Skip to content

Commit

Permalink
test: configure wireguard server side using the browser object
Browse files Browse the repository at this point in the history
  • Loading branch information
subhoghoshX committed Oct 16, 2023
1 parent b86c8df commit 4d48175
Showing 1 changed file with 48 additions and 11 deletions.
59 changes: 48 additions & 11 deletions test/verify/check-networkmanager-wireguard
Original file line number Diff line number Diff line change
Expand Up @@ -43,15 +43,28 @@ class TestWireGuard(packagelib.PackageCase, netlib.NetworkCase):
m2_port = 51820
m2_ip4 = "10.0.0.2"
m2_ip6 = "2001::2"
b2 = self.new_browser(m2)
m2.start_cockpit()
b2.login_and_go("/network")
if not m2.ostree_image:
m2.execute(f"firewall-cmd --add-port={m2_port}/udp")
m2.execute("wg genkey > private")
m2_pubkey = m2.execute("wg pubkey < private").strip()
m2.execute("ip link add dev wg0 type wireguard")
m2.execute(f"ip addr add {m2_ip4}/24 dev wg0")
m2.execute("wg set wg0 private-key ./private")
m2.execute(f"wg set wg0 listen-port {m2_port}")
m2.execute("ip link set wg0 up")
b2.go("/network/firewall")
b2.enter_page("/network/firewall")
b2.click("button:contains('Add services')")
b2.wait_visible("#add-services-dialog")
b2.set_input_text("#filter-services-input", "wireguard")
b2.wait_visible("ul li label:contains('wireguard')")
b2.click("ul li label:contains('wireguard')")
b2.click("#add-services-dialog button:contains('Add services')")
b2.wait_visible("#zones-listing tr:contains('wireguard')")
b2.go("/network")
b2.enter_page("/network")
b2.click("button:contains('Add VPN')")
b2.wait_visible("#network-wireguard-settings-dialog")
m2_iface_name = b2.val("#network-wireguard-settings-interface-name-input")
b2.wait_not_val("#network-wireguard-settings-public-key input", "")
m2_pubkey = b2.val("#network-wireguard-settings-public-key input")
b2.set_input_text("#network-wireguard-settings-addresses-input", f"{m2_ip4}/24")
b2.set_input_text("#network-wireguard-settings-listen-port-input", str(m2_port))

# Validate each field, enter the right value, and then proceed to the next field
#
Expand Down Expand Up @@ -142,7 +155,12 @@ class TestWireGuard(packagelib.PackageCase, netlib.NetworkCase):
m1.execute("until ip route | grep -q '10.0.0.0/24 dev wg0 proto kernel scope link src 10.0.0.1 metric 50'; do sleep 1; done")

# endpoint and port is not necessary for a peer if that peer estalishes the connectio first (i.e. the client)
m2.execute(f"wg set wg0 peer {m1_pubkey} allowed-ips {m1_ip4}/32")
b2.click("button:contains('Add peer')")
b2.set_input_text("#network-wireguard-settings-publickey-peer-0", m1_pubkey)
b2.set_input_text("#network-wireguard-settings-allowedips-peer-0", f"{m1_ip4}/32")
b2.click("#network-wireguard-settings-save")
b2.wait_not_present("#network-wireguard-settings-dialog")
b2.wait_in_text(f"#networking-interfaces th:contains('{m2_iface_name}') + td", f"{m2_ip4}/24")

# check connection over ipv4
try:
Expand All @@ -155,8 +173,27 @@ class TestWireGuard(packagelib.PackageCase, netlib.NetworkCase):
raise

# check connection over ipv6
m2.execute(f"ip addr add {m2_ip6}/64 dev wg0")
m2.execute(f"wg set wg0 peer {m1_pubkey} allowed-ips {m1_ip4}/32,{m1_ip6}")
b2.click(f"#networking-interfaces button:contains('{m2_iface_name}')")

b2.click("#networking-edit-wg")
b2.wait_visible("#network-wireguard-settings-dialog")
b2.set_input_text("#network-wireguard-settings-allowedips-peer-0", f"{m1_ip4}/32,{m1_ip6}")
b2.click("#network-wireguard-settings-save")
b2.wait_not_present("#network-wireguard-settings-dialog")

m2.execute("until wg show wg0 | grep -q 'allowed ips.*2001::1/128'; do sleep 1; done")

b2.click("#networking-edit-ipv6")
b2.wait_visible("#network-ip-settings-dialog")
b2.select_from_dropdown("#network-ip-settings-select-method", "manual")
b2.set_input_text("#network-ip-settings-address-0", m2_ip6)
b2.set_input_text("#network-ip-settings-netmask-0", "64")
b2.set_input_text("#network-ip-settings-gateway-0", "::")
b2.click("#network-ip-settings-save")
b2.wait_not_present("#network-ip-settings-dialog")
b2.wait_in_text(f"dt:contains('IPv6') + dd", "Address 2001:0:0:0:0:0:0:2/64")

m2.execute(f"until ip a show dev {m2_iface_name} | grep -q 'inet6 {m2_ip6}/64 scope global'; do sleep 0.3; done", timeout=10)

b.click("#networking-edit-wg")
b.wait_visible("#network-wireguard-settings-dialog")
Expand Down

0 comments on commit 4d48175

Please sign in to comment.