server/site_tests/network_VPN/100IPSecCertificates - mirrors/cros/chromiumos/third_party/autotest - Git at Google

 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 #
 # An example of how to set up a certificate-based IPSec VPN from the Client
 # (DUT), through the Router to to the Server.
 #

 { "name" : "VPNIPsecCertificates",
   "steps":[
     #  Create WiFi connection from Client to Router.
     [ "create",         { "type" : "hostap" } ],
     [ "config",         { "channel" : "2412", "mode" : "11b" } ],
     [ "connect",        { "security" : "none" } ],

     [ "install_files",  {
         "system" : "server",
         "files" : {
             "/etc/ipsec.d/cacerts/ca.crt" : site_eap_certs.ca_cert_1,
             "/etc/ipsec.d/certs/server.crt" : site_eap_certs.server_cert_1,
             "/etc/ipsec.d/private/server.key" :
                 site_eap_certs.server_private_key_1
     }}],

     [ "vpn_server_config", { "kind" : "l2tpipsec-cert",
                              "replacements" : { "@plutodebug@" : "all" }}],

     # Reset the TPM to a known state.
     [ "initialize_tpm", { } ],

     # Install the CA certificate into the TPM.  This will be used to generate
     # the client certificate chain while authenticating to the server.
     [ "install_tpm_object", { "data" : site_eap_certs.ca_cert_1,
                               "id" : site_eap_certs.ca_cert_1_tpm_key_id,
                               "object_type" : "cert" } ],

     # Install the client certificate into the TPM.
     [ "install_tpm_object", { "data" : site_eap_certs.client_cert_1,
                               "id" : site_eap_certs.cert_1_tpm_key_id,
                               "object_type" : "cert" } ],

     # Install the client private key.  Note that this key ID must be the
     # same as the cert ID above due to limitations on how VPN services are
     # configured in shill and vpn-manager.
     [ "install_tpm_object", { "data" : site_eap_certs.client_private_key_1,
                               "id" : site_eap_certs.cert_1_tpm_key_id,
                               "object_type" : "key" } ],

     # Create an NSS database that contains the server certificate.  This
     # will be used to verify the certificate on the remote server.
     [ "initialize_nss" ],
     [ "install_nss_certificate", { "data": site_eap_certs.ca_cert_1,
                                    "id" : site_eap_certs.cert_1_nss_cert_id } ],

     #  Launch the VPN Client.
     [ "vpn_client_connect", {
         "kind" : "l2tpipsec-cert",
         "password" : "password",
         "chapuser" : "chapuser",
         "chapsecret" : "chapsecret",
         "certid" : site_eap_certs.cert_1_tpm_key_id,
         "keyid" : site_eap_certs.key_1_tpm_key_id,
         "cacertid" : site_eap_certs.cert_1_nss_cert_id
     }],

     # Verify the client is connected to the server
     [ "client_ping",       { "ping_ip" : "192.168.1.99", # IP in xl2tpd.conf.
                              "count" : "10" } ],

     [ "vpn_client_kill" ],       # Shut down the VPN Client.
     [ "vpn_server_kill" ],       # Shut down the VPN Server.
     [ "disconnect" ]             # Disconnect WiFi setup.
   ],
 }
	# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.
	#
	# An example of how to set up a certificate-based IPSec VPN from the Client
	# (DUT), through the Router to to the Server.
	#

	{ "name" : "VPNIPsecCertificates",
	"steps":[
	# Create WiFi connection from Client to Router.
	[ "create", { "type" : "hostap" } ],
	[ "config", { "channel" : "2412", "mode" : "11b" } ],
	[ "connect", { "security" : "none" } ],

	[ "install_files", {
	"system" : "server",
	"files" : {
	"/etc/ipsec.d/cacerts/ca.crt" : site_eap_certs.ca_cert_1,
	"/etc/ipsec.d/certs/server.crt" : site_eap_certs.server_cert_1,
	"/etc/ipsec.d/private/server.key" :
	site_eap_certs.server_private_key_1
	}}],

	[ "vpn_server_config", { "kind" : "l2tpipsec-cert",
	"replacements" : { "@plutodebug@" : "all" }}],

	# Reset the TPM to a known state.
	[ "initialize_tpm", { } ],

	# Install the CA certificate into the TPM. This will be used to generate
	# the client certificate chain while authenticating to the server.
	[ "install_tpm_object", { "data" : site_eap_certs.ca_cert_1,
	"id" : site_eap_certs.ca_cert_1_tpm_key_id,
	"object_type" : "cert" } ],

	# Install the client certificate into the TPM.
	[ "install_tpm_object", { "data" : site_eap_certs.client_cert_1,
	"id" : site_eap_certs.cert_1_tpm_key_id,
	"object_type" : "cert" } ],

	# Install the client private key. Note that this key ID must be the
	# same as the cert ID above due to limitations on how VPN services are
	# configured in shill and vpn-manager.
	[ "install_tpm_object", { "data" : site_eap_certs.client_private_key_1,
	"id" : site_eap_certs.cert_1_tpm_key_id,
	"object_type" : "key" } ],

	# Create an NSS database that contains the server certificate. This
	# will be used to verify the certificate on the remote server.
	[ "initialize_nss" ],
	[ "install_nss_certificate", { "data": site_eap_certs.ca_cert_1,
	"id" : site_eap_certs.cert_1_nss_cert_id } ],

	# Launch the VPN Client.
	[ "vpn_client_connect", {
	"kind" : "l2tpipsec-cert",
	"password" : "password",
	"chapuser" : "chapuser",
	"chapsecret" : "chapsecret",
	"certid" : site_eap_certs.cert_1_tpm_key_id,
	"keyid" : site_eap_certs.key_1_tpm_key_id,
	"cacertid" : site_eap_certs.cert_1_nss_cert_id
	}],

	# Verify the client is connected to the server
	[ "client_ping", { "ping_ip" : "192.168.1.99", # IP in xl2tpd.conf.
	"count" : "10" } ],

	[ "vpn_client_kill" ], # Shut down the VPN Client.
	[ "vpn_server_kill" ], # Shut down the VPN Server.
	[ "disconnect" ] # Disconnect WiFi setup.
	],
	}