def test_015_httpEicarBlocked(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") pre_events_scan = global_functions.get_app_metric_value( self._app, "scan") pre_events_block = global_functions.get_app_metric_value( self._app, "block") result = remote_control.run_command( "wget -q -O - http://test.untangle.com/virus/eicar.zip 2>&1 | grep -q blocked" ) # temporary for debugging if (result == 1): remote_control.run_command( "wget -q -O /tmp/eicar_wget_output.zip http://test.untangle.com/virus/eicar.zip" ) assert (result == 0) post_events_scan = global_functions.get_app_metric_value( self._app, "scan") post_events_block = global_functions.get_app_metric_value( self._app, "block") assert (pre_events_scan < post_events_scan) assert (pre_events_block < post_events_block)
def test_060_createIpsecTunnelHostname(self): if (ipsecHostResult != 0): raise unittest.SkipTest("No paried IPSec server available") pre_events_enabled = global_functions.get_app_metric_value(self._app,"enabled") wan_IP = uvmContext.networkManager().getFirstWanAddress() pairMatchNotFound = True listOfPairs = "" addDNSRule(createDNSRule(ipsecHost,ipsecHostname)) # verify L2TP is off NGFW-7212 ipsecSettings = self._app.getSettings() ipsecSettings["vpnflag"] = False self._app.setSettings(ipsecSettings) for hostConfig in configuredHostIPs: print(hostConfig[0]) listOfPairs += str(hostConfig[0]) + ", " if (wan_IP in hostConfig[0]): appData = self._app.getSettings() appData["tunnels"]["list"].append(addIPSecTunnel(ipsecHostname,ipsecHostLAN,hostConfig[0],hostConfig[1],hostConfig[2])) self._app.setSettings(appData) pairMatchNotFound = False if (pairMatchNotFound): raise unittest.SkipTest("IPsec test only configed for IPs %s" % (listOfPairs)) timeout = 10 ipsecHostLANResult = 1 while (ipsecHostLANResult != 0 and timeout > 0): timeout -= 1 time.sleep(1) # ping the remote LAN to see if the IPsec tunnel is connected. ipsecHostLANResult = remote_control.run_command("wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/" % ipsecHostLANIP) post_events_enabled = global_functions.get_app_metric_value(self._app,"enabled") nukeIPSecTunnels(self._app) assert (ipsecHostLANResult == 0) # Check to see if the faceplate counters have incremented. assert(pre_events_enabled < post_events_enabled)
def test_060_createIpsecTunnelHostname(self): if (ipsecHostResult != 0): raise unittest.SkipTest("No paried IPSec server available") pre_events_enabled = global_functions.get_app_metric_value(app,"enabled") wan_IP = uvmContext.networkManager().getFirstWanAddress() pairMatchNotFound = True listOfPairs = "" addDNSRule(createDNSRule(ipsecHost,ipsecHostname)) # verify L2TP is off NGFW-7212 ipsecSettings = app.getSettings() ipsecSettings["vpnflag"] = False app.setSettings(ipsecSettings) for hostConfig in configuredHostIPs: print(hostConfig[0]) listOfPairs += str(hostConfig[0]) + ", " if (wan_IP in hostConfig[0]): appendTunnel(addIPSecTunnel(ipsecHostname,ipsecHostLAN,hostConfig[0],hostConfig[1],hostConfig[2])) pairMatchNotFound = False if (pairMatchNotFound): raise unittest.SkipTest("IPsec test only configed for IPs %s" % (listOfPairs)) timeout = 10 ipsecHostLANResult = 1 while (ipsecHostLANResult != 0 and timeout > 0): timeout -= 1 time.sleep(1) # ping the remote LAN to see if the IPsec tunnel is connected. ipsecHostLANResult = remote_control.run_command("wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/" % ipsecHostLANIP) post_events_enabled = global_functions.get_app_metric_value(app,"enabled") nukeIPSecTunnels() assert (ipsecHostLANResult == 0) # Check to see if the faceplate counters have incremented. assert(pre_events_enabled < post_events_enabled)
def test_020_testBasicWebCache(self): if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') pre_events_hit = global_functions.get_app_metric_value(app, "hit") app.clearSquidCache() for x in range(0, 10): result = remote_control.run_command( "wget -q -O /dev/null -4 -t 2 --timeout=5 http://test.untangle.com/" ) time.sleep(1) assert (result == 0) time.sleep(65) # summary-events only written every 60 seconds events = global_functions.get_events('Web Cache', 'Web Cache Events', None, 1) assert (events != None) # verify at least one hit assert (events['list'][0]) assert (events['list'][0]['hits']) # Check to see if the faceplate counters have incremented. post_events_hit = global_functions.get_app_metric_value(app, "hit") assert (pre_events_hit < post_events_hit)
def test_020_createIpsecTunnel(self): global tunnelUp if (ipsecHostResult != 0): raise unittest.SkipTest("No paried IPSec server available") pre_events_enabled = global_functions.get_app_metric_value(app,"enabled") wan_IP = uvmContext.networkManager().getFirstWanAddress() pairMatchNotFound = True listOfPairs = "" for hostConfig in configuredHostIPs: print(hostConfig[0]) listOfPairs += str(hostConfig[0]) + ", " if (wan_IP in hostConfig[0]): appendTunnel(addIPSecTunnel(ipsecHost,ipsecHostLAN,hostConfig[0],hostConfig[1],hostConfig[2])) pairMatchNotFound = False if (pairMatchNotFound): raise unittest.SkipTest("IPsec test only configed for IPs %s" % (listOfPairs)) timeout = 10 ipsecHostLANResult = 1 while (ipsecHostLANResult != 0 and timeout > 0): timeout -= 1 time.sleep(1) # ping the remote LAN to see if the IPsec tunnel is connected. ipsecHostLANResult = remote_control.run_command("wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/" % ipsecHostLANIP) assert (ipsecHostLANResult == 0) ipsecPcLanResult = remote_control.run_command("ping -c 1 %s" % ipsecPcLANIP) assert (ipsecPcLanResult == 0) tunnelUp = True # Check to see if the faceplate counters have incremented. post_events_enabled = global_functions.get_app_metric_value(app,"enabled") assert(pre_events_enabled < post_events_enabled)
