1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# Copyright (C) 2020-2025 OpenVPN, Inc. 4# 5# Author: Antonio Quartulli <antonio@openvpn.net> 6 7#set -x 8set -e 9 10source ./common.sh 11 12cleanup 13 14modprobe -q ovpn || true 15 16for p in $(seq 0 ${NUM_PEERS}); do 17 create_ns ${p} 18done 19 20for p in $(seq 0 ${NUM_PEERS}); do 21 setup_listener ${p} 22done 23 24for p in $(seq 0 ${NUM_PEERS}); do 25 setup_ns ${p} 5.5.5.$((${p} + 1))/24 ${MTU} 26done 27 28for p in $(seq 0 ${NUM_PEERS}); do 29 add_peer ${p} 30done 31 32for p in $(seq 1 ${NUM_PEERS}); do 33 ip netns exec peer0 ${OVPN_CLI} set_peer tun0 ${p} 60 120 34 ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} ${p} 60 120 35done 36 37sleep 1 38 39for p in $(seq 1 ${NUM_PEERS}); do 40 ip netns exec peer0 ping -qfc 500 -w 3 5.5.5.$((${p} + 1)) 41 ip netns exec peer0 ping -qfc 500 -s 3000 -w 3 5.5.5.$((${p} + 1)) 42done 43 44# ping LAN behind client 1 45ip netns exec peer0 ping -qfc 500 -w 3 ${LAN_IP} 46 47if [ "$FLOAT" == "1" ]; then 48 # make clients float.. 49 for p in $(seq 1 ${NUM_PEERS}); do 50 ip -n peer${p} addr del 10.10.${p}.2/24 dev veth${p} 51 ip -n peer${p} addr add 10.10.${p}.3/24 dev veth${p} 52 done 53 for p in $(seq 1 ${NUM_PEERS}); do 54 ip netns exec peer${p} ping -qfc 500 -w 3 5.5.5.1 55 done 56fi 57 58ip netns exec peer0 iperf3 -1 -s & 59sleep 1 60ip netns exec peer1 iperf3 -Z -t 3 -c 5.5.5.1 61 62echo "Adding secondary key and then swap:" 63for p in $(seq 1 ${NUM_PEERS}); do 64 ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 2 1 ${ALG} 0 data64.key 65 ip netns exec peer${p} ${OVPN_CLI} new_key tun${p} ${p} 2 1 ${ALG} 1 data64.key 66 ip netns exec peer${p} ${OVPN_CLI} swap_keys tun${p} ${p} 67done 68 69sleep 1 70 71echo "Querying all peers:" 72ip netns exec peer0 ${OVPN_CLI} get_peer tun0 73ip netns exec peer1 ${OVPN_CLI} get_peer tun1 74 75echo "Querying peer 1:" 76ip netns exec peer0 ${OVPN_CLI} get_peer tun0 1 77 78echo "Querying non-existent peer 10:" 79ip netns exec peer0 ${OVPN_CLI} get_peer tun0 10 || true 80 81echo "Deleting peer 1:" 82ip netns exec peer0 ${OVPN_CLI} del_peer tun0 1 83ip netns exec peer1 ${OVPN_CLI} del_peer tun1 1 84 85echo "Querying keys:" 86for p in $(seq 2 ${NUM_PEERS}); do 87 ip netns exec peer${p} ${OVPN_CLI} get_key tun${p} ${p} 1 88 ip netns exec peer${p} ${OVPN_CLI} get_key tun${p} ${p} 2 89done 90 91echo "Deleting peer while sending traffic:" 92(ip netns exec peer2 ping -qf -w 4 5.5.5.1)& 93sleep 2 94ip netns exec peer0 ${OVPN_CLI} del_peer tun0 2 95# following command fails in TCP mode 96# (both ends get conn reset when one peer disconnects) 97ip netns exec peer2 ${OVPN_CLI} del_peer tun2 2 || true 98 99echo "Deleting keys:" 100for p in $(seq 3 ${NUM_PEERS}); do 101 ip netns exec peer${p} ${OVPN_CLI} del_key tun${p} ${p} 1 102 ip netns exec peer${p} ${OVPN_CLI} del_key tun${p} ${p} 2 103done 104 105echo "Setting timeout to 3s MP:" 106for p in $(seq 3 ${NUM_PEERS}); do 107 ip netns exec peer0 ${OVPN_CLI} set_peer tun0 ${p} 3 3 || true 108 ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} ${p} 0 0 109done 110# wait for peers to timeout 111sleep 5 112 113echo "Setting timeout to 3s P2P:" 114for p in $(seq 3 ${NUM_PEERS}); do 115 ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} ${p} 3 3 116done 117sleep 5 118 119for p in $(seq 0 ${NUM_PEERS}); do 120 compare_ntfs ${p} 121done 122 123cleanup 124 125modprobe -r ovpn || true 126