def test_015_httpEicarBlocked(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
pre_events_scan = global_functions.get_app_metric_value(
self._app, "scan")
pre_events_block = global_functions.get_app_metric_value(
self._app, "block")
result = remote_control.run_command(
"wget -q -O - http://test.untangle.com/virus/eicar.zip 2>&1 | grep -q blocked"
)
# temporary for debugging
if (result == 1):
remote_control.run_command(
"wget -q -O /tmp/eicar_wget_output.zip http://test.untangle.com/virus/eicar.zip"
)
assert (result == 0)
post_events_scan = global_functions.get_app_metric_value(
self._app, "scan")
post_events_block = global_functions.get_app_metric_value(
self._app, "block")
assert (pre_events_scan < post_events_scan)
assert (pre_events_block < post_events_block)
def test_060_createIpsecTunnelHostname(self):
if (ipsecHostResult != 0):
raise unittest.SkipTest("No paried IPSec server available")
pre_events_enabled = global_functions.get_app_metric_value(self._app,"enabled")
wan_IP = uvmContext.networkManager().getFirstWanAddress()
pairMatchNotFound = True
listOfPairs = ""
addDNSRule(createDNSRule(ipsecHost,ipsecHostname))
# verify L2TP is off NGFW-7212
ipsecSettings = self._app.getSettings()
ipsecSettings["vpnflag"] = False
self._app.setSettings(ipsecSettings)
for hostConfig in configuredHostIPs:
print(hostConfig[0])
listOfPairs += str(hostConfig[0]) + ", "
if (wan_IP in hostConfig[0]):
appData = self._app.getSettings()
appData["tunnels"]["list"].append(addIPSecTunnel(ipsecHostname,ipsecHostLAN,hostConfig[0],hostConfig[1],hostConfig[2]))
self._app.setSettings(appData)
pairMatchNotFound = False
if (pairMatchNotFound):
raise unittest.SkipTest("IPsec test only configed for IPs %s" % (listOfPairs))
timeout = 10
ipsecHostLANResult = 1
while (ipsecHostLANResult != 0 and timeout > 0):
timeout -= 1
time.sleep(1)
# ping the remote LAN to see if the IPsec tunnel is connected.
ipsecHostLANResult = remote_control.run_command("wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/" % ipsecHostLANIP)
post_events_enabled = global_functions.get_app_metric_value(self._app,"enabled")
nukeIPSecTunnels(self._app)
assert (ipsecHostLANResult == 0)
# Check to see if the faceplate counters have incremented.
assert(pre_events_enabled < post_events_enabled)
def test_060_createIpsecTunnelHostname(self):
if (ipsecHostResult != 0):
raise unittest.SkipTest("No paried IPSec server available")
pre_events_enabled = global_functions.get_app_metric_value(app,"enabled")
wan_IP = uvmContext.networkManager().getFirstWanAddress()
pairMatchNotFound = True
listOfPairs = ""
addDNSRule(createDNSRule(ipsecHost,ipsecHostname))
# verify L2TP is off NGFW-7212
ipsecSettings = app.getSettings()
ipsecSettings["vpnflag"] = False
app.setSettings(ipsecSettings)
for hostConfig in configuredHostIPs:
print(hostConfig[0])
listOfPairs += str(hostConfig[0]) + ", "
if (wan_IP in hostConfig[0]):
appendTunnel(addIPSecTunnel(ipsecHostname,ipsecHostLAN,hostConfig[0],hostConfig[1],hostConfig[2]))
pairMatchNotFound = False
if (pairMatchNotFound):
raise unittest.SkipTest("IPsec test only configed for IPs %s" % (listOfPairs))
timeout = 10
ipsecHostLANResult = 1
while (ipsecHostLANResult != 0 and timeout > 0):
timeout -= 1
time.sleep(1)
# ping the remote LAN to see if the IPsec tunnel is connected.
ipsecHostLANResult = remote_control.run_command("wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/" % ipsecHostLANIP)
post_events_enabled = global_functions.get_app_metric_value(app,"enabled")
nukeIPSecTunnels()
assert (ipsecHostLANResult == 0)
# Check to see if the faceplate counters have incremented.
assert(pre_events_enabled < post_events_enabled)
def test_020_testBasicWebCache(self):
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
pre_events_hit = global_functions.get_app_metric_value(app, "hit")
app.clearSquidCache()
for x in range(0, 10):
result = remote_control.run_command(
"wget -q -O /dev/null -4 -t 2 --timeout=5 http://test.untangle.com/"
)
time.sleep(1)
assert (result == 0)
time.sleep(65) # summary-events only written every 60 seconds
events = global_functions.get_events('Web Cache', 'Web Cache Events',
None, 1)
assert (events != None)
# verify at least one hit
assert (events['list'][0])
assert (events['list'][0]['hits'])
# Check to see if the faceplate counters have incremented.
post_events_hit = global_functions.get_app_metric_value(app, "hit")
assert (pre_events_hit < post_events_hit)
def test_020_createIpsecTunnel(self):
global tunnelUp
if (ipsecHostResult != 0):
raise unittest.SkipTest("No paried IPSec server available")
pre_events_enabled = global_functions.get_app_metric_value(app,"enabled")
wan_IP = uvmContext.networkManager().getFirstWanAddress()
pairMatchNotFound = True
listOfPairs = ""
for hostConfig in configuredHostIPs:
print(hostConfig[0])
listOfPairs += str(hostConfig[0]) + ", "
if (wan_IP in hostConfig[0]):
appendTunnel(addIPSecTunnel(ipsecHost,ipsecHostLAN,hostConfig[0],hostConfig[1],hostConfig[2]))
pairMatchNotFound = False
if (pairMatchNotFound):
raise unittest.SkipTest("IPsec test only configed for IPs %s" % (listOfPairs))
timeout = 10
ipsecHostLANResult = 1
while (ipsecHostLANResult != 0 and timeout > 0):
timeout -= 1
time.sleep(1)
