def test_021_severely_limited_udp(self): global app, app_web_filter, wan_limit_mbit # only use 30% because QoS will limit to 10% and we want to make sure it takes effect # really high levels will actually be limited by the untangle-vm throughput instead of QoS # which can interfere with the test targetSpeedMbit = str(wan_limit_mbit*.3)+"M" if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') # We will use iperf server and iperf for this test. wan_IP = uvmContext.networkManager().getFirstWanAddress() iperfAvailable = global_functions.verify_iperf_configuration(wan_IP) if (not iperfAvailable): raise unittest.SkipTest("Iperf server and/or iperf not available, skipping alternate port forwarding test") # Enabled QoS netsettings = uvmContext.networkManager().getNetworkSettings() nuke_rules() append_rule(create_single_condition_rule("DST_PORT","5000","SET_PRIORITY",1)) pre_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit ) # Create DST_PORT based rule to limit bandwidth nuke_rules() append_rule(create_single_condition_rule("DST_PORT","5000","SET_PRIORITY",7)) post_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit ) print_results( pre_UDP_speed, post_UDP_speed, (wan_limit_kbit/8)*0.1, pre_UDP_speed*.9 ) assert (post_UDP_speed < pre_UDP_speed*.9)
def test_015_qos_nobpass_custom_rules_tcp(self): nuke_rules(self._app) priority_level = 7 # Record average speed without bandwidth control configured wget_speed_pre = global_functions.get_download_speed() # Create SRC_ADDR based custom Q0S rule to limit bypass QoS netsettings = copy.deepcopy(orig_network_settings_with_qos) netsettings['qosSettings']['qosRules']["list"].append( create_qos_custom_rule("SRC_ADDR", remote_control.client_ip, priority_level)) uvmContext.networkManager().setNetworkSettings(netsettings) # Download file and record the average speed in which the file was download wget_speed_post = global_functions.get_download_speed( download_server=target_server) # Restore original network settings uvmContext.networkManager().setNetworkSettings( orig_network_settings_with_qos) # Because the session is NOT bypassed, the QoS rule should not take effect print_results(wget_speed_pre, wget_speed_post, wget_speed_pre * 0.1, wget_speed_pre * limited_acceptance_ratio) assert ((wget_speed_pre) and (wget_speed_post)) assert ( not (wget_speed_pre * limited_acceptance_ratio > wget_speed_post))
def test_045_dns_test_wan_offline(self): if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') if (len(indexOfWans) < 2): raise unittest.SkipTest( "Need at least two WANS for test_045_addDNSFailTestForWans") nuke_rules() orig_offline_count = offline_wan_count() netsettings = uvmContext.networkManager().getNetworkSettings() # Add a fake DNS for each of the interfaces for wanIndexTup in indexOfWans: wanIndex = wanIndexTup[0] # set DNS values to fake DNS set_interface_field(wanIndex, netsettings, 'v4StaticDns1', '192.168.244.' + str(wanIndex)) set_interface_field(wanIndex, netsettings, 'v4StaticDns2', '192.168.244.' + str(wanIndex)) set_interface_field(wanIndex, netsettings, 'v4AutoDns1Override', '192.168.244.' + str(wanIndex)) set_interface_field(wanIndex, netsettings, 'v4AutoDns2Override', '192.168.244.' + str(wanIndex)) uvmContext.networkManager().setNetworkSettings(netsettings) for wanIndexTup in indexOfWans: build_wan_test(wanIndex, "dns") wait_for_wan_offline() offline_count = offline_wan_count() uvmContext.networkManager().setNetworkSettings(orig_netsettings) assert (offline_count > orig_offline_count)
def test_021_shieldOffNmap(self): # enable logging of blocked settings netsettings = uvmContext.networkManager().getNetworkSettings() netsettings['logBlockedSessions'] = True netsettings['logBypassedSessions'] = True uvmContext.networkManager().setNetworkSettings(netsettings) settings = app.getSettings() settings['shieldEnabled'] = False app.setSettings(settings) start_time = datetime.datetime.now() result = remote_control.run_command( "nmap -PN -sT -T5 --min-parallelism 15 -p10000-10100 1.2.3.5 2>&1 >/dev/null" ) assert (result == 0) events = global_functions.get_events('Shield', 'Blocked Session Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'c_client_addr', remote_control.client_ip, 's_server_addr', '1.2.3.5', min_date=start_time) assert (not found)
def test_035_arp_test_wan_offline(self): if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') if (len(indexOfWans) < 2): raise unittest.SkipTest( "Need at least two WANS for test_035_addArpFailTestForWans") nuke_rules() orig_offline_count = offline_wan_count() netsettings = uvmContext.networkManager().getNetworkSettings() # Add a fake gateway for each of the interfaces for wanIndexTup in indexOfWans: wanIndex = wanIndexTup[0] # set gateway to fake gateway set_interface_field(wanIndex, netsettings, 'v4StaticGateway', '192.168.244.' + str(wanIndex)) set_interface_field(wanIndex, netsettings, 'v4AutoGatewayOverride', '192.168.244.' + str(wanIndex)) build_wan_test(wanIndex, "arp") uvmContext.networkManager().setNetworkSettings(netsettings) wait_for_wan_offline() offline_count = offline_wan_count() uvmContext.networkManager().setNetworkSettings(orig_netsettings) assert (offline_count > orig_offline_count) result = remote_control.is_online() assert (result == 0)
def test_080_routedWanVsNetworkRoute(self): # Test that Networking routes override routed rules in WAN Balancer if (len(index_of_wans) < 2): raise unittest.SkipTest("Need at least two WANS for test_080_routedWanVsNetworkRoute") netsettings = netsettings = uvmContext.networkManager().getNetworkSettings() nuke_wan_balancer_route_rules() set_wan_weight("all", 0) weightedIndexTup = index_of_wans[0] routedIndexTup = index_of_wans[1] set_wan_weight(weightedIndexTup[0], 100) # set primary to 100% # configure route in network which uses the second WAN for test.untangle.com routedIP = routedIndexTup[2] routedIPGateway = routedIndexTup[3] append_route_rule(create_route_rule(ip_address_testdestination,32,routedIPGateway)) result1 = global_functions.get_public_ip_address() print("Routed IP %s and retrieved IP %s" % (routedIP, result1)) # Add WAN route IP to Balancer build_single_wan_route_rule("DST_ADDR",ip_address_testdestination,weightedIndexTup[0]) result2 = global_functions.get_public_ip_address(extra_options="--no-check-certificate --secure-protocol=auto") print("Routed IP %s and retrieved IP %s" % (routedIP, result2)) uvmContext.networkManager().setNetworkSettings(orig_netsettings) assert (result1 == routedIP) assert (result2 == routedIP)