def test_050_severely_limited_web_filter_flagged(self): nuke_rules(self._app) pre_count = global_functions.get_app_metric_value( self._app, "prioritize") priority_level = 7 # This test might need web filter for http to start # Record average speed without bandwidth control configured wget_speed_pre = global_functions.get_download_speed( download_server=target_server) # Create WEB_FILTER_FLAGGED based rule to limit bandwidth append_rule( self._app, create_single_condition_rule("WEB_FILTER_FLAGGED", "true", "SET_PRIORITY", priority_level)) # Test.untangle.com is listed as Software, Hardware in web filter. As of 1/2014 its in Technology settingsWF = self._app_web_filter.getSettings() i = 0 if target_server == global_functions.TEST_SERVER_HOST: untangleCats = ["Computer,", "Security"] else: untangleCats = [ "Uncategorized", ] for webCategories in settingsWF['categories']['list']: if any(x in webCategories['name'] for x in untangleCats): settingsWF['categories']['list'][i]['flagged'] = "true" i += 1 self._app_web_filter.setSettings(settingsWF) # Download file and record the average speed in which the file was download wget_speed_post = global_functions.get_download_speed( download_server=target_server) print_results(wget_speed_pre, wget_speed_post, wget_speed_pre * 0.1, wget_speed_pre * limited_acceptance_ratio) assert ((wget_speed_post) and (wget_speed_post)) assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post) events = global_functions.get_events('Bandwidth Control', 'Prioritized Sessions', None, 5) assert (events != None) found = global_functions.check_events(events.get('list'), 5, "bandwidth_control_priority", priority_level, "c_client_addr", remote_control.client_ip) assert (found) # Check to see if the faceplate counters have incremented. post_count = global_functions.get_app_metric_value(app, "prioritize") assert (pre_count < post_count)
def test_020_smtpQuarantinedPhishBlockerTest(self): if (not canRelay): raise unittest.SkipTest('Unable to relay through ' + smtpServerHost) if (not mail_app): raise unittest.SkipTest('Unable download mailsendder app') pre_events_quarantine = global_functions.get_app_metric_value( app, "quarantine") appData['smtpConfig']['scanWanMail'] = True appData['smtpConfig']['strength'] = 5 app.setSettings(appData) # Get the IP address of test.untangle.com result = remote_control.run_command("host " + smtpServerHost, stdout=True) match = re.search(r'\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', result) ip_address_testuntangle = match.group() # sometimes the load is very high >7 and sending mail will fail # sleep for a while for the load to go down try: if float(file("/proc/loadavg", "r").readline().split(" ")[0]) > 3: time.sleep(30) except: pass timeout = 12 found = False email_index = 20 while (not found and timeout > 0): time.sleep(10) email_index += 1 from_address = "test0" + str(email_index) sendPhishMail(mailfrom=from_address) events = global_functions.get_events('Phish Blocker', 'All Phish Events', None, 5) assert (events != None) # print(events['list'][0]) found = global_functions.check_events( events.get('list'), 5, 'c_server_addr', ip_address_testuntangle, 's_server_port', 25, 'addr', '*****@*****.**', 'c_client_addr', remote_control.client_ip, 'phish_blocker_action', 'Q') timeout -= 1 assert (found) # Check to see if the faceplate counters have incremented. post_events_quarantine = global_functions.get_app_metric_value( app, "quarantine") assert (pre_events_quarantine < post_events_quarantine)
def test_026_protoRule_Pandora(self): pre_count = global_functions.get_app_metric_value(app,"pass") touchProtoRule("Pandora",False,False) result1 = remote_control.run_command("wget --no-check-certificate -q -O /dev/null -4 -t 2 --timeout=5 https://pandora.com/") touchProtoRule("Pandora",True,True) result2 = remote_control.run_command("wget --no-check-certificate -q -O /dev/null -4 -t 2 --timeout=5 https://pandora.com/") touchProtoRule("Pandora",False,False) assert (result1 == 0) assert (result2 != 0) # Check to see if the faceplate counters have incremented. post_count = global_functions.get_app_metric_value(app,"pass") assert(pre_count < post_count)
def test_015_httpEicarBlocked(self): if platform.machine().startswith('arm'): raise unittest.SkipTest("local scanner not available on ARM") pre_events_scan = global_functions.get_app_metric_value(app,"scan") pre_events_block = global_functions.get_app_metric_value(app,"block") result = remote_control.run_command("wget -q -O - http://test.untangle.com/virus/eicar.zip 2>&1 | grep -q blocked") assert (result == 0) post_events_scan = global_functions.get_app_metric_value(app,"scan") post_events_block = global_functions.get_app_metric_value(app,"block") assert(pre_events_scan < post_events_scan) assert(pre_events_block < post_events_block)
def test_903_blockLocalEventLog(self): rules_clear() rule_append(create_rule_single_condition("CLIENT_COUNTRY","XL")) pre_events_block = global_functions.get_app_metric_value(app,"block") result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/") assert (result != 0) events = global_functions.get_events('Firewall','Blocked Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'c_client_addr', remote_control.client_ip, 'client_country', "XL", 'firewall_blocked', True, 'firewall_flagged', True) assert( found ) # Check to see if the faceplate counters have incremented. post_events_block = global_functions.get_app_metric_value(app,"block") assert(pre_events_block < post_events_block)