# ping the remote LAN to see if the IPsec tunnel is connected.
ipsecHostLANResult = remote_control.run_command("wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/" % ipsecHostLANIP)
assert (ipsecHostLANResult == 0)
ipsecPcLanResult = remote_control.run_command("ping -c 1 %s" % ipsecPcLANIP)
assert (ipsecPcLanResult == 0)
tunnelUp = True
# Check to see if the faceplate counters have incremented.
post_events_enabled = global_functions.get_app_metric_value(app,"enabled")
assert(pre_events_enabled < post_events_enabled)
def test_050_severely_limited_web_filter_flagged(self):
nuke_rules(self._app)
pre_count = global_functions.get_app_metric_value(
self._app, "prioritize")
priority_level = 7
# This test might need web filter for http to start
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed(
download_server=target_server)
# Create WEB_FILTER_FLAGGED based rule to limit bandwidth
append_rule(
self._app,
create_single_condition_rule("WEB_FILTER_FLAGGED", "true",
"SET_PRIORITY", priority_level))
# Test.untangle.com is listed as Software, Hardware in web filter. As of 1/2014 its in Technology
settingsWF = self._app_web_filter.getSettings()
i = 0
if target_server == global_functions.TEST_SERVER_HOST:
untangleCats = ["Computer,", "Security"]
else:
untangleCats = [
"Uncategorized",
]
for webCategories in settingsWF['categories']['list']:
if any(x in webCategories['name'] for x in untangleCats):
settingsWF['categories']['list'][i]['flagged'] = "true"
i += 1
self._app_web_filter.setSettings(settingsWF)
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed(
download_server=target_server)
print_results(wget_speed_pre, wget_speed_post, wget_speed_pre * 0.1,
wget_speed_pre * limited_acceptance_ratio)
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control',
'Prioritized Sessions', None, 5)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
"bandwidth_control_priority",
priority_level, "c_client_addr",
remote_control.client_ip)
assert (found)
# Check to see if the faceplate counters have incremented.
post_count = global_functions.get_app_metric_value(app, "prioritize")
assert (pre_count < post_count)
def test_020_smtpQuarantinedPhishBlockerTest(self):
if (not canRelay):
raise unittest.SkipTest('Unable to relay through ' +
smtpServerHost)
if (not mail_app):
raise unittest.SkipTest('Unable download mailsendder app')
pre_events_quarantine = global_functions.get_app_metric_value(
app, "quarantine")
appData['smtpConfig']['scanWanMail'] = True
appData['smtpConfig']['strength'] = 5
app.setSettings(appData)
# Get the IP address of test.untangle.com
result = remote_control.run_command("host " + smtpServerHost,
stdout=True)
match = re.search(r'\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', result)
ip_address_testuntangle = match.group()
# sometimes the load is very high >7 and sending mail will fail
# sleep for a while for the load to go down
try:
if float(file("/proc/loadavg", "r").readline().split(" ")[0]) > 3:
time.sleep(30)
except:
pass
timeout = 12
found = False
email_index = 20
while (not found and timeout > 0):
time.sleep(10)
email_index += 1
from_address = "test0" + str(email_index)
sendPhishMail(mailfrom=from_address)
events = global_functions.get_events('Phish Blocker',
'All Phish Events', None, 5)
assert (events != None)
# print(events['list'][0])
found = global_functions.check_events(
events.get('list'), 5, 'c_server_addr',
ip_address_testuntangle, 's_server_port', 25, 'addr',
'*****@*****.**', 'c_client_addr',
remote_control.client_ip, 'phish_blocker_action', 'Q')
timeout -= 1
assert (found)
# Check to see if the faceplate counters have incremented.
post_events_quarantine = global_functions.get_app_metric_value(
app, "quarantine")
assert (pre_events_quarantine < post_events_quarantine)
def test_026_protoRule_Pandora(self):
pre_count = global_functions.get_app_metric_value(app,"pass")
touchProtoRule("Pandora",False,False)
result1 = remote_control.run_command("wget --no-check-certificate -q -O /dev/null -4 -t 2 --timeout=5 https://pandora.com/")
touchProtoRule("Pandora",True,True)
result2 = remote_control.run_command("wget --no-check-certificate -q -O /dev/null -4 -t 2 --timeout=5 https://pandora.com/")
touchProtoRule("Pandora",False,False)
assert (result1 == 0)
assert (result2 != 0)
# Check to see if the faceplate counters have incremented.
post_count = global_functions.get_app_metric_value(app,"pass")
assert(pre_count < post_count)
def test_015_httpEicarBlocked(self):
if platform.machine().startswith('arm'):
raise unittest.SkipTest("local scanner not available on ARM")
pre_events_scan = global_functions.get_app_metric_value(app,"scan")
pre_events_block = global_functions.get_app_metric_value(app,"block")
result = remote_control.run_command("wget -q -O - http://test.untangle.com/virus/eicar.zip 2>&1 | grep -q blocked")
assert (result == 0)
post_events_scan = global_functions.get_app_metric_value(app,"scan")
post_events_block = global_functions.get_app_metric_value(app,"block")
assert(pre_events_scan < post_events_scan)
assert(pre_events_block < post_events_block)
def test_903_blockLocalEventLog(self):
rules_clear()
rule_append(create_rule_single_condition("CLIENT_COUNTRY","XL"))
pre_events_block = global_functions.get_app_metric_value(app,"block")
result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/")
assert (result != 0)
events = global_functions.get_events('Firewall','Blocked Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'c_client_addr', remote_control.client_ip,
'client_country', "XL",
'firewall_blocked', True,
'firewall_flagged', True)
assert( found )