def test_032_netSettingsAndCustomWGNetworks(self): """Test if changing the Network Settings LAN address DOES NOT update custom local networks in the WG app""" # Address we want to test with testingAddressNet = "192.168.90" testingAddress = testingAddressNet + ".1" testingDhcpStart = testingAddressNet + ".100" testingDhcpEnd = testingAddressNet + ".200" testingCustomWGAddr = "192.168.92.0/24" # Pull out the current WG settings and the current Network Settings origWGSettings = self._app.getSettings() origNetSettings = uvmContext.networkManager().getNetworkSettings() # Verify the WG settings don't already have this address stored assert(testingAddressNet not in origWGSettings['networks']) # deepcopy network settings for manipulation newNetSettings = copy.deepcopy( origNetSettings ) # deepcopy WG settings for manipulation newWGSettings = copy.deepcopy( origWGSettings ) # update WG settings with a custom configuration newWGSettings['networks'] = testingCustomWGAddr self._app.setSettings(newWGSettings) # Verify custom configuration is returned with get settings assert(testingCustomWGAddr in self._app.getSettings()['networks']) # Find a DHCP LAN device and set it's address to the testing address for intf in newNetSettings['interfaces']['list']: if not intf['isWan']: intf['v4StaticAddress'] = testingAddress if intf['dhcpEnabled']: intf['dhcpRangeStart'] = testingDhcpStart intf['dhcpRangeEnd'] = testingDhcpEnd break # Set the settings to new config uvmContext.networkManager().setNetworkSettings( newNetSettings ) # Test that the custom WG network exists in the latest WG networks list, and that the local networks are not wgSettings = self._app.getSettings() assert(testingAddressNet not in wgSettings['networks']) assert(testingCustomWGAddr in wgSettings['networks']) # Set app back to normal self._app.setSettings(origWGSettings) # Set network settings back to normal uvmContext.networkManager().setNetworkSettings( origNetSettings ) # Get the WG settings again to verify wgSettings = self._app.getSettings() # Assert that old settings were set back properly assert(testingAddressNet not in wgSettings['networks']) assert(testingCustomWGAddr not in wgSettings['networks'])
def final_extra_tear_down(cls): global appAD # Restore original settings to return to initial settings # print("orig_netsettings <%s>" % orig_netsettings) uvmContext.networkManager().setNetworkSettings(orig_netsettings) if appAD != None: uvmContext.appManager().destroy(appAD.getAppSettings()["id"]) appAD = None
def test_110_networkRouteWanDown(self): # create a network route and then down the wan which the route is set to # if there are more than one WAN if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') if (len(index_of_wans) < 2): raise unittest.SkipTest("Need at least two WANS for combination of wan-balancer and wan failover tests") netsettings = uvmContext.networkManager().getNetworkSettings() nuke_wan_balancer_rules() for wanIndexTup in index_of_wans: # Add networking route which does not handle re-routing if WAN is down # get the WAN IP address which was source routed wanIndex = wanIndexTup[0] print("Testing interface: %s" % str(wanIndexTup)) sys.stdout.flush() # Get the external IP of the interface selected. routedIP = wanIndexTup[2] wanGatewayIP = wanIndexTup[3] netsettings['staticRoutes']['list']=[] netsettings['staticRoutes']['list'].append(create_route_rule(ip_address_testdestination,32,wanGatewayIP)) uvmContext.networkManager().setNetworkSettings(netsettings) # Test that only the routed interface is used 5 times subprocess.check_output("ip route flush cache", shell=True) for x in range(0, 5): result = "" timeout = 60 while (timeout > 0 and result == ""): time.sleep(1) timeout -= 1 result = remote_control.run_command("wget --timeout=4 -q -O - \"$@\" test.untangle.com/cgi-bin/myipaddress.py",stdout=True) print("Network Routed IP %s and retrieved IP %s" % (routedIP, result)) assert (result == routedIP) # now down the selected wan and see if traffic flows out the other wan build_wan_test_rule(wanIndex, "ping", "192.168.244.1") # Wait for targeted the WAN to be off line before testing that the WAN is off line. timeout = 60 online = True offlineWanIndex = wanIndex while online and timeout > 0: time.sleep(1) timeout -= 1 wanStatus = app_wan_failover.getWanStatus() for statusInterface in wanStatus['list']: if statusInterface['interfaceId'] == offlineWanIndex: print("Waiting on WAN %i to go offline... %s " % (wanIndex,str(statusInterface))) sys.stdout.flush() online = statusInterface['online'] subprocess.check_output("ip route flush cache", shell=True) for x in range(0, 5): result = global_functions.get_public_ip_address() print("WAN Down Network Routed IP %s and retrieved IP %s" % (routedIP, result)) assert (result == routedIP) # Remove failover rules nuke_wan_failover_rules() # Remove static routes uvmContext.networkManager().setNetworkSettings(orig_netsettings)
def initial_extra_setup(cls): global orig_network_settings, orig_network_settings_with_qos, orig_network_settings_without_qos, pre_down_speed_kbit, wan_limit_kbit, wan_limit_mbit, target_server settings = cls._app.getSettings() settings["configured"] = True cls._app.setSettings(settings) cls._app.start() cls._app_web_filter = uvmContext.appManager().instantiate( cls.appNameWF(), 1) if orig_network_settings == None: orig_network_settings = uvmContext.networkManager( ).getNetworkSettings() # disable QoS netsettings = copy.deepcopy(orig_network_settings) netsettings['qosSettings']['qosEnabled'] = False uvmContext.networkManager().setNetworkSettings(netsettings) # measure speed localTargetResult = subprocess.call(["ping", "-c", "1", target_server], stdout=subprocess.PIPE, stderr=subprocess.PIPE) if (localTargetResult != 0): # local bandwidth target server not available so use test.untangle.com target_server = global_functions.TEST_SERVER_HOST pre_down_speed_kbit = global_functions.get_download_speed( download_server=target_server) # calculate QoS limits wan_limit_kbit = int((pre_down_speed_kbit * 8) * .9) # set max to 100Mbit, so that other limiting factors dont interfere if wan_limit_kbit > 100000: wan_limit_kbit = 100000 wan_limit_mbit = round(wan_limit_kbit / 1024, 2) # turn on QoS and set wan speed limits netsettings = copy.deepcopy(orig_network_settings) netsettings['qosSettings']['qosEnabled'] = True i = 0 for interface in netsettings['interfaces']['list']: if interface['isWan']: netsettings['interfaces']['list'][i][ 'downloadBandwidthKbps'] = wan_limit_kbit netsettings['interfaces']['list'][i][ 'uploadBandwidthKbps'] = wan_limit_kbit i += 1 netsettings['bypassRules']['list'] = [] netsettings['qosSettings']['qosRules']['list'] = [] # These store the "new" defaults with and without QoS orig_network_settings_with_qos = copy.deepcopy(netsettings) orig_network_settings_with_qos['qosSettings']['qosEnabled'] = True orig_network_settings_without_qos = copy.deepcopy(netsettings) orig_network_settings_without_qos['qosSettings']['qosEnabled'] = False uvmContext.networkManager().setNetworkSettings( orig_network_settings_with_qos)
