package require Tclx
+set netlink(inside) {
+ local-address "172.18.232.9";
+ secnet-address "172.18.232.10";
+ remote-networks "172.18.232.0/28";
+}
+set netlink(outside) {
+ local-address "172.18.232.1";
+ secnet-address "172.18.232.2";
+ remote-networks "172.18.232.0/28";
+}
+
+set ports(inside) {16913 16910}
+set ports(outside) 16900
+
+set extra(inside) {
+ local-mobile True;
+ mtu-target 1260;
+}
+set extra(outside) {}
+
+proc mkconf {which} {
+ global netlink
+ global ports
+ global extra
+ global netlinkfh
+ set pipefp test/$which.netlink
+ foreach tr {t r} {
+ file delete $pipefp.$tr
+ exec mkfifo -m600 $pipefp.$tr
+ set netlinkfh($which.$tr) [set fh [open $pipefp.$tr r+]]
+ fconfigure $fh -blocking 0 -buffering none -translation binary
+ }
+ fileevent $netlinkfh($which.r) readable [list netlink-readable $which]
+ set fakeuf test/$which.fake-userv
+ set fakeuh [open $fakeuf w 0755]
+ puts $fakeuh "#!/bin/sh
+set -e
+cat >$pipefp.r &
+exec 3<>$pipefp.t
+exec <$pipefp.t
+exec 3<&-
+exec cat
+"
+ set cfg "
+ netlink userv-ipif {
+ name \"netlink\";
+ userv-path \"$fakeuf\";
+ $netlink($which)
+ mtu 1400;
+ buffer sysbuffer(2048);
+ interface \"secnet-test-[string range $which 0 0]\";
+ };
+ comm
+"
+ set delim {}
+ foreach port $ports($which) {
+ append cfg "$delim
+ udp {
+ port $port;
+ buffer sysbuffer(4096);
+ }
+ "
+ set delim ,
+ }
+ append cfg ";
+ local-name \"test-example/$which/$which\";
+ local-key rsa-private(\"test-example/$which.key\");
+"
+ append cfg $extra($which)
+ append cfg {
+ log logfile {
+ filename "/dev/tty";
+ class "info","notice","warning","error","security","fatal";
+ };
+ system {
+ };
+ resolver adns {
+ };
+ log-events "all";
+ random randomfile("/dev/urandom",no);
+ transform eax-serpent { }, serpent256-cbc { };
+ include test-example/sites.conf
+ sites map(site,vpn/test-example/all-sites);
+ }
+ return $cfg
+}
+
proc spawn-secnet {which} {
upvar #0 pids($which) pid
- set argl [list ./secnet -dvnc test-example/$which.conf]
+ set cf test/$which.conf
+ set ch [open $cf w]
+ puts $ch [mkconf $which]
+ close $ch
+ set argl [list -dvnc $cf]
set pid [fork]
if {!$pid} {
- execl really $argl
+ execl ./secnet $argl
}
}