| #!/bin/bash |
| # SPDX-License-Identifier: GPL-2.0 |
| # Copyright (C) 2020-2025 OpenVPN, Inc. |
| # |
| # Author: Antonio Quartulli <antonio@openvpn.net> |
| |
| #set -x |
| set -e |
| |
| source ./common.sh |
| |
| cleanup |
| |
| modprobe -q ovpn || true |
| |
| for p in $(seq 0 ${NUM_PEERS}); do |
| create_ns ${p} |
| done |
| |
| for p in $(seq 0 ${NUM_PEERS}); do |
| setup_ns ${p} 5.5.5.$((${p} + 1))/24 ${MTU} |
| done |
| |
| for p in $(seq 0 ${NUM_PEERS}); do |
| add_peer ${p} |
| done |
| |
| for p in $(seq 1 ${NUM_PEERS}); do |
| ip netns exec peer0 ${OVPN_CLI} set_peer tun0 ${p} 60 120 |
| ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} ${p} 60 120 |
| done |
| |
| sleep 1 |
| |
| for p in $(seq 1 ${NUM_PEERS}); do |
| ip netns exec peer0 ping -qfc 500 -w 3 5.5.5.$((${p} + 1)) |
| ip netns exec peer0 ping -qfc 500 -s 3000 -w 3 5.5.5.$((${p} + 1)) |
| done |
| |
| # ping LAN behind client 1 |
| ip netns exec peer0 ping -qfc 500 -w 3 ${LAN_IP} |
| |
| if [ "$FLOAT" == "1" ]; then |
| # make clients float.. |
| for p in $(seq 1 ${NUM_PEERS}); do |
| ip -n peer${p} addr del 10.10.${p}.2/24 dev veth${p} |
| ip -n peer${p} addr add 10.10.${p}.3/24 dev veth${p} |
| done |
| for p in $(seq 1 ${NUM_PEERS}); do |
| ip netns exec peer${p} ping -qfc 500 -w 3 5.5.5.1 |
| done |
| fi |
| |
| ip netns exec peer0 iperf3 -1 -s & |
| sleep 1 |
| ip netns exec peer1 iperf3 -Z -t 3 -c 5.5.5.1 |
| |
| echo "Adding secondary key and then swap:" |
| for p in $(seq 1 ${NUM_PEERS}); do |
| ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 2 1 ${ALG} 0 data64.key |
| ip netns exec peer${p} ${OVPN_CLI} new_key tun${p} ${p} 2 1 ${ALG} 1 data64.key |
| ip netns exec peer${p} ${OVPN_CLI} swap_keys tun${p} ${p} |
| done |
| |
| sleep 1 |
| |
| echo "Querying all peers:" |
| ip netns exec peer0 ${OVPN_CLI} get_peer tun0 |
| ip netns exec peer1 ${OVPN_CLI} get_peer tun1 |
| |
| echo "Querying peer 1:" |
| ip netns exec peer0 ${OVPN_CLI} get_peer tun0 1 |
| |
| echo "Querying non-existent peer 10:" |
| ip netns exec peer0 ${OVPN_CLI} get_peer tun0 10 || true |
| |
| echo "Deleting peer 1:" |
| ip netns exec peer0 ${OVPN_CLI} del_peer tun0 1 |
| ip netns exec peer1 ${OVPN_CLI} del_peer tun1 1 |
| |
| echo "Querying keys:" |
| for p in $(seq 2 ${NUM_PEERS}); do |
| ip netns exec peer${p} ${OVPN_CLI} get_key tun${p} ${p} 1 |
| ip netns exec peer${p} ${OVPN_CLI} get_key tun${p} ${p} 2 |
| done |
| |
| echo "Deleting peer while sending traffic:" |
| (ip netns exec peer2 ping -qf -w 4 5.5.5.1)& |
| sleep 2 |
| ip netns exec peer0 ${OVPN_CLI} del_peer tun0 2 |
| # following command fails in TCP mode |
| # (both ends get conn reset when one peer disconnects) |
| ip netns exec peer2 ${OVPN_CLI} del_peer tun2 2 || true |
| |
| echo "Deleting keys:" |
| for p in $(seq 3 ${NUM_PEERS}); do |
| ip netns exec peer${p} ${OVPN_CLI} del_key tun${p} ${p} 1 |
| ip netns exec peer${p} ${OVPN_CLI} del_key tun${p} ${p} 2 |
| done |
| |
| echo "Setting timeout to 3s MP:" |
| for p in $(seq 3 ${NUM_PEERS}); do |
| ip netns exec peer0 ${OVPN_CLI} set_peer tun0 ${p} 3 3 || true |
| ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} ${p} 0 0 |
| done |
| # wait for peers to timeout |
| sleep 5 |
| |
| echo "Setting timeout to 3s P2P:" |
| for p in $(seq 3 ${NUM_PEERS}); do |
| ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} ${p} 3 3 |
| done |
| sleep 5 |
| |
| cleanup |
| |
| modprobe -r ovpn || true |