def final_extra_tear_down(cls): global app_wan_failover # Restore original settings to return to initial settings if app_wan_failover != None: uvmContext.appManager().destroy( app_wan_failover.getAppSettings()["id"] ) app_wan_failover = None if orig_netsettings != None: uvmContext.networkManager().setNetworkSettings(orig_netsettings)
def final_extra_tear_down(cls): global orig_network_settings # Restore original settings to return to initial settings if orig_network_settings != None: uvmContext.networkManager().setNetworkSettings( orig_network_settings) if cls._app_web_filter != None: uvmContext.appManager().destroy( cls._app_web_filter.getAppSettings()["id"]) cls._app_web_filter = None
def final_tear_down(self): global app, app_web_filter, orig_network_settings # Restore original settings to return to initial settings if orig_network_settings != None: uvmContext.networkManager().setNetworkSettings( orig_network_settings ) if app != None: uvmContext.appManager().destroy( app.getAppSettings()["id"] ) app = None if app_web_filter != None: uvmContext.appManager().destroy( app_web_filter.getAppSettings()["id"] ) app_web_filter = None
def initial_setup(self): global app, app_web_filter, orig_network_settings, orig_network_settings_with_qos, orig_network_settings_without_qos, pre_down_speed_kbit, wan_limit_kbit, wan_limit_mbit if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) settings = app.getSettings() settings["configured"] = True app.setSettings(settings) app.start() if (uvmContext.appManager().isInstantiated(self.appNameWF())): raise Exception('app %s already instantiated' % self.appNameWF()) app_web_filter = uvmContext.appManager().instantiate( self.appNameWF(), default_policy_id) if orig_network_settings == None: orig_network_settings = uvmContext.networkManager( ).getNetworkSettings() # disable QoS netsettings = copy.deepcopy(orig_network_settings) netsettings['qosSettings']['qosEnabled'] = False uvmContext.networkManager().setNetworkSettings(netsettings) # measure speed pre_down_speed_kbit = global_functions.get_download_speed( download_server="test.untangle.com") # calculate QoS limits wan_limit_kbit = int((pre_down_speed_kbit * 8) * .9) # set max to 100Mbit, so that other limiting factors dont interfere if wan_limit_kbit > 100000: wan_limit_kbit = 100000 wan_limit_mbit = round(wan_limit_kbit / 1024, 2) # turn on QoS and set wan speed limits netsettings = copy.deepcopy(orig_network_settings) netsettings['qosSettings']['qosEnabled'] = True i = 0 for interface in netsettings['interfaces']['list']: if interface['isWan']: netsettings['interfaces']['list'][i][ 'downloadBandwidthKbps'] = wan_limit_kbit netsettings['interfaces']['list'][i][ 'uploadBandwidthKbps'] = wan_limit_kbit i += 1 netsettings['bypassRules']['list'] = [] netsettings['qosSettings']['qosRules']['list'] = [] # These store the "new" defaults with and without QoS orig_network_settings_with_qos = copy.deepcopy(netsettings) orig_network_settings_with_qos['qosSettings']['qosEnabled'] = True orig_network_settings_without_qos = copy.deepcopy(netsettings) orig_network_settings_without_qos['qosSettings']['qosEnabled'] = False uvmContext.networkManager().setNetworkSettings( orig_network_settings_with_qos)
def test_100_wanBalancerRouteWanDown(self): # create a source route and then down the wan which the route is set to # if there are more than one WAN if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') if (len(index_of_wans) < 2): raise unittest.SkipTest( "Need at least two WANS for combination of wan-balancer and wan failover tests" ) if same_wan_network(index_of_wans): raise unittest.SkipTest("WANS on same network") netsettings = uvmContext.networkManager().getNetworkSettings() for wanIndexTup in index_of_wans: wanIndex = wanIndexTup[0] nuke_wan_balancer_rules() # Get the external IP of the interface selected. routedIP = wanIndexTup[2] # WAN index for route rules is from networking list. Balance is zero build_single_wan_route_rule("DST_ADDR", ip_address_testdestination, wanIndex) # Test that only the routed interface is used 5 times2 subprocess.check_output("ip route flush cache", shell=True) for x in range(0, 5): result = remote_control.run_command( "wget --timeout=4 -q -O - \"$@\" test.untangle.com/cgi-bin/myipaddress.py", stdout=True) print("WAN Balancer Routed IP %s and retrieved IP %s" % (routedIP, result)) assert (result == routedIP) # now down the selected wan and see if traffic flows out the other wan build_wan_test_rule(wanIndex, "ping", "192.168.244.1") # Wait for targeted the WAN to be off line before testing that the WAN is off line. timeout = 50000 online = True offlineWanIndex = wanIndex while online and timeout > 0: timeout -= 1 wanStatus = app_wan_failover.getWanStatus() for statusInterface in wanStatus['list']: if statusInterface['interfaceId'] == offlineWanIndex: online = statusInterface['online'] time.sleep(10) # Let WAN balancer see that the interface is down subprocess.check_output("ip route flush cache", shell=True) for x in range(0, 5): result = global_functions.get_public_ip_address() print( "WAN Down WAN Balancer Routed IP %s and retrieved IP %s" % (routedIP, result)) assert (result != routedIP) nuke_wan_balancer_rules() nuke_wan_failover_rules() uvmContext.networkManager().setNetworkSettings(orig_netsettings)
def final_tear_down(cls, unused=None): uvmContext.networkManager().setNetworkSettings(cls._orig_netsettings) if cls._app: cls.final_extra_tear_down() if not cls.do_not_remove_app: name = cls.module_name() if cls._app or uvmContext.appManager().isInstantiated(name): uvmContext.appManager().destroy(cls.get_app_id()) cls._app = None
