1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# Copyright (C) 2020-2025 OpenVPN, Inc. 4# 5# Author: Antonio Quartulli <antonio@openvpn.net> 6 7#set -x 8set -e 9 10source ./common.sh 11 12cleanup 13 14modprobe -q ovpn || true 15 16for p in $(seq 0 ${NUM_PEERS}); do 17 create_ns ${p} 18done 19 20for p in $(seq 0 ${NUM_PEERS}); do 21 setup_listener ${p} 22done 23 24for p in $(seq 0 ${NUM_PEERS}); do 25 setup_ns ${p} 5.5.5.$((${p} + 1))/24 ${MTU} 26done 27 28for p in $(seq 0 ${NUM_PEERS}); do 29 add_peer ${p} 30done 31 32for p in $(seq 1 ${NUM_PEERS}); do 33 ip netns exec peer0 ${OVPN_CLI} set_peer tun0 ${p} 60 120 34 ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} \ 35 $((${p}+ID_OFFSET)) 60 120 36done 37 38sleep 1 39 40TCPDUMP_TIMEOUT="1.5s" 41for p in $(seq 1 ${NUM_PEERS}); do 42 # The first part of the data packet header consists of: 43 # - TCP only: 2 bytes for the packet length 44 # - 5 bits for opcode ("9" for DATA_V2) 45 # - 3 bits for key-id ("0" at this point) 46 # - 12 bytes for peer-id: 47 # - with asymmetric ID: "${p}" one way and "${p} + 9" the other way 48 # - with symmetric ID: "${p}" both ways 49 HEADER1=$(printf "0x4800000%x" ${p}) 50 HEADER2=$(printf "0x4800000%x" $((${p} + ID_OFFSET))) 51 RADDR="" 52 if [ "${PROTO}" == "UDP" ]; then 53 RADDR=$(awk "NR == ${p} {print \$3}" ${UDP_PEERS_FILE}) 54 fi 55 56 timeout ${TCPDUMP_TIMEOUT} ip netns exec peer${p} \ 57 tcpdump --immediate-mode -p -ni veth${p} -c 1 \ 58 "$(build_capture_filter "${HEADER1}" "${RADDR}")" \ 59 >/dev/null 2>&1 & 60 TCPDUMP_PID1=$! 61 timeout ${TCPDUMP_TIMEOUT} ip netns exec peer${p} \ 62 tcpdump --immediate-mode -p -ni veth${p} -c 1 \ 63 "$(build_capture_filter "${HEADER2}" "${RADDR}")" \ 64 >/dev/null 2>&1 & 65 TCPDUMP_PID2=$! 66 67 sleep 0.3 68 ip netns exec peer0 ping -qfc 500 -w 3 5.5.5.$((${p} + 1)) 69 ip netns exec peer0 ping -qfc 500 -s 3000 -w 3 5.5.5.$((${p} + 1)) 70 71 wait ${TCPDUMP_PID1} 72 wait ${TCPDUMP_PID2} 73done 74 75# ping LAN behind client 1 76ip netns exec peer0 ping -qfc 500 -w 3 ${LAN_IP} 77 78if [ "$FLOAT" == "1" ]; then 79 # make clients float.. 80 for p in $(seq 1 ${NUM_PEERS}); do 81 ip -n peer${p} addr del 10.10.${p}.2/24 dev veth${p} 82 ip -n peer${p} addr add 10.10.${p}.3/24 dev veth${p} 83 done 84 for p in $(seq 1 ${NUM_PEERS}); do 85 ip netns exec peer${p} ping -qfc 500 -w 3 5.5.5.1 86 done 87fi 88 89ip netns exec peer0 iperf3 -1 -s & 90sleep 1 91ip netns exec peer1 iperf3 -Z -t 3 -c 5.5.5.1 92 93echo "Adding secondary key and then swap:" 94for p in $(seq 1 ${NUM_PEERS}); do 95 ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 2 1 ${ALG} 0 \ 96 data64.key 97 ip netns exec peer${p} ${OVPN_CLI} new_key tun${p} \ 98 $((${p} + ID_OFFSET)) 2 1 ${ALG} 1 data64.key 99 ip netns exec peer${p} ${OVPN_CLI} swap_keys tun${p} \ 100 $((${p} + ID_OFFSET)) 101done 102 103sleep 1 104 105echo "Querying all peers:" 106ip netns exec peer0 ${OVPN_CLI} get_peer tun0 107ip netns exec peer1 ${OVPN_CLI} get_peer tun1 108 109echo "Querying peer 1:" 110ip netns exec peer0 ${OVPN_CLI} get_peer tun0 1 111 112echo "Querying non-existent peer 20:" 113ip netns exec peer0 ${OVPN_CLI} get_peer tun0 20 || true 114 115echo "Deleting peer 1:" 116ip netns exec peer0 ${OVPN_CLI} del_peer tun0 1 117ip netns exec peer1 ${OVPN_CLI} del_peer tun1 $((1 + ID_OFFSET)) 118 119echo "Querying keys:" 120for p in $(seq 2 ${NUM_PEERS}); do 121 ip netns exec peer${p} ${OVPN_CLI} get_key tun${p} \ 122 $((${p} + ID_OFFSET)) 1 123 ip netns exec peer${p} ${OVPN_CLI} get_key tun${p} \ 124 $((${p} + ID_OFFSET)) 2 125done 126 127echo "Deleting peer while sending traffic:" 128(ip netns exec peer2 ping -qf -w 4 5.5.5.1)& 129sleep 2 130ip netns exec peer0 ${OVPN_CLI} del_peer tun0 2 131# following command fails in TCP mode 132# (both ends get conn reset when one peer disconnects) 133ip netns exec peer2 ${OVPN_CLI} del_peer tun2 $((2 + ID_OFFSET)) || true 134 135echo "Deleting keys:" 136for p in $(seq 3 ${NUM_PEERS}); do 137 ip netns exec peer${p} ${OVPN_CLI} del_key tun${p} \ 138 $((${p} + ID_OFFSET)) 1 139 ip netns exec peer${p} ${OVPN_CLI} del_key tun${p} \ 140 $((${p} + ID_OFFSET)) 2 141done 142 143echo "Setting timeout to 3s MP:" 144for p in $(seq 3 ${NUM_PEERS}); do 145 ip netns exec peer0 ${OVPN_CLI} set_peer tun0 ${p} 3 3 || true 146 ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} \ 147 $((${p} + ID_OFFSET)) 0 0 148done 149# wait for peers to timeout 150sleep 5 151 152echo "Setting timeout to 3s P2P:" 153for p in $(seq 3 ${NUM_PEERS}); do 154 ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} \ 155 $((${p} + ID_OFFSET)) 3 3 156done 157sleep 5 158 159for p in $(seq 0 ${NUM_PEERS}); do 160 compare_ntfs ${p} 161done 162 163cleanup 164 165modprobe -r ovpn || true 166