Skip to content

Commit

Permalink
Implement wireguard test between OpenBSD and Linux in netlink.
Browse files Browse the repository at this point in the history
  • Loading branch information
bluhm committed Jun 25, 2024
1 parent 3baed2f commit a357793
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 4 deletions.
2 changes: 1 addition & 1 deletion net.pl
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@

my @allifaces = qw(bnxt em igc ix ixl re vio vmx);
my @allmodifymodes = qw(none jumbo nolro nopf notso);
my @allpseudos = qw(none bridge carp gif gre veb vlan);
my @allpseudos = qw(none bridge carp gif gre veb vlan wg);
my @allsetupmodes = (qw(build install upgrade sysupgrade keep kernel reboot
tools), "cvs,build", "cvs,kernel");
my @alltestmodes = qw(all fragment icmp tcp udp splice);
Expand Down
59 changes: 56 additions & 3 deletions netlink.pl
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@

my @allifaces = qw(none bnxt em igc ix ixl re vio vmx);
my @allmodifymodes = qw(none jumbo nolro nopf notso);
my @allpseudos = qw(none bridge carp gif gre veb vlan);
my @allpseudos = qw(none bridge carp gif gre veb vlan wg);
my @alltestmodes = sort qw(all fragment icmp tcp udp splice);

my %opts;
Expand Down Expand Up @@ -509,7 +509,7 @@ sub good {
printcmd('ssh', $lnx_l_ssh, 'ip', 'link', 'add', 'name', $lnx_pdev,
'type', 'sit', 'mode', 'any',
'local', $lnx_l_tunnel_addr, 'remote', $obsd_l_tunnel_addr);
printcmd('ssh', $lnx_r_ssh, 'ip', 'link', 'add', $lnx_pdev,
printcmd('ssh', $lnx_r_ssh, 'ip', 'link', 'add', 'name', $lnx_pdev,
'type', 'sit', 'mode', 'any',
'local', $lnx_r_tunnel_addr, 'remote', $obsd_r_tunnel_addr);
foreach my $ssh ($lnx_l_ssh, $lnx_r_ssh) {
Expand Down Expand Up @@ -609,8 +609,61 @@ sub good {
printcmd('ssh', $ssh, 'ip', 'link', 'set', 'dev', $lnx_if, 'up');
}
$lnx_ipdev = $lnx_pdev;
} elsif ($pseudo eq 'wg') {
my @lnx_pub;
foreach my $ssh ($lnx_l_ssh, $lnx_r_ssh) {
printcmd('ssh', $ssh, 'modprobe', 'wireguard');
printcmd('ssh', $ssh,
'wg genkey | tee wg-private.key | wg pubkey >wg-public.key');
}
chomp(my $lnx_l_pub = `ssh $lnx_l_ssh cat wg-public.key`);
chomp(my $lnx_r_pub = `ssh $lnx_r_ssh cat wg-public.key`);

# configure OpenBSD tunnel addresses
printcmd('ifconfig', $obsd_l_if, 'inet', "$obsd_l_tunnel_addr/24");
printcmd('ifconfig', $obsd_r_if, 'inet', "$obsd_r_tunnel_addr/24");
printcmd('ifconfig', 'wg0', 'create');
printcmd('ifconfig', 'wg1', 'create');
chomp(my $obsd_l_key = `openssl rand -base64 32`);
chomp(my $obsd_r_key = `openssl rand -base64 32`);
printcmd('ifconfig', 'wg0', 'wgport', '7112', 'wgkey', $obsd_l_key,
'wgpeer', $lnx_l_pub, 'wgendpoint', $lnx_l_tunnel_addr, '7111',
'wgaip', $lnx_l_net, 'wgaip', $lnx_l_net6);
printcmd('ifconfig', 'wg1', 'wgport', '7113', 'wgkey', $obsd_r_key,
'wgpeer', $lnx_r_pub, 'wgendpoint', $lnx_r_tunnel_addr, '7114',
'wgaip', $lnx_r_net, 'wgaip', $lnx_r_net6,);
chomp(my $obsd_l_pub = `ifconfig wg0 | grep 'wgpubkey' | cut -d ' ' -f 2`);
chomp(my $obsd_r_pub = `ifconfig wg1 | grep 'wgpubkey' | cut -d ' ' -f 2`);
printcmd('ifconfig', $obsd_l_if, 'up');
printcmd('ifconfig', $obsd_r_if, 'up');
$obsd_l_ipdev = "wg0";
$obsd_r_ipdev = "wg1";

# configure Linux tunnel addresses
printcmd('ssh', $lnx_l_ssh, 'ip', 'address', 'add', $lnx_l_tunnel_net,
'dev', $lnx_if);
printcmd('ssh', $lnx_r_ssh, 'ip', 'address', 'add', $lnx_r_tunnel_net,
'dev', $lnx_if);
printcmd('ssh', $lnx_l_ssh, 'ip', 'link', 'add', 'name', $lnx_pdev,
'type', 'wireguard');
printcmd('ssh', $lnx_r_ssh, 'ip', 'link', 'add', 'name', $lnx_pdev,
'type', 'wireguard');
printcmd('ssh', $lnx_l_ssh, 'wg', 'set', $lnx_pdev, 'listen-port', '7111',
'private-key', 'wg-private.key', 'peer', $obsd_l_pub,
'allowed-ips', $obsd_l_net, 'allowed-ips', $obsd_l_net6,
'allowed-ips', $obsd_r_net, 'allowed-ips', $obsd_r_net6,
'endpoint', "$obsd_l_tunnel_addr:7112");
printcmd('ssh', $lnx_r_ssh, 'wg', 'set', $lnx_pdev, 'listen-port', '7114',
'private-key', 'wg-private.key', 'peer', $obsd_r_pub,
'allowed-ips', $obsd_r_net, 'allowed-ips', $obsd_r_net6,
'allowed-ips', $obsd_l_net, 'allowed-ips', $obsd_l_net6,
'endpoint', "$obsd_r_tunnel_addr:7113");
foreach my $ssh ($lnx_l_ssh, $lnx_r_ssh) {
printcmd('ssh', $ssh, 'ip', 'link', 'set', 'dev', $lnx_if, 'up');
}
$lnx_ipdev = $lnx_pdev;
}
# XXX: trunk, tpmr, nipsec, wg?
# XXX: trunk, tpmr, nipsec

# configure OpenBSD addresses

Expand Down

0 comments on commit a357793

Please sign in to comment.