def final_tear_down(self): global app, appAD # Restore original settings to return to initial settings # print("orig_netsettings <%s>" % orig_netsettings) uvmContext.networkManager().setNetworkSettings(orig_netsettings) if app != None: uvmContext.appManager().destroy( app.getAppSettings()["id"] ) app = None if appAD != None: uvmContext.appManager().destroy( appAD.getAppSettings()["id"] ) appAD = None
def test_031_netSettingsAndDefaultWGNetworks(self): """Test if changing the Network Settings LAN address properly updates the wireguard local networks""" #if the configuration is Bridged, Local Networks are not imported into WireGuard's settings, so this test would fail. Skip it. if global_functions.is_bridged(wanIP): raise unittest.SkipTest( "skipping on Bridged configuration, no Local Networks") # Address we want to test with testingAddressNet = "192.168.90" testingAddress = testingAddressNet + ".1" testingDhcpStart = testingAddressNet + ".100" testingDhcpEnd = testingAddressNet + ".200" # Pull out the current WG settings and the current Network Settings wgSettings = self._app.getSettings() origNetSettings = uvmContext.networkManager().getNetworkSettings() # deepcopy WG network settings for manipulation newNetSettings = copy.deepcopy(origNetSettings) # Verify the WG settings don't already have this address stored assert (testingAddressNet not in wgSettings['networks']['list'][0]['address']) # Find a DHCP LAN device and set it's address to the testing address for intf in newNetSettings['interfaces']['list']: if not intf['isWan']: intf['v4StaticAddress'] = testingAddress if intf['dhcpEnabled']: intf['dhcpRangeStart'] = testingDhcpStart intf['dhcpRangeEnd'] = testingDhcpEnd break # Set the settings to new config uvmContext.networkManager().setNetworkSettings(newNetSettings) # Query the WG settings to assert if that address made it in newWGSettings = self._app.getSettings() # Test that new WG LAN matches network LAN assert (testingAddressNet in newWGSettings['networks']['list'][0]['address']) # Set network settings back to normal uvmContext.networkManager().setNetworkSettings(origNetSettings) # Get the WG settings again to verify wgSettings = self._app.getSettings() # Assert that old settings were set back properly proper now assert (testingAddressNet not in wgSettings['networks']['list'][0]['address'])
def final_tear_down(self): global orig_netsettings # Restore original settings to return to initial settings # print("orig_netsettings <%s>" % orig_netsettings) uvmContext.networkManager().setNetworkSettings(orig_netsettings) settings = app.getSettings() settings['shieldEnabled'] = default_enabled app.setSettings(settings) # sleep so the reputation goes down so it will not interfere with any future tests time.sleep(3)
def test_021_severely_limited_udp(self): global wan_limit_mbit # severely limited means 10% of wan download bandwidth expectedSpeedMbit = wan_limit_mbit * .1 # a udp iperf test will fail if it loses more than 40% of sent # packets, so make sure expectedSpeedMbit is a little less than # 60% of targetSpeedMbit targetSpeedMbit = str(expectedSpeedMbit * 1.6) + "M" if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') # We will use iperf server and iperf for this test. wan_IP = uvmContext.networkManager().getFirstWanAddress() iperfAvailable = global_functions.verify_iperf_configuration(wan_IP) if (not iperfAvailable): raise unittest.SkipTest( "Iperf server and/or iperf not available, skipping alternate port forwarding test" ) # Enabled QoS netsettings = uvmContext.networkManager().getNetworkSettings() nuke_rules(self._app) append_rule( self._app, create_single_condition_rule("DST_PORT", "5000", "SET_PRIORITY", 1)) pre_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit) # Create DST_PORT based rule to limit bandwidth nuke_rules(self._app) append_rule( self._app, create_single_condition_rule("DST_PORT", "5000", "SET_PRIORITY", 7)) post_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit) print_results(pre_UDP_speed, post_UDP_speed, (wan_limit_kbit / 8) * 0.1, pre_UDP_speed * .9) assert (pre_UDP_speed != 0) assert (post_UDP_speed != 0) assert (post_UDP_speed < pre_UDP_speed * .9)
def test_014_qos_bypass_custom_rules_udp(self): global wan_limit_mbit targetSpeedMbit = str(wan_limit_mbit)+"M" if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') # We will use iperf server and iperf for this test. wan_IP = uvmContext.networkManager().getFirstWanAddress() iperfAvailable = global_functions.verify_iperf_configuration(wan_IP) if (not iperfAvailable): raise unittest.SkipTest("Iperf server and/or iperf not available") netsettings = uvmContext.networkManager().getNetworkSettings() netsettings['bypassRules']['list'].append( create_bypass_condition_rule("DST_PORT","5000") ) netsettings['qosSettings']['qosRules']["list"].append( create_qos_custom_rule("DST_PORT","5000", 1) ) uvmContext.networkManager().setNetworkSettings( netsettings ) pre_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit ) netsettings['qosSettings']['qosRules']['list'] = [] netsettings['qosSettings']['qosRules']["list"].append( create_qos_custom_rule("DST_PORT","5000", 7) ) uvmContext.networkManager().setNetworkSettings( netsettings ) post_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit ) # Restore original network settings uvmContext.networkManager().setNetworkSettings( orig_network_settings_with_qos ) print_results( pre_UDP_speed, post_UDP_speed, (wan_limit_kbit/8)*0.1, pre_UDP_speed*.9 ) assert (post_UDP_speed < pre_UDP_speed*.9)
def test_030_restartNetworkVerifyIpsecTunnel(self): # save a setting in networking and test ipsec tunnel is set connected. global tunnelUp if (not tunnelUp): raise unittest.SkipTest("Test test_020_createIpsecTunnel success required ") netsettings = uvmContext.networkManager().getNetworkSettings() uvmContext.networkManager().setNetworkSettings(netsettings) time.sleep(10) # wait for networking to restart ipsecHostLANResult = remote_control.run_command("wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/" % ipsecHostLANIP) ipsecPcLanResult = remote_control.run_command("ping -c 1 %s" % ipsecPcLANIP) # delete tunnel nukeIPSecTunnels() tunnelUp = False assert (ipsecHostLANResult == 0) assert (ipsecPcLanResult == 0)