# Check to see if the faceplate counters have incremented.
post_events_block = global_functions.get_app_metric_value(app,"block")
assert(pre_events_block < post_events_block)
def test_050_severely_limited_web_filter_flagged(self):
global app, app_web_filter
nuke_rules()
pre_count = global_functions.get_app_metric_value(app,"prioritize")
priority_level = 7
# This test might need web filter for http to start
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed(download_server="test.untangle.com")
# Create WEB_FILTER_FLAGGED based rule to limit bandwidth
append_rule(create_single_condition_rule("WEB_FILTER_FLAGGED","true","SET_PRIORITY",priority_level))
# Test.untangle.com is listed as Software, Hardware in web filter. As of 1/2014 its in Technology
settingsWF = app_web_filter.getSettings()
i = 0
untangleCats = ["Computer,", "Security"]
for webCategories in settingsWF['categories']['list']:
if any(x in webCategories['name'] for x in untangleCats):
settingsWF['categories']['list'][i]['flagged'] = "true"
i += 1
app_web_filter.setSettings(settingsWF)
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed(download_server="test.untangle.com")
print_results( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limited_acceptance_ratio )
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"bandwidth_control_priority", priority_level,
"c_client_addr", remote_control.client_ip)
assert( found )
# Check to see if the faceplate counters have incremented.
post_count = global_functions.get_app_metric_value(app,"prioritize")
assert(pre_count < post_count)
def test_020_createIpsecTunnel(self):
global tunnelUp
if (ipsecHostResult != 0):
raise unittest.SkipTest("No paried IPSec server available")
pre_events_enabled = global_functions.get_app_metric_value(
app, "enabled")
wan_IP = uvmContext.networkManager().getFirstWanAddress()
pairMatchNotFound = True
listOfPairs = ""
for hostConfig in configuredHostIPs:
print(hostConfig[0])
listOfPairs += str(hostConfig[0]) + ", "
if (wan_IP in hostConfig[0]):
appendTunnel(
addIPSecTunnel(ipsecHost, ipsecHostLAN, hostConfig[0],
hostConfig[1], hostConfig[2]))
pairMatchNotFound = False
if (pairMatchNotFound):
raise unittest.SkipTest("IPsec test only configed for IPs %s" %
(listOfPairs))
timeout = 10
ipsecHostLANResult = 1
while (ipsecHostLANResult != 0 and timeout > 0):
timeout -= 1
time.sleep(1)
# ping the remote LAN to see if the IPsec tunnel is connected.
ipsecHostLANResult = remote_control.run_command(
"wget -q -O /dev/null --no-check-certificate -4 -t 2 --timeout=5 https://%s/"
% ipsecHostLANIP)
assert (ipsecHostLANResult == 0)
ipsecPcLanResult = remote_control.run_command("ping -c 1 %s" %
ipsecPcLANIP)
assert (ipsecPcLanResult == 0)
tunnelUp = True
# Check to see if the faceplate counters have incremented.
post_events_enabled = global_functions.get_app_metric_value(
app, "enabled")
assert (pre_events_enabled < post_events_enabled)
def test_065_all_wan_offline_but_one(self):
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
if (len(indexOfWans) < 2):
raise unittest.SkipTest(
"Need at least two WANS for test_065_downAllButOneWan")
pre_count = global_functions.get_app_metric_value(app, "changed")
validWanIP = None
# loop through the WANs keeping one up and the rest down.
for upWanIndexTup in indexOfWans:
upWanIndex = upWanIndexTup[0]
nuke_rules()
for wanIndexTup in indexOfWans:
wanIndex = wanIndexTup[0]
if upWanIndex != wanIndex:
# make this interface test disconnected
build_wan_test(wanIndex, "ping", pingHost="192.168.244.1")
else:
validWanIP = wanIndexTup[2]
build_wan_test(upWanIndex, "ping", pingHost="8.8.8.8")
print("validIP is %s" % validWanIP)
wait_for_wan_offline()
online_count = online_wan_count()
offline_count = offline_wan_count()
assert (online_count == 1)
assert (offline_count > 0)
for x in range(0, 8):
result = global_functions.get_public_ip_address()
print("IP address %s and validWanIP %s" % (result, validWanIP))
assert (result == validWanIP)
