| # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| # |
| # An example of how to set up a certificate-based IPSec VPN from the Client |
| # (DUT), through the Router to to the Server. |
| # |
| |
| { "name" : "VPNIPsecCertificates", |
| "steps":[ |
| # Create WiFi connection from Client to Router. |
| [ "create", { "type" : "hostap" } ], |
| [ "config", { "channel" : "2412", "mode" : "11b" } ], |
| [ "connect", { "security" : "none" } ], |
| |
| [ "install_files", { "system" : "server", |
| "files" : |
| { "/etc/ipsec.d/cacerts/ca.crt": |
| site_eap_certs.ca_cert_1, |
| "/etc/ipsec.d/certs/server.crt": |
| site_eap_certs.server_cert_1, |
| "/etc/ipsec.d/private/server.key": |
| site_eap_certs.server_private_key_1, |
| }}], |
| [ "install_files", { "system" : "client", |
| "files" : |
| { "/tmp/vpn-ca.crt": |
| site_eap_certs.ca_cert_1, |
| "/tmp/vpn-client.crt": |
| site_eap_certs.client_cert_1, |
| "/tmp/vpn-client.key": |
| site_eap_certs.client_private_key_1 |
| }}], |
| |
| # The text '@ipsecrets-ip@' is automtically replaced with the |
| # correct server IP for the current test configuration, and should |
| # not be replaced through this list of steps; in fact, any |
| # replacements will be automatically overridden. |
| # |
| # The text '@local-listen-ip@' is also replaced with the IP number |
| # of the interface connected to the WiFi router. The default is |
| # 'wifi_addr' (192.168.2.254), and it should not be replaced this |
| # list of steps; in fact, any replacements will be automatically |
| # overridden. Configure and launch the VPN server. Automatically |
| # kills any previously running server. |
| # |
| [ "vpn_server_config", { |
| "kind" : "l2tpipsec-cert", |
| "replacements" : { "@plutodebug@" : "all" }}], |
| |
| # Launch the VPN Client. |
| [ "vpn_client_config", { |
| "kind" : "l2tpipsec-cert", |
| "password" : "password", # ipsec.secrets |
| "chapuser" : "chapuser", # chap-secrets |
| "chapsecret" : "chapsecret", # chap-secrets |
| "files" : { "ca-certificate" : "/tmp/vpn-ca.crt", |
| "client-certificate" : "/tmp/vpn-client.crt", |
| "client-key" : "/tmp/vpn-client.key", }}], |
| |
| # Verify the client is connected to the server |
| [ "client_ping", { "ping_ip" : "192.168.1.99", # IP in xl2tpd.conf. |
| "count" : "10" } ], |
| |
| [ "vpn_client_kill" ], # Shut down the VPN Client. |
| [ "vpn_server_kill" ], # Shut down the VPN Server. |
| [ "disconnect" ], # Disconnect WiFi setup |
| ], |
| } |