def test_052_functional_icmp_log(self): """ Check for ICMP (ping) """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') wan_ip = uvmContext.networkManager().getFirstWanAddress() iperf_avail = global_functions.verify_iperf_configuration(wan_ip) device_in_office = global_functions.is_in_office_network(wan_ip) # Also test that it can probably reach us (we're on a 10.x network) if not device_in_office: raise unittest.SkipTest("Not on office network, skipping") if (not iperf_avail): raise unittest.SkipTest("IperfServer test client unreachable, skipping alternate port forwarding test") # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert(0,create_rule(action="log", rule_type="CATEGORY", type_value="scan")) app.setSettings(appSettings, True) wait_for_daemon_ready() startTime = datetime.datetime.now() remote_control.run_command("nmap -sP " + wan_ip + " >/dev/null 2>&1",host=global_functions.iperf_server) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'protocol', "1", 'blocked', False, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found)
def test_060_createIpsecTunnelHostname(self): if (ipsecHostResult != 0): raise unittest.SkipTest("No paried IPSec server available") pre_events_enabled = global_functions.get_app_metric_value(app,"enabled") wan_IP = uvmContext.networkManager().getFirstWanAddress() pairMatchNotFound = True listOfPairs = "" addDNSRule(createDNSRule(ipsecHost,ipsecHostname)) # verify L2TP is off NGFW-7212 ipsecSettings = app.getSettings() ipsecSettings["vpnflag"] = False app.setSettings(ipsecSettings) for hostConfig in configuredHostIPs: print(hostConfig[0]) listOfPairs += str(hostConfig[0]) + ", " if (wan_IP in hostConfig[0]): appendTunnel(addIPSecTunnel(ipsecHostname,ipsecHostLAN,hostConfig[0],hostConfig[1],hostConfig[2])) pairMatchNotFound = False if (pairMatchNotFound): raise unittest.SkipTest("IPsec test only configed for IPs %s" % (listOfPairs)) timeout = 10 ipsecHostLANResult = 1 while (ipsecHostLANResult != 0 and timeout > 0): timeout -= 1 time.sleep(1) # ping the remote LAN to see if the IPsec tunnel is connected. ipsecHostLANResult = remote_control.run_command("wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/" % ipsecHostLANIP) post_events_enabled = global_functions.get_app_metric_value(app,"enabled") nukeIPSecTunnels() assert (ipsecHostLANResult == 0) # Check to see if the faceplate counters have incremented. assert(pre_events_enabled < post_events_enabled)
def test_050_windowsL2TPRadiusDirectory(self): global appAD wan_IP = uvmContext.networkManager().getFirstWanAddress() if (radiusResult != 0): raise unittest.SkipTest("No RADIUS server available") if (l2tpClientHostResult != 0): raise unittest.SkipTest("l2tpClientHostResult not available") if (not wan_IP in l2tpServerHosts): raise unittest.SkipTest("No paried L2TP client available") # Configure RADIUS settings appAD.setSettings(createRadiusSettings()) createL2TPconfig("RADIUS_SERVER") timeout = 480 found = False vpnServerResult = remote_control.run_command("rasdial.exe %s %s %s" % (wan_IP,global_functions.RADIUS_USER,global_functions.RADIUS_PASSWORD), host=l2tpClientHost) while not found and timeout > 0: timeout -= 1 time.sleep(1) virtUsers = app.getVirtualUsers() for user in virtUsers['list']: if user['clientUsername'] == global_functions.RADIUS_USER: found = True # Send command for Windows VPN disconnect. vpnServerResult = remote_control.run_command("rasdial.exe %s /d" % (wan_IP), host=l2tpClientHost) assert(found)
def test_020_createIpsecTunnel(self): global tunnelUp if (ipsecHostResult != 0): raise unittest.SkipTest("No paried IPSec server available") pre_events_enabled = global_functions.get_app_metric_value(app,"enabled") wan_IP = uvmContext.networkManager().getFirstWanAddress() pairMatchNotFound = True listOfPairs = "" for hostConfig in configuredHostIPs: print(hostConfig[0]) listOfPairs += str(hostConfig[0]) + ", " if (wan_IP in hostConfig[0]): appendTunnel(addIPSecTunnel(ipsecHost,ipsecHostLAN,hostConfig[0],hostConfig[1],hostConfig[2])) pairMatchNotFound = False if (pairMatchNotFound): raise unittest.SkipTest("IPsec test only configed for IPs %s" % (listOfPairs)) timeout = 10 ipsecHostLANResult = 1 while (ipsecHostLANResult != 0 and timeout > 0): timeout -= 1 time.sleep(1) # ping the remote LAN to see if the IPsec tunnel is connected. ipsecHostLANResult = remote_control.run_command("wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/" % ipsecHostLANIP) assert (ipsecHostLANResult == 0) ipsecPcLanResult = remote_control.run_command("ping -c 1 %s" % ipsecPcLANIP) assert (ipsecPcLanResult == 0) tunnelUp = True # Check to see if the faceplate counters have incremented. post_events_enabled = global_functions.get_app_metric_value(app,"enabled") assert(pre_events_enabled < post_events_enabled)
def initial_setup(self): global app, orig_settings, test_email_address, can_relay, can_syslog, syslog_server_host, web_app if (uvmContext.appManager().isInstantiated(self.module_name())): # report app is normally installed. # print("App %s already installed" % self.module_name()) # raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().app(self.module_name()) else: app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) reportSettings = app.getSettings() orig_settings = copy.deepcopy(reportSettings) if (uvmContext.appManager().isInstantiated(self.webAppName())): raise Exception('app %s already instantiated' % self.webAppName()) web_app = uvmContext.appManager().instantiate(self.webAppName(), default_policy_id) # Skip checking relaying is possible if we have determined it as true on previous test. try: can_relay = global_functions.send_test_email() except Exception as e: can_relay = False if can_syslog == None: can_syslog = False wan_IP = uvmContext.networkManager().getFirstWanAddress() syslog_server_host = global_functions.find_syslog_server(wan_IP) if syslog_server_host: portResult = remote_control.run_command("sudo lsof -i :514", host=syslog_server_host) if portResult == 0: can_syslog = True
def initial_setup(self): global app, orig_netsettings, ipsecHostResult, l2tpClientHostResult, appAD, appDataRD, radiusResult tunnelUp = False if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) if (uvmContext.appManager().isInstantiated(self.appNameAD())): raise unittest.SkipTest('app %s already instantiated' % self.module_name()) if orig_netsettings == None: orig_netsettings = uvmContext.networkManager().getNetworkSettings() appAD = uvmContext.appManager().instantiate(self.appNameAD(), default_policy_id) appDataRD = appAD.getSettings().get('radiusSettings') ipsecHostResult = subprocess.call(["ping", "-c", "1", ipsecHost], stdout=subprocess.PIPE, stderr=subprocess.PIPE) l2tpClientHostResult = subprocess.call( ["ping", "-c", "1", l2tpClientHost], stdout=subprocess.PIPE, stderr=subprocess.PIPE) radiusResult = subprocess.call( ["ping", "-c", "1", global_functions.RADIUS_SERVER], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