def test_050_severely_limited_web_filter_flagged(self): global app, app_web_filter nuke_rules() pre_count = global_functions.get_app_metric_value(app,"prioritize") priority_level = 7 # This test might need web filter for http to start # Record average speed without bandwidth control configured wget_speed_pre = global_functions.get_download_speed(download_server="test.untangle.com") # Create WEB_FILTER_FLAGGED based rule to limit bandwidth append_rule(create_single_condition_rule("WEB_FILTER_FLAGGED","true","SET_PRIORITY",priority_level)) # Test.untangle.com is listed as Software, Hardware in web filter. As of 1/2014 its in Technology settingsWF = app_web_filter.getSettings() i = 0 untangleCats = ["Computer,", "Security"] for webCategories in settingsWF['categories']['list']: if any(x in webCategories['name'] for x in untangleCats): settingsWF['categories']['list'][i]['flagged'] = "true" i += 1 app_web_filter.setSettings(settingsWF) # Download file and record the average speed in which the file was download wget_speed_post = global_functions.get_download_speed(download_server="test.untangle.com") print_results( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limited_acceptance_ratio ) assert ((wget_speed_post) and (wget_speed_post)) assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post) events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5) assert(events != None) found = global_functions.check_events( events.get('list'), 5, "bandwidth_control_priority", priority_level, "c_client_addr", remote_control.client_ip) assert( found ) # Check to see if the faceplate counters have incremented. post_count = global_functions.get_app_metric_value(app,"prioritize") assert(pre_count < post_count)
def test_020_createIpsecTunnel(self): global tunnelUp if (ipsecHostResult != 0): raise unittest.SkipTest("No paried IPSec server available") pre_events_enabled = global_functions.get_app_metric_value( app, "enabled") wan_IP = uvmContext.networkManager().getFirstWanAddress() pairMatchNotFound = True listOfPairs = "" for hostConfig in configuredHostIPs: print(hostConfig[0]) listOfPairs += str(hostConfig[0]) + ", " if (wan_IP in hostConfig[0]): appendTunnel( addIPSecTunnel(ipsecHost, ipsecHostLAN, hostConfig[0], hostConfig[1], hostConfig[2])) pairMatchNotFound = False if (pairMatchNotFound): raise unittest.SkipTest("IPsec test only configed for IPs %s" % (listOfPairs)) timeout = 10 ipsecHostLANResult = 1 while (ipsecHostLANResult != 0 and timeout > 0): timeout -= 1 time.sleep(1) # ping the remote LAN to see if the IPsec tunnel is connected. ipsecHostLANResult = remote_control.run_command( "wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/" % ipsecHostLANIP) assert (ipsecHostLANResult == 0) ipsecPcLanResult = remote_control.run_command("ping -c 1 %s" % ipsecPcLANIP) assert (ipsecPcLanResult == 0) tunnelUp = True # Check to see if the faceplate counters have incremented. post_events_enabled = global_functions.get_app_metric_value( app, "enabled") assert (pre_events_enabled < post_events_enabled)
def test_065_all_wan_offline_but_one(self): if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') if (len(indexOfWans) < 2): raise unittest.SkipTest( "Need at least two WANS for test_065_downAllButOneWan") pre_count = global_functions.get_app_metric_value(app, "changed") validWanIP = None # loop through the WANs keeping one up and the rest down. for upWanIndexTup in indexOfWans: upWanIndex = upWanIndexTup[0] nuke_rules() for wanIndexTup in indexOfWans: wanIndex = wanIndexTup[0] if upWanIndex != wanIndex: # make this interface test disconnected build_wan_test(wanIndex, "ping", pingHost="192.168.244.1") else: validWanIP = wanIndexTup[2] build_wan_test(upWanIndex, "ping", pingHost="8.8.8.8") print("validIP is %s" % validWanIP) wait_for_wan_offline() online_count = online_wan_count() offline_count = offline_wan_count() assert (online_count == 1) assert (offline_count > 0) for x in range(0, 8): result = global_functions.get_public_ip_address() print("IP address %s and validWanIP %s" % (result, validWanIP)) assert (result == validWanIP) # Check to see if the faceplate counters have incremented. post_count = global_functions.get_app_metric_value(app, "changed") assert (pre_count < post_count)
def test_060_app_stats(self): """ Checks that the scan, detect, and block stats are properly incremented """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') # clear out the signature list appSettings['signatures']['list'] = [] appSettings['signatures']['list'].append(create_signature( gid = "1", sid = "1999999", classtype="attempted-admin", category="app-detect", msg="CompanySecret", log=True, block=False, action="alert", type="tcp")) # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect")) app.setSettings(appSettings, True) wait_for_daemon_ready() app.forceUpdateStats() pre_events_scan = global_functions.get_app_metric_value(app,"scan") pre_events_detect = global_functions.get_app_metric_value(app,"detect") pre_events_block = global_functions.get_app_metric_value(app,"block") startTime = datetime.datetime.now() loopLimit = 4 # Send four requests for test rebustnewss while (loopLimit > 0): time.sleep(1) loopLimit -= 1 