server/site_tests/network_VPN/100IPSecCertificates - mirrors/cros/chromiumos/third_party/autotest - Git at Google

 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 #
 # An example of how to set up a certificate-based IPSec VPN from the Client
 # (DUT), through the Router to to the Server.
 #

 { "name" : "VPNIPsecCertificates",
   "steps":[
     #  Create WiFi connection from Client to Router.
     [ "create",         { "type" : "hostap" } ],
     [ "config",         { "channel" : "2412", "mode" : "11b" } ],
     [ "connect",        { "security" : "none" } ],

     [ "install_files",     { "system" : "server",
                              "files" :
                                  { "/etc/ipsec.d/cacerts/ca.crt":
                                        site_eap_certs.ca_cert_1,
                                    "/etc/ipsec.d/certs/server.crt":
                                        site_eap_certs.server_cert_1,
                                    "/etc/ipsec.d/private/server.key":
                                        site_eap_certs.server_private_key_1,
                                    }}],
     [ "install_files",     { "system" : "client",
                              "files" :
                                  { "/tmp/vpn-ca.crt":
                                        site_eap_certs.ca_cert_1,
                                    "/tmp/vpn-client.crt":
                                        site_eap_certs.client_cert_1,
                                    "/tmp/vpn-client.key":
                                        site_eap_certs.client_private_key_1
                                    }}],

     # The text '@ipsecrets-ip@' is automtically replaced with the
     # correct server IP for the current test configuration, and should
     # not be replaced through this list of steps; in fact, any
     # replacements will be automatically overridden.
     #
     # The text '@local-listen-ip@' is also replaced with the IP number
     # of the interface connected to the WiFi router.  The default is
     # 'wifi_addr' (192.168.2.254), and it should not be replaced this
     # list of steps; in fact, any replacements will be automatically
     # overridden.  Configure and launch the VPN server.  Automatically
     # kills any previously running server.
     #
     [ "vpn_server_config", {
                 "kind" : "l2tpipsec-cert",
                 "replacements" : { "@plutodebug@" : "all" }}],

     #  Launch the VPN Client.
     [ "vpn_client_config", {
         "kind"       : "l2tpipsec-cert",
         "password"   : "password",   # ipsec.secrets
         "chapuser"   : "chapuser",   # chap-secrets
         "chapsecret" : "chapsecret", # chap-secrets
         "files"      : { "ca-certificate" : "/tmp/vpn-ca.crt",
                          "client-certificate" : "/tmp/vpn-client.crt",
                          "client-key" : "/tmp/vpn-client.key", }}],

     # Verify the client is connected to the server
     [ "client_ping",       { "ping_ip" : "192.168.1.99", # IP in xl2tpd.conf.
                              "count" : "10" } ],

     [ "vpn_client_kill" ],       # Shut down the VPN Client.
     [ "vpn_server_kill" ],       # Shut down the VPN Server.
     [ "disconnect" ],            # Disconnect WiFi setup
     ],
 }
	# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.
	#
	# An example of how to set up a certificate-based IPSec VPN from the Client
	# (DUT), through the Router to to the Server.
	#

	{ "name" : "VPNIPsecCertificates",
	"steps":[
	# Create WiFi connection from Client to Router.
	[ "create", { "type" : "hostap" } ],
	[ "config", { "channel" : "2412", "mode" : "11b" } ],
	[ "connect", { "security" : "none" } ],

	[ "install_files", { "system" : "server",
	"files" :
	{ "/etc/ipsec.d/cacerts/ca.crt":
	site_eap_certs.ca_cert_1,
	"/etc/ipsec.d/certs/server.crt":
	site_eap_certs.server_cert_1,
	"/etc/ipsec.d/private/server.key":
	site_eap_certs.server_private_key_1,
	}}],
	[ "install_files", { "system" : "client",
	"files" :
	{ "/tmp/vpn-ca.crt":
	site_eap_certs.ca_cert_1,
	"/tmp/vpn-client.crt":
	site_eap_certs.client_cert_1,
	"/tmp/vpn-client.key":
	site_eap_certs.client_private_key_1
	}}],

	# The text '@ipsecrets-ip@' is automtically replaced with the
	# correct server IP for the current test configuration, and should
	# not be replaced through this list of steps; in fact, any
	# replacements will be automatically overridden.
	#
	# The text '@local-listen-ip@' is also replaced with the IP number
	# of the interface connected to the WiFi router. The default is
	# 'wifi_addr' (192.168.2.254), and it should not be replaced this
	# list of steps; in fact, any replacements will be automatically
	# overridden. Configure and launch the VPN server. Automatically
	# kills any previously running server.
	#
	[ "vpn_server_config", {
	"kind" : "l2tpipsec-cert",
	"replacements" : { "@plutodebug@" : "all" }}],

	# Launch the VPN Client.
	[ "vpn_client_config", {
	"kind" : "l2tpipsec-cert",
	"password" : "password", # ipsec.secrets
	"chapuser" : "chapuser", # chap-secrets
	"chapsecret" : "chapsecret", # chap-secrets
	"files" : { "ca-certificate" : "/tmp/vpn-ca.crt",
	"client-certificate" : "/tmp/vpn-client.crt",
	"client-key" : "/tmp/vpn-client.key", }}],

	# Verify the client is connected to the server
	[ "client_ping", { "ping_ip" : "192.168.1.99", # IP in xl2tpd.conf.
	"count" : "10" } ],

	[ "vpn_client_kill" ], # Shut down the VPN Client.
	[ "vpn_server_kill" ], # Shut down the VPN Server.
	[ "disconnect" ], # Disconnect WiFi setup
	],
	}