clientLink = app.getClientDistributionDownloadLink( vpnClientName, "zip") print(clientLink) #download, unzip, move config to correct directory result = configureVPNClientForConnection(clientLink) assert (result == 0) #check the key files to make sure they aren't O length for x in range(0, 3): if x == 0: crtSize = remote_control.run_command( "du /etc/openvpn/keys/" + siteName + "-" + vpnClientName + ".crt", host=global_functions.VPN_CLIENT_IP, stdout=True) fileSize = int(crtSize[0]) elif x == 1: cacrtSize = remote_control.run_command( "du /etc/openvpn/keys/" + siteName + "-" + vpnClientName + "-ca.crt", host=global_functions.VPN_CLIENT_IP, stdout=True) fileSize = int(cacrtSize[0]) elif x == 2: keySize = remote_control.run_command( "du /etc/openvpn/keys/" + siteName + "-" + vpnClientName + ".key", host=global_functions.VPN_CLIENT_IP, stdout=True) fileSize = int(keySize[0]) assert (fileSize > 0) #start openvpn remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " + siteName + ".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() # fail test if vpn tunnel does not connect assert (timeout > 0) result = remote_control.run_command( "ping -c 2 " + remote_control.clientIP, host=global_functions.VPN_CLIENT_IP) listOfClients = app.getActiveClients() print("address " + listOfClients['list'][0]['address']) print("vpn address 1 " + listOfClients['list'][0]['poolAddress']) host_result = remote_control.run_command("host test.untangle.com", stdout=True) print("host_result <%s>" % host_result) match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ', '') #stop the vpn tunnel remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(3) # wait for openvpn to stop assert (result == 0) assert (listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP) events = global_functions.get_events('OpenVPN', 'Connection Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'remote_address', global_functions.VPN_CLIENT_IP, 'client_name', vpnClientName) assert (found) #check to see if the faceplate counters have incremented post_events_connect = global_functions.get_app_metric_value( app, "connect") assert (pre_events_connect < post_events_connect)
def test_040_createClientVPNTunnel(self): global appData, vpnServerResult, vpnClientResult if (vpnClientResult != 0 or vpnServerResult != 0): raise unittest2.SkipTest("No paried VPN client available") pre_events_connect = global_functions.get_app_metric_value( app, "connect") running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP, ) loopLimit = 5 while ((running == 0) and (loopLimit > 0)): # OpenVPN is running, wait 5 sec to see if openvpm is done loopLimit -= 1 time.sleep(5) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) if loopLimit == 0: # try killing the openvpn session as it is probably stuck remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(2) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) if running == 0: raise unittest2.SkipTest("OpenVPN test machine already in use") appData = app.getSettings() appData["serverEnabled"] = True siteName = appData['siteName'] appData['exports']['list'].append( create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) app.setSettings(appData) clientLink = app.getClientDistributionDownloadLink( vpnClientName, "zip") # print(clientLink) #download, unzip, move config to correct directory result = configureVPNClientForConnection(clientLink) assert (result == 0) #start openvpn tunnel remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " + siteName + ".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() # If VPN tunnel has failed to connect so fail the test, assert (timeout > 0) # ping the test host behind the Untangle from the remote testbox result = remote_control.run_command( "ping -c 2 " + remote_control.clientIP, host=global_functions.VPN_CLIENT_IP) listOfClients = app.getActiveClients() print("address " + listOfClients['list'][0]['address']) print("vpn address 1 " + listOfClients['list'][0]['poolAddress']) host_result = remote_control.run_command("host test.untangle.com", stdout=True) # print("host_result <%s>" % host_result) match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ', '') # stop the vpn tunnel on remote box remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(3) # openvpn takes time to shut down assert (result == 0) assert (listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP) events = global_functions.get_events('OpenVPN', 'Connection Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'remote_address', global_functions.VPN_CLIENT_IP, 'client_name', vpnClientName) assert (found) # Check to see if the faceplate counters have incremented. post_events_connect = global_functions.get_app_metric_value( app, "connect") assert (pre_events_connect < post_events_connect)