# Check to see if the faceplate counters have incremented.
post_count = global_functions.get_app_metric_value(app, "changed")
assert (pre_count < post_count)
def test_060_app_stats(self):
"""
Checks that the scan, detect, and block stats are properly incremented
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
# clear out the signature list
appSettings['signatures']['list'] = []
appSettings['signatures']['list'].append(create_signature( gid = "1",
sid = "1999999",
classtype="attempted-admin",
category="app-detect",
msg="CompanySecret",
log=True,
block=False,
action="alert",
type="tcp"))
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect"))
app.setSettings(appSettings, True)
wait_for_daemon_ready()
app.forceUpdateStats()
pre_events_scan = global_functions.get_app_metric_value(app,"scan")
pre_events_detect = global_functions.get_app_metric_value(app,"detect")
pre_events_block = global_functions.get_app_metric_value(app,"block")
startTime = datetime.datetime.now()
loopLimit = 4
# Send four requests for test rebustnewss
while (loopLimit > 0):
time.sleep(1)
loopLimit -= 1
result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret")
time.sleep(10)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'msg', "CompanySecret",
'blocked', True,
min_date=startTime)
post_events_scan = global_functions.get_app_metric_value(app,"scan")
post_events_detect = global_functions.get_app_metric_value(app,"detect")
post_events_block = global_functions.get_app_metric_value(app,"block")
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
print("pre_events_scan: %s post_events_scan: %s"%(str(pre_events_scan),str(post_events_scan)))
print("pre_events_detect: %s post_events_detect: %s"%(str(pre_events_detect),str(post_events_detect)))
print("pre_events_block: %s post_events_block: %s"%(str(pre_events_block),str(post_events_block)))
# assert(pre_events_scan < post_events_scan)
assert(pre_events_detect < post_events_detect)
assert(pre_events_block < post_events_block)
def test_060_app_stats(self):
"""
Checks that the scan, detect, and block stats are properly incremented
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
# clear out the signature list
appSettings['signatures']['list'] = []
appSettings['signatures']['list'].append(create_signature( gid = "1",
sid = "1999999",
classtype="attempted-admin",
category="app-detect",
msg="CompanySecret",
log=True,
block=False,
action="alert",
type="tcp"))
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(0,create_rule(action="block", rule_type="CATEGORY", type_value="app-detect"))
app.setSettings(appSettings, True)
wait_for_daemon_ready()
app.forceUpdateStats()
pre_events_scan = global_functions.get_app_metric_value(app,"scan")
pre_events_detect = global_functions.get_app_metric_value(app,"detect")
pre_events_block = global_functions.get_app_metric_value(app,"block")
startTime = datetime.datetime.now()
loopLimit = 4
# Send four requests for test rebustnewss
while (loopLimit > 0):
time.sleep(1)
loopLimit -= 1
result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/CompanySecret")
time.sleep(10)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'msg', "CompanySecret",
'blocked', True,
min_date=startTime)
post_events_scan = global_functions.get_app_metric_value(app,"scan")
post_events_detect = global_functions.get_app_metric_value(app,"detect")
post_events_block = global_functions.get_app_metric_value(app,"block")
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
print("pre_events_scan: %s post_events_scan: %s"%(str(pre_events_scan),str(post_events_scan)))
print("pre_events_detect: %s post_events_detect: %s"%(str(pre_events_detect),str(post_events_detect)))
print("pre_events_block: %s post_events_block: %s"%(str(pre_events_block),str(post_events_block)))
# assert(pre_events_scan < post_events_scan)
assert(pre_events_detect < post_events_detect)
assert(pre_events_block < post_events_block)
def test_020_testBasicWebCache(self):
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
pre_events_hit = global_functions.get_app_metric_value(app,"hit")
app.clearSquidCache()
for x in range(0, 10):
result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 http://test.untangle.com/")
time.sleep(1)
assert (result == 0)
time.sleep(65) # summary-events only written every 60 seconds
events = global_functions.get_events('Web Cache','Web Cache Events',None,1)
assert(events != None)
# verify at least one hit
assert(events['list'][0])
assert(events['list'][0]['hits'])
# Check to see if the faceplate counters have incremented.
post_events_hit = global_functions.get_app_metric_value(app,"hit")
assert(pre_events_hit < post_events_hit)
def test_016_flag_url(self):
"""verify basic URL blocking the the url block list"""
pre_events_scan = global_functions.get_app_metric_value(
self._app, "scan")
pre_events_pass = global_functions.get_app_metric_value(
self._app, "pass")
pre_events_block = global_functions.get_app_metric_value(
self._app, "block")
self.block_url_list_add("test.untangle.com/test/testPage1.html")
result = self.get_web_request_results(
url="http://test.untangle.com/test/testPage1.html",
expected="blockpage")
self.block_url_list_clear()
assert (result == 0)