def test_080_nmap_log(self): global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') wan_ip = uvmContext.networkManager().getFirstWanAddress() iperf_avail = global_functions.verify_iperf_configuration(wan_ip) device_in_office = global_functions.is_in_office_network(wan_ip) # Also test that it can probably reach us (we're on a 10.x network) if not device_in_office: raise unittest.SkipTest("Not on office network, skipping") if (not iperf_avail): raise unittest.SkipTest( "IperfServer test client unreachable, skipping alternate port forwarding test" ) startTime = datetime.datetime.now() # start nmap on client remote_control.run_command("nmap " + wan_ip + " >/dev/null 2>&1", host=global_functions.iperf_server) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention', 'All Events', None, 5) found = global_functions.check_events(events.get('list'), 5, 'msg', "NMAP", 'blocked', False, min_date=startTime)
def test_052_functional_icmp_log(self): """ Check for ICMP (ping) """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') wan_ip = uvmContext.networkManager().getFirstWanAddress() iperf_avail = global_functions.verify_iperf_configuration(wan_ip) device_in_office = global_functions.is_in_office_network(wan_ip) # Also test that it can probably reach us (we're on a 10.x network) if not device_in_office: raise unittest.SkipTest("Not on office network, skipping") if (not iperf_avail): raise unittest.SkipTest("IperfServer test client unreachable, skipping alternate port forwarding test") # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert(0,create_rule(action="log", rule_type="CATEGORY", type_value="scan")) app.setSettings(appSettings, True) wait_for_daemon_ready() startTime = datetime.datetime.now() remote_control.run_command("nmap -sP " + wan_ip + " >/dev/null 2>&1",host=global_functions.iperf_server) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'protocol', "1", 'blocked', False, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found)
def initial_setup(cls, unused=None): cls._orig_netsettings = uvmContext.networkManager().getNetworkSettings( ) if not cls.not_an_app: name = cls.module_name() print("initial_setup for app %s" % name) if cls._app or uvmContext.appManager().isInstantiated(name): if cls.skip_instantiated() and name not in [ "reports", "shield" ]: pytest.skip('app %s already instantiated' % cls.module_name()) else: if cls.do_not_install_app: # grab cls._app = uvmContext.appManager().app(name) else: # delete and install cls.final_tear_down() cls._app = uvmContext.appManager().instantiate( name, cls.default_policy_id) else: print("starting %s" % (name, )) cls._app = uvmContext.appManager().instantiate( name, cls.default_policy_id) if cls.force_start: cls._app.start() if cls.wait_for_daemon_ready: cls.do_wait_for_daemon_ready() if not cls.no_settings: cls._appSettings = cls._app.getSettings() cls.initial_extra_setup()
def initial_extra_setup(cls): global orig_settings, test_email_address, can_relay, can_syslog, syslog_server_host, web_app reportSettings = cls._app.getSettings() orig_settings = copy.deepcopy(reportSettings) if (uvmContext.appManager().isInstantiated(cls.webAppName())): raise Exception('app %s already instantiated' % cls.webAppName()) web_app = uvmContext.appManager().instantiate(cls.webAppName(), default_policy_id) # Skip checking relaying is possible if we have determined it as true on previous test. try: can_relay = global_functions.send_test_email() except Exception as e: can_relay = False if can_syslog == None: can_syslog = False wan_IP = uvmContext.networkManager().getFirstWanAddress() syslog_server_host = global_functions.find_syslog_server(wan_IP) if syslog_server_host: portResult = remote_control.run_command( "sudo lsof -i :514", host=syslog_server_host) if portResult == 0: can_syslog = True
def test_050_windowsL2TPRadiusDirectory(self): global appAD wan_IP = uvmContext.networkManager().getFirstWanAddress() if (radiusResult != 0): raise unittest.SkipTest("No RADIUS server available") if (l2tpClientHostResult != 0): raise unittest.SkipTest("l2tpClientHostResult not available") if (not wan_IP in l2tpServerHosts): raise unittest.SkipTest("No paried L2TP client available") # Configure RADIUS settings appAD.setSettings(createRadiusSettings()) appData = self._app.getSettings() appData = createL2TPconfig(appData, "RADIUS_SERVER") self._app.setSettings(appData) timeout = 480 found = False vpnServerResult = remote_control.run_command( "rasdial.exe %s %s %s" % (wan_IP, global_functions.RADIUS_USER, global_functions.RADIUS_PASSWORD), host=l2tpClientHost) while not found and timeout > 0: timeout -= 1 time.sleep(1) virtUsers = self._app.getVirtualUsers() for user in virtUsers['list']: if user['clientUsername'] == global_functions.RADIUS_USER: found = True # Send command for Windows VPN disconnect. vpnServerResult = remote_control.run_command("rasdial.exe %s /d" % (wan_IP), host=l2tpClientHost) assert (found)
def test_060_createIpsecTunnelHostname(self): if (ipsecHostResult != 0): raise unittest.SkipTest("No paried IPSec server available") pre_events_enabled = global_functions.get_app_metric_value(self._app,"enabled") wan_IP = uvmContext.networkManager().getFirstWanAddress() pairMatchNotFound = True listOfPairs = "" addDNSRule(createDNSRule(ipsecHost,ipsecHostname)) # verify L2TP is off NGFW-7212 ipsecSettings = self._app.getSettings() ipsecSettings["vpnflag"] = False self._app.setSettings(ipsecSettings) for hostConfig in configuredHostIPs: print(hostConfig[0]) listOfPairs += str(hostConfig[0]) + ", " if (wan_IP in hostConfig[0]): appData = self._app.getSettings() appData["tunnels"]["list"].append(addIPSecTunnel(ipsecHostname,ipsecHostLAN,hostConfig[0],hostConfig[1],hostConfig[2])) self._app.setSettings(appData) pairMatchNotFound = False if (pairMatchNotFound): raise unittest.SkipTest("IPsec test only configed for IPs %s" % (listOfPairs)) timeout = 10 ipsecHostLANResult = 1 while (ipsecHostLANResult != 0 and timeout > 0): timeout -= 1 time.sleep(1) # ping the remote LAN to see if the IPsec tunnel is connected. ipsecHostLANResult = remote_control.run_command("wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/" % ipsecHostLANIP) post_events_enabled = global_functions.get_app_metric_value(self._app,"enabled") nukeIPSecTunnels(self._app) assert (ipsecHostLANResult == 0) # Check to see if the faceplate counters have incremented. assert(pre_events_enabled < post_events_enabled)