result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret") time.sleep(10) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'msg', "CompanySecret", 'blocked', True, min_date=startTime) post_events_scan = global_functions.get_app_metric_value(app,"scan") post_events_detect = global_functions.get_app_metric_value(app,"detect") post_events_block = global_functions.get_app_metric_value(app,"block") del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found) print("pre_events_scan: %s post_events_scan: %s"%(str(pre_events_scan),str(post_events_scan))) print("pre_events_detect: %s post_events_detect: %s"%(str(pre_events_detect),str(post_events_detect))) print("pre_events_block: %s post_events_block: %s"%(str(pre_events_block),str(post_events_block))) # assert(pre_events_scan < post_events_scan) assert(pre_events_detect < post_events_detect) assert(pre_events_block < post_events_block)
def test_020_testBasicWebCache(self): if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') pre_events_hit = global_functions.get_app_metric_value(app,"hit") app.clearSquidCache() for x in range(0, 10): result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 http://test.untangle.com/") time.sleep(1) assert (result == 0) time.sleep(65) # summary-events only written every 60 seconds events = global_functions.get_events('Web Cache','Web Cache Events',None,1) assert(events != None) # verify at least one hit assert(events['list'][0]) assert(events['list'][0]['hits']) # Check to see if the faceplate counters have incremented. post_events_hit = global_functions.get_app_metric_value(app,"hit") assert(pre_events_hit < post_events_hit)
def test_016_flag_url(self): """verify basic URL blocking the the url block list""" pre_events_scan = global_functions.get_app_metric_value( self._app, "scan") pre_events_pass = global_functions.get_app_metric_value( self._app, "pass") pre_events_block = global_functions.get_app_metric_value( self._app, "block") self.block_url_list_add("test.untangle.com/test/testPage1.html") result = self.get_web_request_results( url="http://test.untangle.com/test/testPage1.html", expected="blockpage") self.block_url_list_clear() assert (result == 0) # verify the faceplate counters have incremented. post_events_scan = global_functions.get_app_metric_value( self._app, "scan") post_events_pass = global_functions.get_app_metric_value( self._app, "pass") post_events_block = global_functions.get_app_metric_value( self._app, "block") assert (pre_events_scan < post_events_scan) assert (pre_events_pass < post_events_pass) assert (pre_events_block == post_events_block)
def test_079_createClientVPNTunnelADUserPass(self): global appData, vpnServerResult, vpnClientResult, appDC if (vpnClientResult != 0 or vpnServerResult != 0): raise unittest.SkipTest("No paried VPN client available") pre_events_connect = global_functions.get_app_metric_value(app,"connect") if (adResult != 0): raise unittest.SkipTest("No AD server available") appNameDC = "directory-connector" if (uvmContext.appManager().isInstantiated(appNameDC)): print("App %s already installed" % appNameDC) appDC = uvmContext.appManager().app(appNameDC) else: appDC = uvmContext.appManager().instantiate(appNameDC, default_policy_id) appDC.setSettings(createDirectoryConnectorSettings(ad_enable=True,ldap_secure=True)) running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP,) loopLimit = 5 while ((running == 0) and (loopLimit > 0)): # OpenVPN is running, wait 5 sec to see if openvpn is done loopLimit -= 1 time.sleep(5) running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP) if loopLimit == 0: # try killing the openvpn session as it is probably stuck remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(2) running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP) if running == 0: raise unittest.SkipTest("OpenVPN test machine already in use") appData = app.getSettings() appData["serverEnabled"]=True siteName = appData['siteName'] appData['exports']['list'].append(create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) #enable user/password authentication, set to AD directory appData['authUserPass']=True appData["authenticationType"]="ACTIVE_DIRECTORY" app.setSettings(appData) clientLink = app.getClientDistributionDownloadLink(vpnClientName,"zip") #download, unzip, move config to correct directory result = configureVPNClientForConnection(clientLink) assert(result == 0) #create credentials file containing username/password remote_control.run_command("echo " + global_functions.AD_USER + " > /tmp/authUserPassFile; echo passwd >> /tmp/authUserPassFile", host=global_functions.VPN_CLIENT_IP) #connect to openvpn using the file remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn --config " + siteName + ".conf --auth-user-pass /tmp/authUserPassFile >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() # fail if tunnel doesn't connect assert(timeout > 0) # ping the test host behind the Untangle from the remote testbox result = remote_control.run_command("ping -c 2 " + remote_control.client_ip, host=global_functions.VPN_CLIENT_IP) listOfClients = app.getActiveClients() print("address " + listOfClients['list'][0]['address']) print("vpn address 1 " + listOfClients['list'][0]['poolAddress']) host_result = remote_control.run_command("host test.untangle.com", stdout=True) match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ','') # stop the vpn tunnel on remote box remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) # openvpn takes time to shut down time.sleep(3) assert(result==0) assert(listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP) events = global_functions.get_events('OpenVPN','Connection Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'remote_address', global_functions.VPN_CLIENT_IP, 'client_name', vpnClientName ) assert( found ) # Check to see if the faceplate counters have incremented. post_events_connect = global_functions.get_app_metric_value(app, "connect") assert(pre_events_connect < post_events_connect)
