| # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| # |
| # An example of how to set up an OpenVPN VPN from the Client (DUT), |
| # through the Router to to the Server. |
| # |
| |
| { "name":"VPNGenesis", |
| "steps":[ |
| # Create WiFi connection from Client to Router. |
| [ "create", { "type":"hostap" } ], |
| [ "config", { "channel":"2412", "mode":"11b" } ], |
| [ "connect", { "security":"none" } ], |
| |
| # Create Client & Server VPN configurations. |
| # |
| # o Install certficiates files on Server, and Client. |
| # o Create VPN configuration on the Server. |
| |
| [ "install_files", { "system" : "server", |
| "files" : |
| { "/tmp/vpn-ca.crt": |
| site_eap_certs.ca_cert_1, |
| "/tmp/vpn-server.crt": |
| site_eap_certs.server_cert_1, |
| "/tmp/vpn-server.key": |
| site_eap_certs.server_private_key_1, |
| "/tmp/vpn-dh1024.pem": |
| site_eap_certs.dh1024_pem_key_1 |
| }}], |
| [ "install_files", { "system" : "client", |
| "files" : |
| { "/tmp/vpn-ca.crt": |
| site_eap_certs.ca_cert_1, |
| "/tmp/vpn-client.crt": |
| site_eap_certs.client_cert_1, |
| "/tmp/vpn-client.key": |
| site_eap_certs.client_private_key_1 |
| }}], |
| |
| # Configure and launch the VPN server. Automatically kills any |
| # previously running server. |
| # |
| # There are two vpn_server_config() uses to ensure that the |
| # internal configuration is persistent across invocations. |
| # |
| [ "vpn_server_config", { "kind" : "openvpn", |
| "config" : |
| { "port":"1194", |
| "proto":"udp", |
| "dev":"tun", |
| "ca":"/tmp/vpn-ca.crt", |
| "cert":"/tmp/vpn-server.crt", |
| "key":"/tmp/vpn-server.key", |
| "dh":"/tmp/vpn-dh1024.pem", |
| "server":"10.8.0.0 255.255.255.0", |
| "ifconfig-pool-persist":"/tmp/ipp.txt", |
| "keepalive":"10 120", |
| "persist-key":"", |
| "persist-tun":"", |
| "status":"/tmp/openvpn-status.log", |
| "verb":"0" |
| } |
| }], |
| # Having two vpn_server_config invocations back-to-back results in |
| # a failure with 'pkill' right after an rspro boot. There seems |
| # to be some significant latency when starting the first time, so |
| # slow the system down a tad to avoid spurious errors. |
| [ "sleep", { "time": "1" } ], |
| [ "vpn_server_config", { "kind" : "openvpn", |
| "config" : { "comp-lzo":"" } |
| }], |
| # Launch the VPN Client. |
| [ "vpn_client_load_tunnel" ], |
| [ "vpn_client_config", { "kind":"openvpn", |
| "files":{ |
| "ca-certificate":"/tmp/vpn-ca.crt", |
| "client-certificate":"/tmp/vpn-client.crt", |
| "client-key":"/tmp/vpn-client.key" }, |
| "remote-cert-tls":"none" |
| }], |
| # Verify the client is connected to the server |
| [ "client_ping", { "ping_ip":"10.8.0.1", |
| "count":"10" } ], |
| |
| # Ensure the VPN also works with the client-side default of |
| # '--remote-cert-tls server'. |
| [ "vpn_client_config", { "kind":"openvpn", |
| "files":{ |
| "ca-certificate":"/tmp/vpn-ca.crt", |
| "client-certificate":"/tmp/vpn-client.crt", |
| "client-key":"/tmp/vpn-client.key" }, |
| }], |
| # Verify the client is connected to the server |
| [ "client_ping", { "ping_ip":"10.8.0.1", |
| "count":"10" } ], |
| |
| [ "vpn_server_kill" ], # Shut down the VPN Server. |
| [ "vpn_client_kill" ], # Shut down the VPN Client. |
| [ "disconnect" ], # Disconnect WiFi setup |
| ], |
| } |