def initial_setup(self): global app, app_web_filter, orig_network_settings, orig_network_settings_with_qos, orig_network_settings_without_qos, pre_down_speed_kbit, wan_limit_kbit, wan_limit_mbit if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) settings = app.getSettings() settings["configured"] = True app.setSettings(settings) app.start() if (uvmContext.appManager().isInstantiated(self.appNameWF())): raise Exception('app %s already instantiated' % self.appNameWF()) app_web_filter = uvmContext.appManager().instantiate(self.appNameWF(), default_policy_id) if orig_network_settings == None: orig_network_settings = uvmContext.networkManager().getNetworkSettings() # disable QoS netsettings = copy.deepcopy( orig_network_settings ) netsettings['qosSettings']['qosEnabled'] = False uvmContext.networkManager().setNetworkSettings( netsettings ) # measure speed pre_down_speed_kbit = global_functions.get_download_speed(download_server="test.untangle.com") # calculate QoS limits wan_limit_kbit = int((pre_down_speed_kbit*8) * .9) # set max to 100Mbit, so that other limiting factors dont interfere if wan_limit_kbit > 100000: wan_limit_kbit = 100000 wan_limit_mbit = round(wan_limit_kbit/1024,2) # turn on QoS and set wan speed limits netsettings = copy.deepcopy( orig_network_settings ) netsettings['qosSettings']['qosEnabled'] = True i = 0 for interface in netsettings['interfaces']['list']: if interface['isWan']: netsettings['interfaces']['list'][i]['downloadBandwidthKbps']=wan_limit_kbit netsettings['interfaces']['list'][i]['uploadBandwidthKbps']=wan_limit_kbit i += 1 netsettings['bypassRules']['list'] = [] netsettings['qosSettings']['qosRules']['list'] = [] # These store the "new" defaults with and without QoS orig_network_settings_with_qos = copy.deepcopy( netsettings ) orig_network_settings_with_qos['qosSettings']['qosEnabled'] = True orig_network_settings_without_qos = copy.deepcopy( netsettings ) orig_network_settings_without_qos['qosSettings']['qosEnabled'] = False uvmContext.networkManager().setNetworkSettings(orig_network_settings_with_qos)
def initial_setup(self): global app, default_enabled, orig_netsettings if orig_netsettings == None: orig_netsettings = uvmContext.networkManager().getNetworkSettings() if (not uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().app(self.module_name()) default_enabled = app.getSettings()['shieldEnabled']
def test_040_windowsL2TPlocalDirectory(self): wan_IP = uvmContext.networkManager().getFirstWanAddress() if (l2tpClientHostResult != 0): raise unittest.SkipTest("l2tpClientHostResult not available") if (not wan_IP in l2tpServerHosts): raise unittest.SkipTest("No paried L2TP client available") uvmContext.localDirectory().setUsers(createLocalDirectoryUser()) appData = self._app.getSettings() appData = createL2TPconfig(appData, "LOCAL_DIRECTORY") self._app.setSettings(appData) timeout = 480 found = False # Send command for Windows VPN connect. vpnServerResult = remote_control.run_command( "rasdial.exe %s %s %s" % (wan_IP, l2tpLocalUser, l2tpLocalPassword), host=l2tpClientHost) if vpnServerResult == 0: while not found and timeout > 0: timeout -= 1 time.sleep(1) virtUsers = self._app.getVirtualUsers() for user in virtUsers['list']: if user['clientUsername'] == l2tpLocalUser: found = True # Send command for Windows VPN disconnect. vpnServerResult = remote_control.run_command("rasdial.exe %s /d" % (wan_IP), host=l2tpClientHost) uvmContext.localDirectory().setUsers(removeLocalDirectoryUser()) assert (found) # Use same user with different password new_user_password = "******" uvmContext.localDirectory().setUsers( createLocalDirectoryUser(userpassword=new_user_password)) appData = createL2TPconfig(appData, "LOCAL_DIRECTORY") self._app.setSettings(appData) timeout = 480 found = False # Send command for Windows VPN connect. vpnServerResult = remote_control.run_command( "rasdial.exe %s %s %s" % (wan_IP, l2tpLocalUser, new_user_password), host=l2tpClientHost) if vpnServerResult == 0: while not found and timeout > 0: timeout -= 1 time.sleep(1) virtUsers = self._app.getVirtualUsers() for user in virtUsers['list']: if user['clientUsername'] == l2tpLocalUser: found = True # Send command for Windows VPN disconnect. vpnServerResult = remote_control.run_command("rasdial.exe %s /d" % (wan_IP), host=l2tpClientHost) uvmContext.localDirectory().setUsers(removeLocalDirectoryUser()) assert (found)
def test_110_hosts_file_manager(self): # get the hostname and settings from the network manager fullName = uvmContext.networkManager().getFullyQualifiedHostname() netsettings = uvmContext.networkManager().getNetworkSettings() print(("Checking HostsFileManager records for " + fullName)) # perform a DNS lookup for our hostname against every non-WAN interface # and make sure the value returned matches the address of the interface for interface in netsettings['interfaces']['list']: if interface['isWan'] == False and interface['configType'] == "Addressed": if 'v4StaticAddress' in interface: netaddr = interface['v4StaticAddress'] if netaddr: print(("Checking hostname resolution for %s" % netaddr)) output = subprocess.check_output("dig +short @" + netaddr + " " + fullName, shell=True) result = output.strip() assert(result == netaddr)
def test_110_hosts_file_manager(self): # get the hostname and settings from the network manager fullName = uvmContext.networkManager().getFullyQualifiedHostname() netsettings = uvmContext.networkManager().getNetworkSettings() print(("Checking HostsFileManager records for " + fullName)) # perform a DNS lookup for our hostname against every non-WAN interface # and make sure the value returned matches the address of the interface for interface in netsettings['interfaces']['list']: if interface['isWan'] == False and interface['configType'] == "Addressed": if 'v4StaticAddress' in interface: netaddr = interface['v4StaticAddress'] if netaddr: print(("Checking hostname resolution for %s" % netaddr)) output = subprocess.check_output("dig +short @" + netaddr + " " + fullName, shell=True) result = output.strip() assert(result == netaddr)
