def test_040_windowsL2TPlocalDirectory(self):
wan_IP = uvmContext.networkManager().getFirstWanAddress()
if (l2tpClientHostResult != 0):
raise unittest2.SkipTest("l2tpClientHostResult not available")
if (not wan_IP in l2tpServerHosts):
raise unittest2.SkipTest("No paried L2TP client available")
uvmContext.localDirectory().setUsers(createLocalDirectoryUser())
createL2TPconfig("LOCAL_DIRECTORY")
timeout = 480
found = False
# Send command for Windows VPN connect.
vpnServerResult = remote_control.run_command(
"rasdial.exe %s %s %s" %
(wan_IP, l2tpLocalUser, l2tpLocalPassword),
host=l2tpClientHost)
while not found and timeout > 0:
timeout -= 1
time.sleep(1)
virtUsers = app.getVirtualUsers()
for user in virtUsers['list']:
if user['clientUsername'] == l2tpLocalUser:
found = True
# Send command for Windows VPN disconnect.
vpnServerResult = remote_control.run_command("rasdial.exe %s /d" %
(wan_IP),
host=l2tpClientHost)
uvmContext.localDirectory().setUsers(removeLocalDirectoryUser())
assert (found)
def test_040_localCaptivePortalToSecondRack(self):
global defaultRackCaptivePortal
remote_control.run_command("rm -f /tmp/policy_test_040*")
defaultRackCaptivePortal = uvmContext.appManager().instantiate("captive-portal", default_policy_id)
assert (defaultRackCaptivePortal != None)
defaultRackCaptivePortalData = defaultRackCaptivePortal.getSettings()
# turn default capture rule on and basic login
defaultRackCaptivePortalData['captureRules']['list'][0]['enabled'] = True
defaultRackCaptivePortalData['authenticationType']="LOCAL_DIRECTORY"
defaultRackCaptivePortalData['pageType'] = "BASIC_LOGIN"
defaultRackCaptivePortal.setSettings(defaultRackCaptivePortalData)
# Create local directory user 'test20'
uvmContext.localDirectory().setUsers(createLocalDirectoryUser())
# check host table and remove username for host IP
userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP)
userHost['username'] = ""
userHost['usernameCaptivePortal'] = ""
uvmContext.hostTable().setHostTableEntry(remote_control.clientIP,userHost)
# userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP)
# print userHost
nukeRules()
appendRule(createPolicySingleConditionRule("USERNAME","[authenticated]", secondRackId))
# check that basic captive page is shown
result = remote_control.run_command("wget -4 -t 2 --timeout=5 -a /tmp/policy_test_040.log -O /tmp/policy_test_040.out http://www.google.com/")
assert (result == 0)
search = remote_control.run_command("grep -q 'username and password' /tmp/policy_test_040.out")
assert (search == 0)
# check if local directory login and password works
ipfind = remote_control.run_command("grep 'Location' /tmp/policy_test_040.log",stdout=True)
ip = re.findall( r'[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(?:[0-9:]{0,6})', ipfind )
captureIP = ip[0]
print 'Capture IP address is %s' % captureIP
appid = str(defaultRackCaptivePortal.getAppSettings()["id"])
# print 'appid is %s' % appid # debug line
result = remote_control.run_command("wget -q -O /dev/null -t 2 --timeout=5 \'http://" + captureIP + "/capture/handler.py/authpost?username=test20&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=" + captureIP + "&uri=/\'")
assert (result == 0)
# verify the username is assigned to the IP
userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP)
assert (userHost['username'] == "test20")
userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP)
# firewall on rack 2 is blocking all, we should not get the test.untangle.com page
result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040a.log -O /tmp/policy_test_040a.out http://www.google.com/")
search = remote_control.run_command("grep -q 'Hi!' /tmp/policy_test_040a.out")
assert (search != 0)
# Or the captive page
search = remote_control.run_command("grep -q 'username and password' /tmp/policy_test_040a.out")
assert (search != 0)
# Logout
result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040b.log -O /tmp/policy_test_040b.out http://" + captureIP + "/capture/logout")
assert (result == 0)
search = remote_control.run_command("grep -q 'logged out' /tmp/policy_test_040b.out")
assert (search == 0)
# remove captive portal and test user
uvmContext.localDirectory().setUsers(removeLocalDirectoryUser())
uvmContext.appManager().destroy( defaultRackCaptivePortal.getAppSettings()["id"] )
defaultRackCaptivePortal = None
def finalTearDown(self):
global app, appAD, appWeb
uvmContext.localDirectory().setUsers(removeLocalDirectoryUser())
if app != None:
uvmContext.appManager().destroy(app.getAppSettings()["id"])
app = None
if appAD != None:
uvmContext.appManager().destroy(appAD.getAppSettings()["id"])
appAD = None
if appWeb != None:
uvmContext.appManager().destroy(appWeb.getAppSettings()["id"])
appWeb = None
def initialSetUp(self):
global appData, app, appDataRD, appDataAD, appAD, appWeb, adResult, radiusResult, test_untangle_com_ip, captureIP
if (uvmContext.appManager().isInstantiated(self.appName())):