def test_079_createClientVPNTunnelADUserPass(self): global appData, vpnServerResult, vpnClientResult, appDC if (vpnClientResult != 0 or vpnServerResult != 0): raise unittest.SkipTest("No paried VPN client available") pre_events_connect = global_functions.get_app_metric_value( app, "connect") if (adResult != 0): raise unittest.SkipTest("No AD server available") appNameDC = "directory-connector" if (uvmContext.appManager().isInstantiated(appNameDC)): print("App %s already installed" % appNameDC) appDC = uvmContext.appManager().app(appNameDC) else: appDC = uvmContext.appManager().instantiate( appNameDC, default_policy_id) appDC.setSettings( createDirectoryConnectorSettings(ad_enable=True, ldap_secure=True)) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP, ) loopLimit = 5 while ((running == 0) and (loopLimit > 0)): # OpenVPN is running, wait 5 sec to see if openvpn is done loopLimit -= 1 time.sleep(5) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) if loopLimit == 0: # try killing the openvpn session as it is probably stuck remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(2) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) if running == 0: raise unittest.SkipTest("OpenVPN test machine already in use") appData = app.getSettings() appData["serverEnabled"] = True siteName = appData['siteName'] appData['exports']['list'].append( create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) #enable user/password authentication, set to AD directory appData['authUserPass'] = True appData["authenticationType"] = "ACTIVE_DIRECTORY" app.setSettings(appData) clientLink = app.getClientDistributionDownloadLink( vpnClientName, "zip") #download, unzip, move config to correct directory result = configureVPNClientForConnection(clientLink) assert (result == 0) #create credentials file containing username/password remote_control.run_command( "echo " + global_functions.AD_USER + " > /tmp/authUserPassFile; echo passwd >> /tmp/authUserPassFile", host=global_functions.VPN_CLIENT_IP) #connect to openvpn using the file remote_control.run_command( "cd /etc/openvpn; sudo nohup openvpn --config " + siteName + ".conf --auth-user-pass /tmp/authUserPassFile >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() # fail if tunnel doesn't connect assert (timeout > 0) # ping the test host behind the Untangle from the remote testbox result = remote_control.run_command( "ping -c 2 " + remote_control.client_ip, host=global_functions.VPN_CLIENT_IP) listOfClients = app.getActiveClients() print("address " + listOfClients['list'][0]['address']) print("vpn address 1 " + listOfClients['list'][0]['poolAddress']) host_result = remote_control.run_command("host test.untangle.com", stdout=True) match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ', '') # stop the vpn tunnel on remote box remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) # openvpn takes time to shut down time.sleep(3) assert (result == 0) assert (listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP) events = global_functions.get_events('OpenVPN', 'Connection Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'remote_address', global_functions.VPN_CLIENT_IP, 'client_name', vpnClientName) assert (found) # Check to see if the faceplate counters have incremented. post_events_connect = global_functions.get_app_metric_value( app, "connect") assert (pre_events_connect < post_events_connect)
def test_060_createDeleteClientVPNTunnel(self): global appData, vpnServerResult, vpnClientResult if(vpnClientResult != 0 or vpnServerResult != 0): raise unittest.SkipTest("No paried VPN client available") pre_events_connect = global_functions.get_app_metric_value(app, "connect") running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP) loopLimit = 5 while((running == 0) and (loopLimit > 0)): # OpenVPN is running, wait 5 sec to see if openvpn is done loopLimit -= 1 time.sleep(5) running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP) if loopLimit == 0: # openvpn is probably stuck, kill it and re-run remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(2) running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP) if running == 0: raise unittest.SkipTest("OpenVPN test machine already in use") appData = app.getSettings() appData["serverEnabled"] = True siteName = appData['siteName'] appData['exports']['list'].append(create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) app.setSettings(appData) #print(appData) clientLink = app.getClientDistributionDownloadLink(vpnClientName, "zip") print(clientLink) #download, unzip, move config to correct directory result = configureVPNClientForConnection(clientLink) assert(result == 0) #start openvpn tunnel remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn "+siteName+".