# verify the faceplate counters have incremented.
post_events_scan = global_functions.get_app_metric_value(
self._app, "scan")
post_events_pass = global_functions.get_app_metric_value(
self._app, "pass")
post_events_block = global_functions.get_app_metric_value(
self._app, "block")
assert (pre_events_scan < post_events_scan)
assert (pre_events_pass < post_events_pass)
assert (pre_events_block == post_events_block)
def test_079_createClientVPNTunnelADUserPass(self):
global appData, vpnServerResult, vpnClientResult, appDC
if (vpnClientResult != 0 or vpnServerResult != 0):
raise unittest.SkipTest("No paried VPN client available")
pre_events_connect = global_functions.get_app_metric_value(app,"connect")
if (adResult != 0):
raise unittest.SkipTest("No AD server available")
appNameDC = "directory-connector"
if (uvmContext.appManager().isInstantiated(appNameDC)):
print("App %s already installed" % appNameDC)
appDC = uvmContext.appManager().app(appNameDC)
else:
appDC = uvmContext.appManager().instantiate(appNameDC, default_policy_id)
appDC.setSettings(createDirectoryConnectorSettings(ad_enable=True,ldap_secure=True))
running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP,)
loopLimit = 5
while ((running == 0) and (loopLimit > 0)):
# OpenVPN is running, wait 5 sec to see if openvpn is done
loopLimit -= 1
time.sleep(5)
running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if loopLimit == 0:
# try killing the openvpn session as it is probably stuck
remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP)
time.sleep(2)
running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if running == 0:
raise unittest.SkipTest("OpenVPN test machine already in use")
appData = app.getSettings()
appData["serverEnabled"]=True
siteName = appData['siteName']
appData['exports']['list'].append(create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
#enable user/password authentication, set to AD directory
appData['authUserPass']=True
appData["authenticationType"]="ACTIVE_DIRECTORY"
app.setSettings(appData)
clientLink = app.getClientDistributionDownloadLink(vpnClientName,"zip")
#download, unzip, move config to correct directory
result = configureVPNClientForConnection(clientLink)
assert(result == 0)
#create credentials file containing username/password
remote_control.run_command("echo " + global_functions.AD_USER + " > /tmp/authUserPassFile; echo passwd >> /tmp/authUserPassFile", host=global_functions.VPN_CLIENT_IP)
#connect to openvpn using the file
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn --config " + siteName + ".conf --auth-user-pass /tmp/authUserPassFile >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
# fail if tunnel doesn't connect
assert(timeout > 0)
# ping the test host behind the Untangle from the remote testbox
result = remote_control.run_command("ping -c 2 " + remote_control.client_ip, host=global_functions.VPN_CLIENT_IP)
listOfClients = app.getActiveClients()
print("address " + listOfClients['list'][0]['address'])
print("vpn address 1 " + listOfClients['list'][0]['poolAddress'])
host_result = remote_control.run_command("host test.untangle.com", stdout=True)
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result)
ip_address_testuntangle = (match.group()).replace('address ','')
# stop the vpn tunnel on remote box
remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP)
# openvpn takes time to shut down
time.sleep(3)
assert(result==0)
assert(listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP)
events = global_functions.get_events('OpenVPN','Connection Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'remote_address', global_functions.VPN_CLIENT_IP,
'client_name', vpnClientName )
assert( found )
# Check to see if the faceplate counters have incremented.
post_events_connect = global_functions.get_app_metric_value(app, "connect")
assert(pre_events_connect < post_events_connect)
def test_079_createClientVPNTunnelADUserPass(self):
global appData, vpnServerResult, vpnClientResult, appDC
if (vpnClientResult != 0 or vpnServerResult != 0):
raise unittest.SkipTest("No paried VPN client available")
pre_events_connect = global_functions.get_app_metric_value(
app, "connect")
if (adResult != 0):
raise unittest.SkipTest("No AD server available")
appNameDC = "directory-connector"
if (uvmContext.appManager().isInstantiated(appNameDC)):
print("App %s already installed" % appNameDC)
appDC = uvmContext.appManager().app(appNameDC)
else:
appDC = uvmContext.appManager().instantiate(
appNameDC, default_policy_id)
appDC.setSettings(
createDirectoryConnectorSettings(ad_enable=True, ldap_secure=True))
running = remote_control.run_command(
"pidof openvpn",
host=global_functions.VPN_CLIENT_IP,
)
loopLimit = 5
while ((running == 0) and (loopLimit > 0)):
# OpenVPN is running, wait 5 sec to see if openvpn is done
loopLimit -= 1
time.sleep(5)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if loopLimit == 0:
# try killing the openvpn session as it is probably stuck
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
time.sleep(2)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if running == 0:
raise unittest.SkipTest("OpenVPN test machine already in use")
appData = app.getSettings()
appData["serverEnabled"] = True
siteName = appData['siteName']
appData['exports']['list'].append(
create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
#enable user/password authentication, set to AD directory
appData['authUserPass'] = True
appData["authenticationType"] = "ACTIVE_DIRECTORY"
app.setSettings(appData)
clientLink = app.getClientDistributionDownloadLink(
vpnClientName, "zip")
#download, unzip, move config to correct directory
result = configureVPNClientForConnection(clientLink)
assert (result == 0)
#create credentials file containing username/password
remote_control.run_command(
"echo " + global_functions.AD_USER +
" > /tmp/authUserPassFile; echo passwd >> /tmp/authUserPassFile",
host=global_functions.VPN_CLIENT_IP)
#connect to openvpn using the file
remote_control.run_command(
"cd /etc/openvpn; sudo nohup openvpn --config " + siteName +
".conf --auth-user-pass /tmp/authUserPassFile >/dev/null 2>&1 &",
host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
# fail if tunnel doesn't connect
assert (timeout > 0)
# ping the test host behind the Untangle from the remote testbox
result = remote_control.run_command(
"ping -c 2 " + remote_control.client_ip,
host=global_functions.VPN_CLIENT_IP)
listOfClients = app.getActiveClients()
print("address " + listOfClients['list'][0]['address'])
print("vpn address 1 " + listOfClients['list'][0]['poolAddress'])
host_result = remote_control.run_command("host test.untangle.com",
stdout=True)
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}',
host_result)
ip_address_testuntangle = (match.group()).replace('address ', '')
# stop the vpn tunnel on remote box
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
# openvpn takes time to shut down
time.sleep(3)
assert (result == 0)
assert (listOfClients['list'][0]['address'] ==
global_functions.VPN_CLIENT_IP)
events = global_functions.get_events('OpenVPN', 'Connection Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
'remote_address',
global_functions.VPN_CLIENT_IP,
'client_name', vpnClientName)
assert (found)
