if_ovpn tests: fix route_to test case
* Move the .254 address to the tunnel device so we reply through the tunnel. * Remove the network route to 'break' routing, which we then 'fix' with pf's route-to, which is the functionality we wanted to test in the first place. Reported by: markj Sponsored by: Rubicon Communications, LLC ("Netgate")
This commit is contained in:
parent
f7ee28e755
commit
f76df4718d
@ -91,6 +91,8 @@ atf_test_case "4in4" "cleanup"
|
|||||||
# Give the tunnel time to come up
|
# Give the tunnel time to come up
|
||||||
sleep 10
|
sleep 10
|
||||||
|
|
||||||
|
atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.1
|
||||||
|
|
||||||
echo 'foo' | jexec b nc -u -w 2 192.0.2.1 1194
|
echo 'foo' | jexec b nc -u -w 2 192.0.2.1 1194
|
||||||
atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
|
atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
|
||||||
}
|
}
|
||||||
@ -702,7 +704,6 @@ route_to_body()
|
|||||||
|
|
||||||
vnet_mkjail a ${l}a
|
vnet_mkjail a ${l}a
|
||||||
jexec a ifconfig ${l}a 192.0.2.1/24 up
|
jexec a ifconfig ${l}a 192.0.2.1/24 up
|
||||||
jexec a ifconfig ${l}a inet alias 198.51.100.254/24
|
|
||||||
vnet_mkjail b ${l}b ${n}a
|
vnet_mkjail b ${l}b ${n}a
|
||||||
jexec b ifconfig ${l}b 192.0.2.2/24 up
|
jexec b ifconfig ${l}b 192.0.2.2/24 up
|
||||||
jexec b ifconfig ${n}a up
|
jexec b ifconfig ${n}a up
|
||||||
@ -751,26 +752,23 @@ route_to_body()
|
|||||||
|
|
||||||
# Give the tunnel time to come up
|
# Give the tunnel time to come up
|
||||||
sleep 10
|
sleep 10
|
||||||
|
jexec a ifconfig ovpn0 inet alias 198.51.100.254/24
|
||||||
|
|
||||||
# Check the tunnel
|
# Check the tunnel
|
||||||
atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.1
|
atf_check -s exit:0 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.1
|
||||||
atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.254
|
atf_check -s exit:0 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.254
|
||||||
|
|
||||||
# Break our routes so that we need a route-to to make things work.
|
# Break our route to .254 so that we need a route-to to make things work.
|
||||||
jexec b ifconfig ${n}a 198.51.100.3/24
|
jexec b ifconfig ${n}a 203.0.113.1/24 up
|
||||||
atf_check -s exit:2 -o ignore jexec b ping -c 1 -t 1 -S 198.51.100.2 198.51.100.254
|
jexec b route add 198.51.100.254 -interface ${n}a
|
||||||
|
|
||||||
|
# Make sure it's broken.
|
||||||
|
atf_check -s exit:2 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.254
|
||||||
|
|
||||||
jexec b pfctl -e
|
jexec b pfctl -e
|
||||||
pft_set_rules b \
|
pft_set_rules b \
|
||||||
"pass out route-to (tun0 198.51.100.1) proto icmp from 198.51.100.2 "
|
"pass out route-to (tun0 198.51.100.1) proto icmp from 198.51.100.2 "
|
||||||
atf_check -s exit:0 -o ignore jexec b ping -c 3 -S 198.51.100.2 198.51.100.254
|
atf_check -s exit:0 -o ignore jexec b ping -c 3 -S 198.51.100.2 198.51.100.254
|
||||||
|
|
||||||
# And this keeps working even if we don't have a route to 198.51.100.0/24 via if_ovpn
|
|
||||||
jexec b route del -net 198.51.100.0/24
|
|
||||||
jexec b route add -net 198.51.100.0/24 -interface ${n}a
|
|
||||||
pft_set_rules b \
|
|
||||||
"pass out route-to (tun0 198.51.100.3) proto icmp from 198.51.100.2 "
|
|
||||||
atf_check -s exit:0 -o ignore jexec b ping -c 3 -S 198.51.100.2 198.51.100.254
|
|
||||||
}
|
}
|
||||||
|
|
||||||
route_to_cleanup()
|
route_to_cleanup()
|
||||||
|
Loading…
Reference in New Issue
Block a user