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() # fail test if vpn tunnel does not connect assert(timeout > 0) result = remote_control.run_command("ping -c 2 " + remote_control.client_ip, host=global_functions.VPN_CLIENT_IP) listOfClients = app.getActiveClients() print("address " + listOfClients['list'][0]['address']) print("vpn address 1 " + listOfClients['list'][0]['poolAddress']) host_result = remote_control.run_command("host test.untangle.com", stdout=True) print("host_result <%s>" % host_result) match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ','') #stop the vpn tunnel remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(3) # wait for openvpn to stop assert(result==0) assert(listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP) events = global_functions.get_events('OpenVPN','Connection Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'remote_address', global_functions.VPN_CLIENT_IP, 'client_name', vpnClientName ) assert( found ) #check to see if the faceplate counters have incremented post_events_connect = global_functions.get_app_metric_value(app, "connect") assert(pre_events_connect < post_events_connect) #delete the user appData['remoteClients']['list'][:] = [] app.setSettings(appData) #attempt to connect with now deleted user remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn "+siteName+".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() #fail the test if it does connect assert(timeout <= 0) #create the same user again appData['exports']['list'].append(create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) app.setSettings(appData) #print(appData) clientLink = app.getClientDistributionDownloadLink(vpnClientName, "zip") print(clientLink) #download, unzip, move config to correct directory result = configureVPNClientForConnection(clientLink) assert(result == 0) #check the key files to make sure they aren't O length for x in range(0, 3): if x == 0: crtSize = remote_control.run_command("du /etc/openvpn/keys/" + siteName + "-" + vpnClientName + ".crt",host=global_functions.VPN_CLIENT_IP,stdout=True) fileSize = int(crtSize[0]) elif x == 1: cacrtSize = remote_control.run_command("du /etc/openvpn/keys/" + siteName + "-" + vpnClientName + "-ca.crt",host=global_functions.VPN_CLIENT_IP,stdout=True) fileSize = int(cacrtSize[0]) elif x == 2: keySize = remote_control.run_command("du /etc/openvpn/keys/" + siteName + "-" + vpnClientName + ".key",host=global_functions.VPN_CLIENT_IP,stdout=True) fileSize = int(keySize[0]) assert(fileSize > 0) #start openvpn remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn "+siteName+".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() # fail test if vpn tunnel does not connect assert(timeout > 0) result = remote_control.run_command("ping -c 2 " + remote_control.client_ip, host=global_functions.VPN_CLIENT_IP) listOfClients = app.getActiveClients() print("address " + listOfClients['list'][0]['address']) print("vpn address 1 " + listOfClients['list'][0]['poolAddress']) host_result = remote_control.run_command("host test.untangle.com", stdout=True) print("host_result <%s>" % host_result) match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ','') #stop the vpn tunnel remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(3) # wait for openvpn to stop assert(result==0) assert(listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP) events = global_functions.get_events('OpenVPN','Connection Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'remote_address', global_functions.VPN_CLIENT_IP, 'client_name', vpnClientName ) assert( found ) #check to see if the faceplate counters have incremented post_events_connect = global_functions.get_app_metric_value(app, "connect") assert(pre_events_connect < post_events_connect)
def test_040_createClientVPNTunnel(self): global appData, vpnServerResult, vpnClientResult if (vpnClientResult != 0 or vpnServerResult != 0): raise unittest.SkipTest("No paried VPN client available") pre_events_connect = global_functions.get_app_metric_value(app,"connect") running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP,) loopLimit = 5 while ((running == 0) and (loopLimit > 0)): # OpenVPN is running, wait 5 sec to see if openvpm is done loopLimit -= 1 time.sleep(5) running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP) if loopLimit == 0: # try killing the openvpn session as it is probably stuck remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(2) running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP) if running == 0: raise unittest.SkipTest("OpenVPN test machine already in use") appData = app.getSettings() appData["serverEnabled"]=True siteName = appData['siteName'] appData['exports']['list'].append(create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) app.setSettings(appData) clientLink = app.getClientDistributionDownloadLink(vpnClientName,"zip") # print(clientLink) #download, unzip, move config to correct directory result = configureVPNClientForConnection(clientLink) assert(result == 0) #start openvpn tunnel remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn "+siteName+".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() # If VPN tunnel has failed to connect so fail the test, assert(timeout > 0) # ping the test host behind the Untangle from the remote testbox result = remote_control.run_command("ping -c 2 " + remote_control.client_ip, host=global_functions.VPN_CLIENT_IP) listOfClients = app.getActiveClients() print("address " + listOfClients['list'][0]['address']) print("vpn address 1 " + listOfClients['list'][0]['poolAddress']) host_result = remote_control.run_command("host test.untangle.com", stdout=True) # print("host_result <%s>" % host_result) match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ','') # stop the vpn tunnel on remote box remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(3) # openvpn takes time to shut down assert(result==0) assert(listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP) events = global_functions.get_events('OpenVPN','Connection Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'remote_address', global_functions.VPN_CLIENT_IP, 'client_name', vpnClientName ) assert( found ) # Check to see if the faceplate counters have incremented. post_events_connect = global_functions.get_app_metric_value(app, "connect") assert(pre_events_connect < post_events_connect)