# Check to see if the faceplate counters have incremented.
post_events_connect = global_functions.get_app_metric_value(
app, "connect")
assert (pre_events_connect < post_events_connect)
def test_060_createDeleteClientVPNTunnel(self):
global appData, vpnServerResult, vpnClientResult
if(vpnClientResult != 0 or vpnServerResult != 0):
raise unittest.SkipTest("No paried VPN client available")
pre_events_connect = global_functions.get_app_metric_value(app, "connect")
running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP)
loopLimit = 5
while((running == 0) and (loopLimit > 0)):
# OpenVPN is running, wait 5 sec to see if openvpn is done
loopLimit -= 1
time.sleep(5)
running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if loopLimit == 0:
# openvpn is probably stuck, kill it and re-run
remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP)
time.sleep(2)
running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if running == 0:
raise unittest.SkipTest("OpenVPN test machine already in use")
appData = app.getSettings()
appData["serverEnabled"] = True
siteName = appData['siteName']
appData['exports']['list'].append(create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
app.setSettings(appData)
#print(appData)
clientLink = app.getClientDistributionDownloadLink(vpnClientName, "zip")
print(clientLink)
#download, unzip, move config to correct directory
result = configureVPNClientForConnection(clientLink)
assert(result == 0)
#start openvpn tunnel
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn "+siteName+".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
# fail test if vpn tunnel does not connect
assert(timeout > 0)
result = remote_control.run_command("ping -c 2 " + remote_control.client_ip, host=global_functions.VPN_CLIENT_IP)
listOfClients = app.getActiveClients()
print("address " + listOfClients['list'][0]['address'])
print("vpn address 1 " + listOfClients['list'][0]['poolAddress'])
host_result = remote_control.run_command("host test.untangle.com", stdout=True)
print("host_result <%s>" % host_result)
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result)
ip_address_testuntangle = (match.group()).replace('address ','')
#stop the vpn tunnel
remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP)
time.sleep(3) # wait for openvpn to stop
assert(result==0)
assert(listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP)
events = global_functions.get_events('OpenVPN','Connection Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'remote_address', global_functions.VPN_CLIENT_IP,
'client_name', vpnClientName )
assert( found )
#check to see if the faceplate counters have incremented
post_events_connect = global_functions.get_app_metric_value(app, "connect")
assert(pre_events_connect < post_events_connect)
#delete the user
appData['remoteClients']['list'][:] = []
app.setSettings(appData)
#attempt to connect with now deleted user
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn "+siteName+".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
#fail the test if it does connect
assert(timeout <= 0)
#create the same user again
appData['exports']['list'].append(create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
app.setSettings(appData)
#print(appData)
clientLink = app.getClientDistributionDownloadLink(vpnClientName, "zip")
print(clientLink)
#download, unzip, move config to correct directory
result = configureVPNClientForConnection(clientLink)
assert(result == 0)
#check the key files to make sure they aren't O length
for x in range(0, 3):
if x == 0:
crtSize = remote_control.run_command("du /etc/openvpn/keys/" + siteName + "-" + vpnClientName + ".crt",host=global_functions.VPN_CLIENT_IP,stdout=True)
fileSize = int(crtSize[0])
elif x == 1:
cacrtSize = remote_control.run_command("du /etc/openvpn/keys/" + siteName + "-" + vpnClientName + "-ca.crt",host=global_functions.VPN_CLIENT_IP,stdout=True)
fileSize = int(cacrtSize[0])
elif x == 2:
keySize = remote_control.run_command("du /etc/openvpn/keys/" + siteName + "-" + vpnClientName + ".key",host=global_functions.VPN_CLIENT_IP,stdout=True)
fileSize = int(keySize[0])
assert(fileSize > 0)
#start openvpn
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn "+siteName+".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
# fail test if vpn tunnel does not connect
assert(timeout > 0)
result = remote_control.run_command("ping -c 2 " + remote_control.client_ip, host=global_functions.VPN_CLIENT_IP)
listOfClients = app.getActiveClients()
print("address " + listOfClients['list'][0]['address'])
print("vpn address 1 " + listOfClients['list'][0]['poolAddress'])
host_result = remote_control.run_command("host test.untangle.com", stdout=True)
print("host_result <%s>" % host_result)
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result)
ip_address_testuntangle = (match.group()).replace('address ','')
#stop the vpn tunnel
remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP)
time.sleep(3) # wait for openvpn to stop
assert(result==0)
assert(listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP)
events = global_functions.get_events('OpenVPN','Connection Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'remote_address', global_functions.VPN_CLIENT_IP,
'client_name', vpnClientName )
assert( found )
#check to see if the faceplate counters have incremented
post_events_connect = global_functions.get_app_metric_value(app, "connect")
assert(pre_events_connect < post_events_connect)
def test_040_createClientVPNTunnel(self):
global appData, vpnServerResult, vpnClientResult
if (vpnClientResult != 0 or vpnServerResult != 0):
raise unittest.SkipTest("No paried VPN client available")
pre_events_connect = global_functions.get_app_metric_value(app,"connect")
running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP,)
loopLimit = 5
while ((running == 0) and (loopLimit > 0)):
# OpenVPN is running, wait 5 sec to see if openvpm is done
loopLimit -= 1
time.sleep(5)
running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if loopLimit == 0:
# try killing the openvpn session as it is probably stuck
remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP)
time.sleep(2)
running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if running == 0:
raise unittest.SkipTest("OpenVPN test machine already in use")
appData = app.getSettings()
appData["serverEnabled"]=True
siteName = appData['siteName']
appData['exports']['list'].append(create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
app.setSettings(appData)
clientLink = app.getClientDistributionDownloadLink(vpnClientName,"zip")
# print(clientLink)
#download, unzip, move config to correct directory
result = configureVPNClientForConnection(clientLink)
assert(result == 0)
#start openvpn tunnel
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn "+siteName+".conf >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
# If VPN tunnel has failed to connect so fail the test,
assert(timeout > 0)
# ping the test host behind the Untangle from the remote testbox
result = remote_control.run_command("ping -c 2 " + remote_control.client_ip, host=global_functions.VPN_CLIENT_IP)
listOfClients = app.getActiveClients()
print("address " + listOfClients['list'][0]['address'])
print("vpn address 1 " + listOfClients['list'][0]['poolAddress'])
host_result = remote_control.run_command("host test.untangle.com", stdout=True)
# print("host_result <%s>" % host_result)
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result)
ip_address_testuntangle = (match.group()).replace('address ','')
# stop the vpn tunnel on remote box
remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP)
time.sleep(3) # openvpn takes time to shut down
assert(result==0)
assert(listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP)
events = global_functions.get_events('OpenVPN','Connection Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'remote_address', global_functions.VPN_CLIENT_IP,
'client_name', vpnClientName )
assert( found )
