vpn

package
v0.0.0-...-683b059 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2022 License: BSD-3-Clause Imports: 21 Imported by: 0

Documentation

Overview

Package vpn provides utilities for setting up VPN clients and/or servers on DUT.

Index

Constants

View Source 
const (
	TypeIKEv2     = "IKEv2"
	TypeL2TPIPsec = "L2TP/IPsec"
	TypeOpenVPN   = "OpenVPN"
	TypeWireGuard = "WireGuard"

	// b/204261554: Temporary VPN types for the two drivers of L2TP/IPsec. Can
	// be removed after the swanctl migration is done.
	TypeL2TPIPsecStroke  = "L2TP/IPsec-stroke"
	TypeL2TPIPsecSwanctl = "L2TP/IPsec-swanctl"
)

VPN types.

View Source 
const (
	AuthTypeCert = "cert"
	AuthTypeEAP  = "eap"
	AuthTypePSK  = "psk"
)

Authentication types.

Variables

This section is empty.

Functions

func ExpectPingSuccess 

func ExpectPingSuccess(ctx context.Context, pr *ping.Runner, addr string) error

ExpectPingSuccess pings 'addr' and expects the ping to succeed. Returns an error otherwise.

func VerifyVPNProfile 

func VerifyVPNProfile(ctx context.Context, m *shill.Manager, serviceGUID string, verifyConnect bool) error

VerifyVPNProfile verifies a VPN service with certain GUID exists in shill, and can be connected if |verifyConnect| set to true.

Types

type Config 

type Config struct {
	Type     string
	AuthType string

	// Parameters for an L2TP/IPsec VPN connection.
	IPsecUseXauth         bool
	IPsecXauthMissingUser bool
	IPsecXauthWrongUser   bool
	UnderlayIPIsOverlayIP bool

	// Parameters for an OpenVPN connection.
	OpenVPNUseUserPassword        bool
	OpenVPNCertVerify             bool
	OpenVPNCertVerifyWrongHash    bool
	OpenVPNCertVeirfyWrongSubject bool
	OpenVPNCertVerifyWrongCN      bool
	OpenVPNCertVerifyCNOnly       bool

	// Parameters for a WireGuard connection.
	// WGTwoPeers indicates whether the connection will use one peer or two
	// peers. If true, two peers will be created in two separate network
	// namespace, and the service will use a split routing (for the subnet
	// ranges, see createWireGuardProperties()); if false, the default route
	// ("0.0.0.0/0") to this unique peer will be used.
	WGTwoPeers bool
	// WGAutoGenKey indicates whether letting shill generate the private key for
	// the client side.
	WGAutoGenKey bool
}

Config contains the parameters (for both client and server) to configure a VPN connection.

type Connection 

type Connection struct {
	Server       *Server
	SecondServer *Server
	// contains filtered or unexported fields
}

Connection represents a VPN connection can be used in the test.

func NewConnection 

func NewConnection(ctx context.Context, config Config) (*Connection, error)

NewConnection creates a new connection object. Notes:

  • It is the responsibility of the caller to call Cleanup() when the VPN connection is no longer needed.
  • During connection, we need to modify the profile of shill to configure the VPN client. So the "resetShill" fixture is suggested to make sure that we have a clean shill setup before and after the test.

Example: the following code can be used to set up a basic L2TP/IPsec VPN connection: 

vpn.NewConnection(ctx, vpn.Config{
    Type: vpn.TypeL2TPIPsec, AuthType: vpn.AuthTypePSK,
})

Also see vpn_connect.go for a typical usage for this struct.

func (*Connection) Cleanup 

func (c *Connection) Cleanup(ctx context.Context) error

Cleanup removes the service from shill, and releases other resources used for the connection. Callers don't necessarily need to call Disconnect() before this.

func (*Connection) Connect 

func (c *Connection) Connect(ctx context.Context) (bool, error)

Connect lets shill connect to the VPN server. Returns whether the connection is established successfully.

func (*Connection) Disconnect 

func (c *Connection) Disconnect(ctx context.Context) error

Disconnect will disconnect the shill service. This does not clean up the VPN server and callers should still call Cleanup().

func (*Connection) SetUp 

func (c *Connection) SetUp(ctx context.Context) error

SetUp starts the VPN server and configures the VPN service (client) in shill. Callers still need to call Connect() on the connection before it's ready for use.

type Server 

type Server struct {
	OverlayIP  string
	UnderlayIP string
	// contains filtered or unexported fields
}

Server represents a VPN server that can be used in the test.

func StartIKEv2Server 

func StartIKEv2Server(ctx context.Context, authType string) (*Server, error)

StartIKEv2Server starts an IKEv2 server.

func StartL2TPIPsecServer 

func StartL2TPIPsecServer(ctx context.Context, authType string, ipsecUseXauth, underlayIPIsOverlayIP bool) (*Server, error)

StartL2TPIPsecServer starts a L2TP/IPsec server.

func StartOpenVPNServer 

func StartOpenVPNServer(ctx context.Context, useUserPassword bool) (*Server, error)

StartOpenVPNServer starts an OpenVPN server.

func StartWireGuardServer 

func StartWireGuardServer(ctx context.Context, clientPublicKey string, usePSK, isSecondServer bool) (*Server, error)

StartWireGuardServer starts a WireGuard server.

func (*Server) Exit 

func (s *Server) Exit(ctx context.Context) error

Exit does a best effort to stop the server, log the contents, and shut down the chroot.

func (*Server) SetupInternetAccess 

func (s *Server) SetupInternetAccess(ctx context.Context) error

SetupInternetAccess setup internet connectivity for VPN server.

func (*Server) StopServer 

func (s *Server) StopServer(ctx context.Context) error

StopServer stop VPN server instance.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.