def test_040_createClientVPNTunnel(self): global appData, vpnServerResult, vpnClientResult if (vpnClientResult != 0 or vpnServerResult != 0): raise unittest.SkipTest("No paried VPN client available") pre_events_connect = global_functions.get_app_metric_value( app, "connect") running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP, ) loopLimit = 5 while ((running == 0) and (loopLimit > 0)): # OpenVPN is running, wait 5 sec to see if openvpm is done loopLimit -= 1 time.sleep(5) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) if loopLimit == 0: # try killing the openvpn session as it is probably stuck remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(2) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) if running == 0: raise unittest.SkipTest("OpenVPN test machine already in use") appData = app.getSettings() appData["serverEnabled"] = True siteName = appData['siteName'] appData['exports']['list'].append( create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) app.setSettings(appData) clientLink = app.getClientDistributionDownloadLink( vpnClientName, "zip") # print(clientLink) #download, unzip, move config to correct directory result = configureVPNClientForConnection(clientLink) assert (result == 0) #start openvpn tunnel remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " + siteName + ".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() # If VPN tunnel has failed to connect so fail the test, assert (timeout > 0) # ping the test host behind the Untangle from the remote testbox result = remote_control.run_command( "ping -c 2 " + remote_control.client_ip, host=global_functions.VPN_CLIENT_IP) listOfClients = app.getActiveClients() print("address " + listOfClients['list'][0]['address']) print("vpn address 1 " + listOfClients['list'][0]['poolAddress']) host_result = remote_control.run_command("host test.untangle.com", stdout=True) # print("host_result <%s>" % host_result) match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ', '') # stop the vpn tunnel on remote box remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(3) # openvpn takes time to shut down assert (result == 0) assert (listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP) events = global_functions.get_events('OpenVPN', 'Connection Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'remote_address', global_functions.VPN_CLIENT_IP, 'client_name', vpnClientName) assert (found) # Check to see if the faceplate counters have incremented. post_events_connect = global_functions.get_app_metric_value( app, "connect") assert (pre_events_connect < post_events_connect)
def test_060_createDeleteClientVPNTunnel(self): global appData, vpnServerResult, vpnClientResult if (vpnClientResult != 0 or vpnServerResult != 0): raise unittest.SkipTest("No paried VPN client available") pre_events_connect = global_functions.get_app_metric_value( app, "connect") running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) loopLimit = 5 while ((running == 0) and (loopLimit > 0)): # OpenVPN is running, wait 5 sec to see if openvpn is done loopLimit -= 1 time.sleep(5) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) if loopLimit == 0: # openvpn is probably stuck, kill it and re-run remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(2) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) if running == 0: raise unittest.SkipTest("OpenVPN test machine already in use") appData = app.getSettings() appData["serverEnabled"] = True siteName = appData['siteName'] appData['exports']['list'].append( create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) app.setSettings(appData) #print(appData) clientLink = app.getClientDistributionDownloadLink( vpnClientName, "zip") print(clientLink) #download, unzip, move config to correct directory result = configureVPNClientForConnection(clientLink) assert (result == 0) #start openvpn tunnel remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " + siteName + ".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() # fail test if vpn tunnel does not connect assert (timeout > 0) result = remote_control.run_command( "ping -c 2 " + remote_control.client_ip, host=global_functions.VPN_CLIENT_IP) listOfClients = app.getActiveClients() print("address " + listOfClients['list'][0]['address']) print("vpn address 1 " + listOfClients['list'][0]['poolAddress']) host_result = remote_control.run_command("host test.untangle.com", stdout=True) print("host_result <%s>" % host_result) match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ', '') #stop the vpn tunnel remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(3) # wait for openvpn to stop assert (result == 0) assert (listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP) events = global_functions.get_events('OpenVPN', 'Connection Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'remote_address', global_functions.VPN_CLIENT_IP, 'client_name', vpnClientName) assert (found) #check to see if the faceplate counters have incremented post_events_connect = global_functions.get_app_metric_value( app, "connect") assert (pre_events_connect < post_events_connect) #delete the user appData['remoteClients']['list'][:] = [] app.setSettings(appData) #attempt to connect with now deleted user remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " + siteName + ".