# Check to see if the faceplate counters have incremented.
post_events_connect = global_functions.get_app_metric_value(app, "connect")
assert(pre_events_connect < post_events_connect)
def test_040_createClientVPNTunnel(self):
global appData, vpnServerResult, vpnClientResult
if (vpnClientResult != 0 or vpnServerResult != 0):
raise unittest.SkipTest("No paried VPN client available")
pre_events_connect = global_functions.get_app_metric_value(
app, "connect")
running = remote_control.run_command(
"pidof openvpn",
host=global_functions.VPN_CLIENT_IP,
)
loopLimit = 5
while ((running == 0) and (loopLimit > 0)):
# OpenVPN is running, wait 5 sec to see if openvpm is done
loopLimit -= 1
time.sleep(5)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if loopLimit == 0:
# try killing the openvpn session as it is probably stuck
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
time.sleep(2)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if running == 0:
raise unittest.SkipTest("OpenVPN test machine already in use")
appData = app.getSettings()
appData["serverEnabled"] = True
siteName = appData['siteName']
appData['exports']['list'].append(
create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
app.setSettings(appData)
clientLink = app.getClientDistributionDownloadLink(
vpnClientName, "zip")
# print(clientLink)
#download, unzip, move config to correct directory
result = configureVPNClientForConnection(clientLink)
assert (result == 0)
#start openvpn tunnel
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " +
siteName + ".conf >/dev/null 2>&1 &",
host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
# If VPN tunnel has failed to connect so fail the test,
assert (timeout > 0)
# ping the test host behind the Untangle from the remote testbox
result = remote_control.run_command(
"ping -c 2 " + remote_control.client_ip,
host=global_functions.VPN_CLIENT_IP)
listOfClients = app.getActiveClients()
print("address " + listOfClients['list'][0]['address'])
print("vpn address 1 " + listOfClients['list'][0]['poolAddress'])
host_result = remote_control.run_command("host test.untangle.com",
stdout=True)
# print("host_result <%s>" % host_result)
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}',
host_result)
ip_address_testuntangle = (match.group()).replace('address ', '')
# stop the vpn tunnel on remote box
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
time.sleep(3) # openvpn takes time to shut down
assert (result == 0)
assert (listOfClients['list'][0]['address'] ==
global_functions.VPN_CLIENT_IP)
events = global_functions.get_events('OpenVPN', 'Connection Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
'remote_address',
global_functions.VPN_CLIENT_IP,
'client_name', vpnClientName)
assert (found)
# Check to see if the faceplate counters have incremented.
post_events_connect = global_functions.get_app_metric_value(
app, "connect")
assert (pre_events_connect < post_events_connect)
def test_060_createDeleteClientVPNTunnel(self):
global appData, vpnServerResult, vpnClientResult
if (vpnClientResult != 0 or vpnServerResult != 0):
raise unittest.SkipTest("No paried VPN client available")
pre_events_connect = global_functions.get_app_metric_value(
app, "connect")
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
loopLimit = 5
while ((running == 0) and (loopLimit > 0)):
# OpenVPN is running, wait 5 sec to see if openvpn is done
loopLimit -= 1
time.sleep(5)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if loopLimit == 0:
# openvpn is probably stuck, kill it and re-run
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
time.sleep(2)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if running == 0:
raise unittest.SkipTest("OpenVPN test machine already in use")
appData = app.getSettings()
appData["serverEnabled"] = True
siteName = appData['siteName']
appData['exports']['list'].append(
create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
app.setSettings(appData)
#print(appData)
clientLink = app.getClientDistributionDownloadLink(
vpnClientName, "zip")
print(clientLink)
#download, unzip, move config to correct directory
result = configureVPNClientForConnection(clientLink)
assert (result == 0)
#start openvpn tunnel
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " +
siteName + ".conf >/dev/null 2>&1 &",
host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
# fail test if vpn tunnel does not connect
assert (timeout > 0)
result = remote_control.run_command(
"ping -c 2 " + remote_control.client_ip,
host=global_functions.VPN_CLIENT_IP)
listOfClients = app.getActiveClients()
print("address " + listOfClients['list'][0]['address'])
print("vpn address 1 " + listOfClients['list'][0]['poolAddress'])
host_result = remote_control.run_command("host test.untangle.com",
stdout=True)
print("host_result <%s>" % host_result)
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}',
host_result)
ip_address_testuntangle = (match.group()).replace('address ', '')
#stop the vpn tunnel
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
time.sleep(3) # wait for openvpn to stop
assert (result == 0)
assert (listOfClients['list'][0]['address'] ==
global_functions.VPN_CLIENT_IP)
events = global_functions.get_events('OpenVPN', 'Connection Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
'remote_address',
global_functions.VPN_CLIENT_IP,
'client_name', vpnClientName)
assert (found)
#check to see if the faceplate counters have incremented
