| # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| # |
| # An example of how to set up a certificate-based IPSec VPN from the Client |
| # (DUT), through the Router to to the Server. |
| # |
| |
| { "name" : "VPNIPsecCertificates", |
| "steps":[ |
| # Create WiFi connection from Client to Router. |
| [ "create", { "type" : "hostap" } ], |
| [ "config", { "channel" : "2412", "mode" : "11b" } ], |
| [ "connect", { "security" : "none" } ], |
| |
| [ "install_files", { |
| "system" : "server", |
| "files" : { |
| "/etc/ipsec.d/cacerts/ca.crt" : site_eap_certs.ca_cert_1, |
| "/etc/ipsec.d/certs/server.crt" : site_eap_certs.server_cert_1, |
| "/etc/ipsec.d/private/server.key" : |
| site_eap_certs.server_private_key_1 |
| }}], |
| |
| [ "vpn_server_config", { "kind" : "l2tpipsec-cert", |
| "replacements" : { "@plutodebug@" : "all" }}], |
| |
| # Reset the TPM to a known state. |
| [ "initialize_tpm", { } ], |
| |
| # Install the CA certificate into the TPM. This will be used to generate |
| # the client certificate chain while authenticating to the server. |
| [ "install_tpm_object", { "data" : site_eap_certs.ca_cert_1, |
| "id" : site_eap_certs.ca_cert_1_tpm_key_id, |
| "object_type" : "cert" } ], |
| |
| # Install the client certificate into the TPM. |
| [ "install_tpm_object", { "data" : site_eap_certs.client_cert_1, |
| "id" : site_eap_certs.cert_1_tpm_key_id, |
| "object_type" : "cert" } ], |
| |
| # Install the client private key. Note that this key ID must be the |
| # same as the cert ID above due to limitations on how VPN services are |
| # configured in shill and vpn-manager. |
| [ "install_tpm_object", { "data" : site_eap_certs.client_private_key_1, |
| "id" : site_eap_certs.cert_1_tpm_key_id, |
| "object_type" : "key" } ], |
| |
| # Create an NSS database that contains the server certificate. This |
| # will be used to verify the certificate on the remote server. |
| [ "initialize_nss" ], |
| [ "install_nss_certificate", { "data": site_eap_certs.ca_cert_1, |
| "id" : site_eap_certs.cert_1_nss_cert_id } ], |
| |
| # Launch the VPN Client. |
| [ "vpn_client_connect", { |
| "kind" : "l2tpipsec-cert", |
| "password" : "password", |
| "chapuser" : "chapuser", |
| "chapsecret" : "chapsecret", |
| "certid" : site_eap_certs.cert_1_tpm_key_id, |
| "keyid" : site_eap_certs.key_1_tpm_key_id, |
| "cacertid" : site_eap_certs.cert_1_nss_cert_id |
| }], |
| |
| # Verify the client is connected to the server |
| [ "client_ping", { "ping_ip" : "192.168.1.99", # IP in xl2tpd.conf. |
| "count" : "10" } ], |
| |
| [ "vpn_client_kill" ], # Shut down the VPN Client. |
| [ "vpn_server_kill" ], # Shut down the VPN Server. |
| [ "disconnect" ] # Disconnect WiFi setup. |
| ], |
| } |