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() #fail the test if it does connect assert (timeout <= 0) #create the same user again appData['exports']['list'].append( create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) app.setSettings(appData) #print(appData) clientLink = app.getClientDistributionDownloadLink( vpnClientName, "zip") print(clientLink) #download, unzip, move config to correct directory result = configureVPNClientForConnection(clientLink) assert (result == 0) #check the key files to make sure they aren't O length for x in range(0, 3): if x == 0: crtSize = remote_control.run_command( "du /etc/openvpn/keys/" + siteName + "-" + vpnClientName + ".crt", host=global_functions.VPN_CLIENT_IP, stdout=True) fileSize = int(crtSize[0]) elif x == 1: cacrtSize = remote_control.run_command( "du /etc/openvpn/keys/" + siteName + "-" + vpnClientName + "-ca.crt", host=global_functions.VPN_CLIENT_IP, stdout=True) fileSize = int(cacrtSize[0]) elif x == 2: keySize = remote_control.run_command( "du /etc/openvpn/keys/" + siteName + "-" + vpnClientName + ".key", host=global_functions.VPN_CLIENT_IP, stdout=True) fileSize = int(keySize[0]) assert (fileSize > 0) #start openvpn remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " + siteName + ".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() # fail test if vpn tunnel does not connect assert (timeout > 0) result = remote_control.run_command( "ping -c 2 " + remote_control.client_ip, host=global_functions.VPN_CLIENT_IP) listOfClients = app.getActiveClients() print("address " + listOfClients['list'][0]['address']) print("vpn address 1 " + listOfClients['list'][0]['poolAddress']) host_result = remote_control.run_command("host test.untangle.com", stdout=True) print("host_result <%s>" % host_result) match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ', '') #stop the vpn tunnel remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(3) # wait for openvpn to stop assert (result == 0) assert (listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP) events = global_functions.get_events('OpenVPN', 'Connection Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'remote_address', global_functions.VPN_CLIENT_IP, 'client_name', vpnClientName) assert (found) #check to see if the faceplate counters have incremented post_events_connect = global_functions.get_app_metric_value( app, "connect") assert (pre_events_connect < post_events_connect)
def test_120_natOneToOneWanDown(self): # create a 1:1 NAT and then down the wan which the NAT is set to # if there are more than one WAN if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') if (len(index_of_wans) < 2): raise unittest.SkipTest("Need at least two WANS for combination of wan-balancer and wan failover tests") pre_count = global_functions.get_app_metric_value(app_wan_failover,"changed") # raise unittest.SkipTest('Skipping test_120_natOneToOneWanDown as not possible with current network layout ') netsettings = uvmContext.networkManager().getNetworkSettings() nuke_wan_balancer_rules() nuke_wan_failover_rules() # create valid failover tests for wanIndexTup in index_of_wans: wanIndex = wanIndexTup[0] build_wan_test_rule(wanIndex) for wanIndexTup in index_of_wans: # get the WAN IP address which was source routed wanIndex = wanIndexTup[0] wanIP = wanIndexTup[1] wanExternalIP = wanIndexTup[2] # Add networking route which does not handle re-routing if WAN is down netsettings['natRules']['list']=[] netsettings['natRules']['list'].append(build_nat_rules("DST_ADDR",ip_address_testdestination,wanIP)) uvmContext.networkManager().setNetworkSettings(netsettings) # Test that only the routed interface is used 5 times subprocess.check_output("ip route flush cache", shell=True) for x in range(0, 5): result = "" timeout = 60 while (timeout > 0 and result == ""): time.sleep(1) timeout -= 1 result = global_functions.get_public_ip_address() print("NAT 1:1 IP %s External IP %s and retrieved IP %s" % (wanIP, wanExternalIP, result)) assert (result == wanExternalIP) # now down the selected wan and see if traffic flows out the other wan build_wan_test_rule(wanIndex, "ping", "192.168.244.1") # Wait for targeted the WAN to be off line before testing that the WAN is off line. timeout = 60 online = True offlineWanIndex = wanIndex while online and timeout > 0: timeout -= 1 time.sleep(1) wanStatus = app_wan_failover.getWanStatus() for statusInterface in wanStatus['list']: if statusInterface['interfaceId'] == offlineWanIndex: online = statusInterface['online'] subprocess.check_output("ip route flush cache", shell=True) for x in range(0, 5): result = global_functions.get_public_ip_address() print("WAN Down NAT 1:1 IP %s External IP %s and retrieved IP %s" % (wanIP, wanExternalIP, result)) assert (result == wanExternalIP) uvmContext.networkManager().setNetworkSettings(orig_netsettings) nuke_wan_failover_rules() # Check to see if the faceplate counters have incremented. post_count = global_functions.get_app_metric_value(app_wan_failover,"changed") assert(pre_count < post_count)