def test_013_qos_bypass_custom_rules_tcp(self): global app nuke_rules() priority_level = 7 # Record average speed without bandwidth control configured wget_speed_pre = global_functions.get_download_speed() # Create SRC_ADDR based custom Q0S rule to limit bypass QoS netsettings = copy.deepcopy( orig_network_settings_with_qos ) netsettings['qosSettings']['qosRules']["list"].append( create_qos_custom_rule("SRC_ADDR",remote_control.client_ip,priority_level) ) netsettings['bypassRules']['list'].append( create_bypass_condition_rule("SRC_ADDR",remote_control.client_ip) ) uvmContext.networkManager().setNetworkSettings( netsettings ) # Download file and record the average speed in which the file was download wget_speed_post = global_functions.get_download_speed() # Restore original network settings uvmContext.networkManager().setNetworkSettings( orig_network_settings_with_qos ) print_results( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limited_acceptance_ratio ) assert ((wget_speed_pre) and (wget_speed_post)) assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post)
def initial_setup(self): global app, orig_netsettings, ipsecHostResult, l2tpClientHostResult, appAD, appDataRD, radiusResult tunnelUp = False if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) if (uvmContext.appManager().isInstantiated(self.appNameAD())): raise unittest.SkipTest('app %s already instantiated' % self.module_name()) if orig_netsettings == None: orig_netsettings = uvmContext.networkManager().getNetworkSettings() appAD = uvmContext.appManager().instantiate(self.appNameAD(), default_policy_id) appDataRD = appAD.getSettings().get('radiusSettings') ipsecHostResult = subprocess.call(["ping","-c","1",ipsecHost],stdout=subprocess.PIPE,stderr=subprocess.PIPE) l2tpClientHostResult = subprocess.call(["ping","-c","1",l2tpClientHost],stdout=subprocess.PIPE,stderr=subprocess.PIPE) radiusResult = subprocess.call(["ping","-c","1",global_functions.RADIUS_SERVER],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
def test_040_windowsL2TPlocalDirectory(self): wan_IP = uvmContext.networkManager().getFirstWanAddress() if (l2tpClientHostResult != 0): raise unittest.SkipTest("l2tpClientHostResult not available") if (not wan_IP in l2tpServerHosts): raise unittest.SkipTest("No paried L2TP client available") uvmContext.localDirectory().setUsers(createLocalDirectoryUser()) createL2TPconfig("LOCAL_DIRECTORY") timeout = 480 found = False # Send command for Windows VPN connect. vpnServerResult = remote_control.run_command("rasdial.exe %s %s %s" % (wan_IP,l2tpLocalUser,l2tpLocalPassword), host=l2tpClientHost) if vpnServerResult == 0: while not found and timeout > 0: timeout -= 1 time.sleep(1) virtUsers = app.getVirtualUsers() for user in virtUsers['list']: if user['clientUsername'] == l2tpLocalUser: found = True # Send command for Windows VPN disconnect. vpnServerResult = remote_control.run_command("rasdial.exe %s /d" % (wan_IP), host=l2tpClientHost) uvmContext.localDirectory().setUsers(removeLocalDirectoryUser()) assert(found) # Use same user with different password new_user_password = "******" uvmContext.localDirectory().setUsers(createLocalDirectoryUser(userpassword=new_user_password)) createL2TPconfig("LOCAL_DIRECTORY") timeout = 480 found = False # Send command for Windows VPN connect. vpnServerResult = remote_control.run_command("rasdial.exe %s %s %s" % (wan_IP,l2tpLocalUser,new_user_password), host=l2tpClientHost) if vpnServerResult == 0: while not found and timeout > 0: timeout -= 1 time.sleep(1) virtUsers = app.getVirtualUsers() for user in virtUsers['list']: if user['clientUsername'] == l2tpLocalUser: found = True # Send command for Windows VPN disconnect. vpnServerResult = remote_control.run_command("rasdial.exe %s /d" % (wan_IP), host=l2tpClientHost) uvmContext.localDirectory().setUsers(removeLocalDirectoryUser()) assert(found)
def initial_setup(self): global app, appWeb, appDC, tunnelApp, appData, vpnHostResult, vpnClientResult, vpnServerResult, vpnUserPassHostResult, adResult, radiusResult if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) app.start() appWeb = None appDC = None tunnelApp = None if (uvmContext.appManager().isInstantiated(self.appWebName())): raise Exception('app %s already instantiated' % self.appWebName()) appWeb = uvmContext.appManager().instantiate(self.appWebName(), default_policy_id) vpnHostResult = subprocess.call(["ping","-W","5","-c","1",global_functions.VPN_SERVER_IP],stdout=subprocess.PIPE,stderr=subprocess.PIPE) vpnUserPassHostResult = subprocess.call(["ping","-W","5","-c","1",global_functions.VPN_SERVER_USER_PASS_IP],stdout=subprocess.PIPE,stderr=subprocess.PIPE) vpnClientResult = subprocess.call(["ping","-W","5","-c","1",global_functions.VPN_CLIENT_IP],stdout=subprocess.PIPE,stderr=subprocess.PIPE) wanIP = uvmContext.networkManager().getFirstWanAddress() if vpnClientResult == 0: vpnServerResult = remote_control.run_command("ping -W 5 -c 1 " + wanIP, host=global_functions.VPN_CLIENT_IP) else: vpnServerResult = 1 adResult = subprocess.call(["ping","-c","1",global_functions.AD_SERVER],stdout=subprocess.PIPE,stderr=subprocess.PIPE) radiusResult = subprocess.call(["ping","-c","1",global_functions.RADIUS_SERVER],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
def test_080_nmap_log(self): global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') wan_ip = uvmContext.networkManager().getFirstWanAddress() iperf_avail = global_functions.verify_iperf_configuration(wan_ip) device_in_office = global_functions.is_in_office_network(wan_ip) # Also test that it can probably reach us (we're on a 10.x network) if not device_in_office: raise unittest.SkipTest("Not on office network, skipping") if (not iperf_avail): raise unittest.SkipTest("IperfServer test client unreachable, skipping alternate port forwarding test") startTime = datetime.datetime.now() # start nmap on client remote_control.run_command("nmap " + wan_ip + " >/dev/null 2>&1",host=global_functions.iperf_server) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'msg', "NMAP", 'blocked', False, min_date=startTime)
def addDNSRule(newRule): netsettings = uvmContext.networkManager().getNetworkSettings() netsettings['dnsSettings']['staticEntries']['list'].insert(0,newRule) uvmContext.networkManager().setNetworkSettings(netsettings)