post_events_connect = global_functions.get_app_metric_value(
app, "connect")
assert (pre_events_connect < post_events_connect)
#delete the user
appData['remoteClients']['list'][:] = []
app.setSettings(appData)
#attempt to connect with now deleted user
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " +
siteName + ".conf >/dev/null 2>&1 &",
host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
#fail the test if it does connect
assert (timeout <= 0)
#create the same user again
appData['exports']['list'].append(
create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
app.setSettings(appData)
#print(appData)
clientLink = app.getClientDistributionDownloadLink(
vpnClientName, "zip")
print(clientLink)
#download, unzip, move config to correct directory
result = configureVPNClientForConnection(clientLink)
assert (result == 0)
#check the key files to make sure they aren't O length
for x in range(0, 3):
if x == 0:
crtSize = remote_control.run_command(
"du /etc/openvpn/keys/" + siteName + "-" + vpnClientName +
".crt",
host=global_functions.VPN_CLIENT_IP,
stdout=True)
fileSize = int(crtSize[0])
elif x == 1:
cacrtSize = remote_control.run_command(
"du /etc/openvpn/keys/" + siteName + "-" + vpnClientName +
"-ca.crt",
host=global_functions.VPN_CLIENT_IP,
stdout=True)
fileSize = int(cacrtSize[0])
elif x == 2:
keySize = remote_control.run_command(
"du /etc/openvpn/keys/" + siteName + "-" + vpnClientName +
".key",
host=global_functions.VPN_CLIENT_IP,
stdout=True)
fileSize = int(keySize[0])
assert (fileSize > 0)
#start openvpn
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn " +
siteName + ".conf >/dev/null 2>&1 &",
host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
# fail test if vpn tunnel does not connect
assert (timeout > 0)
result = remote_control.run_command(
"ping -c 2 " + remote_control.client_ip,
host=global_functions.VPN_CLIENT_IP)
listOfClients = app.getActiveClients()
print("address " + listOfClients['list'][0]['address'])
print("vpn address 1 " + listOfClients['list'][0]['poolAddress'])
host_result = remote_control.run_command("host test.untangle.com",
stdout=True)
print("host_result <%s>" % host_result)
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}',
host_result)
ip_address_testuntangle = (match.group()).replace('address ', '')
#stop the vpn tunnel
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
time.sleep(3) # wait for openvpn to stop
assert (result == 0)
assert (listOfClients['list'][0]['address'] ==
global_functions.VPN_CLIENT_IP)
events = global_functions.get_events('OpenVPN', 'Connection Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
'remote_address',
global_functions.VPN_CLIENT_IP,
'client_name', vpnClientName)
assert (found)
#check to see if the faceplate counters have incremented
post_events_connect = global_functions.get_app_metric_value(
app, "connect")
assert (pre_events_connect < post_events_connect)
def test_120_natOneToOneWanDown(self):
# create a 1:1 NAT and then down the wan which the NAT is set to
# if there are more than one WAN
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
if (len(index_of_wans) < 2):
raise unittest.SkipTest("Need at least two WANS for combination of wan-balancer and wan failover tests")
pre_count = global_functions.get_app_metric_value(app_wan_failover,"changed")
# raise unittest.SkipTest('Skipping test_120_natOneToOneWanDown as not possible with current network layout ')
netsettings = uvmContext.networkManager().getNetworkSettings()
nuke_wan_balancer_rules()
nuke_wan_failover_rules()
# create valid failover tests
for wanIndexTup in index_of_wans:
wanIndex = wanIndexTup[0]
build_wan_test_rule(wanIndex)
for wanIndexTup in index_of_wans:
# get the WAN IP address which was source routed
wanIndex = wanIndexTup[0]
wanIP = wanIndexTup[1]
wanExternalIP = wanIndexTup[2]
# Add networking route which does not handle re-routing if WAN is down
netsettings['natRules']['list']=[]
netsettings['natRules']['list'].append(build_nat_rules("DST_ADDR",ip_address_testdestination,wanIP))
uvmContext.networkManager().setNetworkSettings(netsettings)
# Test that only the routed interface is used 5 times
subprocess.check_output("ip route flush cache", shell=True)
for x in range(0, 5):
result = ""
timeout = 60
while (timeout > 0 and result == ""):
time.sleep(1)
timeout -= 1
result = global_functions.get_public_ip_address()
print("NAT 1:1 IP %s External IP %s and retrieved IP %s" % (wanIP, wanExternalIP, result))
assert (result == wanExternalIP)
# now down the selected wan and see if traffic flows out the other wan
build_wan_test_rule(wanIndex, "ping", "192.168.244.1")
# Wait for targeted the WAN to be off line before testing that the WAN is off line.
timeout = 60
online = True
offlineWanIndex = wanIndex
while online and timeout > 0:
timeout -= 1
time.sleep(1)
wanStatus = app_wan_failover.getWanStatus()
for statusInterface in wanStatus['list']:
if statusInterface['interfaceId'] == offlineWanIndex:
online = statusInterface['online']
subprocess.check_output("ip route flush cache", shell=True)
for x in range(0, 5):
result = global_functions.get_public_ip_address()
print("WAN Down NAT 1:1 IP %s External IP %s and retrieved IP %s" % (wanIP, wanExternalIP, result))
assert (result == wanExternalIP)
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
nuke_wan_failover_rules()
# Check to see if the faceplate counters have incremented.
post_count = global_functions.get_app_metric_value(app_wan_failover,"changed")
assert(pre_count < post_count)
