Greetings, Dirk 'dinoex' Meyer reported issues when the self-test is run inside a FreeBSD "jail" (see below), in that t_cltsrv.sh never completes and he also provided logs:
| ... | Fri Nov 4 11:12:55 2005 UDPv4 link local (bound): 127.0.0.1:16001 | Fri Nov 4 11:12:55 2005 UDPv4 link remote: 127.0.0.1:16000 | Fri Nov 4 11:12:55 2005 TCP/UDP: Incoming packet rejected from A.B.C.D:16001[2], expected peer address: 127.0.0.1:16001 (allow this incoming source address/port by removing --remote or adding --float) This is consistent with the jail(2) documentation on FreeBSD 5-STABLE. A BSD "jail" is mainly a locked-down chroot where network communication is tied to a particular IP address. This IP address is configured at jail setup time and even "loopback" communication is remapped to the jail's IP. This creates the problem above. The sample-config-files/loopback-* scripts however do not terminate openvpn if the connection cannot be established. To fix this by adding --float if running in a FreeBSD, and to address and some minor issues (t_lpback leaves log.$$ behind if successful; tests should perhaps print "SKIP" rather than "FAIL" if aborted), I suggest the attached updates to the t_* scripts, against SVN trunk (version 2.0.5). Tested on FreeBSD 5.4 i586, SUSE Linux 9.3 i686, Solaris 8 sun4u sparc. Please apply to 2.0 and 2.1. -- Matthias Andree
Index: t_lpback.sh =================================================================== --- t_lpback.sh (revision 774) +++ t_lpback.sh (working copy) @@ -19,11 +19,13 @@ # 02110-1301, USA. set -e -trap "rm -f key.$$ log.$$ ; false" 1 2 3 15 +trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15 +trap "rm -f key.$$ log.$$ ; exit 1" 0 3 ./openvpn --genkey --secret key.$$ set +e ( ./openvpn --test-crypto --secret key.$$ ) >log.$$ 2>&1 e=$? if [ $e != 0 ] ; then cat log.$$ ; fi -rm key.$$ +rm key.$$ log.$$ +trap 0 exit $e Index: t_cltsrv.sh =================================================================== --- t_cltsrv.sh (revision 774) +++ t_cltsrv.sh (working copy) @@ -20,19 +20,33 @@ set -e echo "the following test will run about two minutes..." >&2 -trap "rm -f log.$$ ; false" 1 2 3 15 +trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15 +trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3 +addopts= +case `uname -s` in + FreeBSD) + # FreeBSD jails map the outgoing IP to the jail IP - we need to + # allow the real IP unless we want the test to run forever. + if test `sysctl -n security.jail.jailed` != 0 ; then + addopts="--float" + fi + ;; +esac set +e ( -./openvpn --cd "${srcdir}" --config sample-config-files/loopback-server & -./openvpn --cd "${srcdir}" --config sample-config-files/loopback-client -) >log.$$ 2>&1 +./openvpn --cd "${srcdir}" ${addopts} --down 'echo "srv:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-server & +./openvpn --cd "${srcdir}" ${addopts} --down 'echo "clt:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-client +) 3>log.$$.signal >log.$$ 2>&1 e1=$? wait $! e2=$? +grep -v ":inactive$" log.$$.signal >/dev/null && { cat log.$$.signal ; echo ; cat log.$$ ; exit 1 ; } + set -e if [ $e1 != 0 ] || [ $e2 != 0 ] ; then cat log.$$ exit 1 fi -rm log.$$ +rm log.$$ log.$$.signal +trap 0