print "ERROR: App %s already installed" % self.appName()
raise unittest2.SkipTest('app %s already instantiated' %
self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
defaultRackId)
appData = app.getCaptivePortalSettings()
if (uvmContext.appManager().isInstantiated(self.appNameAD())):
print "ERROR: App %s already installed" % self.appNameAD()
raise unittest2.SkipTest('app %s already instantiated' %
self.appName())
appAD = uvmContext.appManager().instantiate(self.appNameAD(),
defaultRackId)
appDataAD = appAD.getSettings().get('activeDirectorySettings')
appDataRD = appAD.getSettings().get('radiusSettings')
if (uvmContext.appManager().isInstantiated(self.appNameWeb())):
print "ERROR: App %s already installed" % self.appNameWeb()
raise unittest2.SkipTest('app %s already instantiated' %
self.appNameWeb())
appWeb = uvmContext.appManager().instantiate(self.appNameWeb(),
defaultRackId)
adResult = subprocess.call(
["ping", "-c", "1", global_functions.adServer],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
radiusResult = subprocess.call(
["ping", "-c", "1", global_functions.radiusServer],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
# Create local directory user 'test20'
uvmContext.localDirectory().setUsers(createLocalDirectoryUser())
# Get the IP address of test.untangle.com
test_untangle_com_ip = socket.gethostbyname("test.untangle.com")
# remove previous temp files
remote_control.run_command("rm -f /tmp/capture_test_*")
def test_070_createClientVPNTunnelLocalUserPass(self):
global appData, vpnServerResult, vpnClientResult
if (vpnClientResult != 0 or vpnServerResult != 0):
raise unittest2.SkipTest("No paried VPN client available")
pre_events_connect = global_functions.get_app_metric_value(
app, "connect")
running = remote_control.run_command(
"pidof openvpn",
host=global_functions.VPN_CLIENT_IP,
)
loopLimit = 5
while ((running == 0) and (loopLimit > 0)):
# OpenVPN is running, wait 5 sec to see if openvpn is done
loopLimit -= 1
time.sleep(5)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if loopLimit == 0:
# try killing the openvpn session as it is probably stuck
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
time.sleep(2)
running = remote_control.run_command(
"pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if running == 0:
raise unittest2.SkipTest("OpenVPN test machine already in use")
appData = app.getSettings()
appData["serverEnabled"] = True
siteName = appData['siteName']
appData['exports']['list'].append(
create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
#enable user/password authentication, set to local directory
appData['authUserPass'] = True
appData["authenticationType"] = "LOCAL_DIRECTORY"
app.setSettings(appData)
clientLink = app.getClientDistributionDownloadLink(
vpnClientName, "zip")
#create Local Directory User for authentication
uvmContext.localDirectory().setUsers(createLocalDirectoryUser())
#download, unzip, move config to correct directory
result = configureVPNClientForConnection(clientLink)
assert (result == 0)
#create credentials file containing username/password
remote_control.run_command("echo " + ovpnlocaluser +
" > /tmp/authUserPassFile; echo " +
ovpnPasswd + " >> /tmp/authUserPassFile",
host=global_functions.VPN_CLIENT_IP)
#connect to openvpn using the file
remote_control.run_command(
"cd /etc/openvpn; sudo nohup openvpn --config " + siteName +
".conf --auth-user-pass /tmp/authUserPassFile >/dev/null 2>&1 &",
host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
# fail if tunnel doesn't connect
assert (timeout > 0)
# ping the test host behind the Untangle from the remote testbox
result = remote_control.run_command(
"ping -c 2 " + remote_control.clientIP,
host=global_functions.VPN_CLIENT_IP)
listOfClients = app.getActiveClients()
print("address " + listOfClients['list'][0]['address'])
print("vpn address 1 " + listOfClients['list'][0]['poolAddress'])
host_result = remote_control.run_command("host test.untangle.com",
stdout=True)
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}',
host_result)
ip_address_testuntangle = (match.group()).replace('address ', '')
# stop the vpn tunnel on remote box
remote_control.run_command("sudo pkill openvpn",
host=global_functions.VPN_CLIENT_IP)
# openvpn takes time to shut down
time.sleep(3)
assert (result == 0)
assert (listOfClients['list'][0]['address'] ==
global_functions.VPN_CLIENT_IP)
events = global_functions.get_events('OpenVPN', 'Connection Events',
None, 1)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
'remote_address',
global_functions.VPN_CLIENT_IP,
'client_name', vpnClientName)
assert (found)
# Check to see if the faceplate counters have incremented.
post_events_connect = global_functions.get_app_metric_value(
app, "connect")
assert (pre_events_connect < post_events_connect)
#remove Local Directory User
uvmContext.localDirectory().setUsers(removeLocalDirectoryUser())
