Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add VPN server IP to allowed addresses in TrafPol #105

Merged
merged 1 commit into from
Jul 24, 2024
Merged

Add VPN server IP to allowed addresses in TrafPol #105

merged 1 commit into from
Jul 24, 2024

Conversation

hwipl
Copy link
Contributor

@hwipl hwipl commented Jul 23, 2024

When the XML profile is updated, e.g., during a user's connection attempt, the TrafPol component restarts with the new settings of the XML profile. This can cause the VPN connection to fail when the user's connection request arrives in OC-Daemon and TrafPol has not resolved the IP address of the VPN server in the allowed hosts yet. So, add the IP address of the VPN server in the user's connection request to the allowed addresses in TrafPol to make sure access to the VPN server is allowed even when TrafPol is restarting.

@hwipl
Add VPN server IP to allowed addresses in TrafPol
1c7fcbb 
When the XML profile is updated, e.g., during a user's connection
attempt, the TrafPol component restarts with the new settings of the XML
profile. This can cause the VPN connection to fail when the user's
connection request arrives in OC-Daemon and TrafPol has not resolved the
IP address of the VPN server in the allowed hosts yet. So, add the IP
address of the VPN server in the user's connection request to the
allowed addresses in TrafPol to make sure access to the VPN server is
allowed even when TrafPol is restarting.

Signed-off-by: hwipl <[email protected]>
@github-actions GitHub Actions
Copy link

Test Result

🙌 258 Tests pass

Test Details

🟢 TestAddrMonStartStop (0.00s)
🟢 TestAddrMonUpdates (0.00s)
🟢 TestNewAddrMon (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestNewMessage (0.00s)
🟢 TestNewOK (0.00s)
🟢 TestNewError (0.00s)
🟢 TestReadMessageErrors (0.00s)
🟢 TestWriteMessageErrors (0.00s)
🟢 TestReadWriteMessage (0.00s)
🟢 TestGetSetToken (0.00s)
🟢 TestRequestType (0.00s)
🟢 TestRequestData (0.00s)
🟢 TestRequestReply (0.00s)
🟢 TestRequestError (0.00s)
🟢 TestRequestCloseErrors (0.00s)
🟢 TestRequestClose (0.00s)
🟢 TestServerHandleRequest (0.00s)
🟢 TestServerSetSocketOwner (0.00s)
🟢 TestServerSetSocketGroup (0.00s)
🟢 TestServerSetSocketPermissions (0.00s)
🟢 TestServerStartStop (0.00s)
🟢 TestServerRequests (0.00s)
🟢 TestNewServer (0.00s)
🟢 TestListServers (0.00s)
🟢 TestConnectVPN (0.00s)
🟢 TestDisconnectVPN (0.00s)
🟢 TestReconnectVPN (0.00s)
🟢 TestGetStatus (0.00s)
🟢 TestMonitor (0.00s)
🟢 TestRun (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestCPDProbeCheck (0.00s)
🟢 TestCPDProbeCheck/stop_during_probe (0.00s)
🟢 TestCPDProbeCheck/redirect_without_url (0.00s)
🟢 TestCPDProbeCheck/invalid_server (0.00s)
🟢 TestCPDProbeCheck/invalid_content_length (0.00s)
🟢 TestCPDHandleProbeRequest (0.00s)
🟢 TestCPDHandleProbeReport (0.00s)
🟢 TestCPDHandleTimer (0.00s)
🟢 TestCPDStartStop (0.01s)
🟢 TestCPDHosts (0.00s)
🟢 TestCPDProbe (0.00s)
🟢 TestCPDProbe/not_detected (0.00s)
🟢 TestCPDProbe/detected (0.00s)
🟢 TestCPDResults (0.00s)
🟢 TestNewCPD (0.00s)
🟢 TestPrepareFolders (0.00s)
🟢 TestRun (0.00s)
🟢 TestConfigString (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestConfigLoad (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestDaemonErrors (0.00s)
🟢 TestNewDaemon (0.00s)
🟢 TestVPNConfigUpdateValid (0.00s)
🟢 TestVPNConfigUpdateJSON (0.00s)
🟢 TestNewVPNConfigUpdate (0.00s)
🟢 TestRequestWaitClose (0.00s)
🟢 TestDaemonConnectErrors (0.00s)
🟢 TestDaemonConnect (0.00s)
🟢 TestDaemonDisconnectErrors (0.00s)
🟢 TestDaemonDisconnect (0.00s)
🟢 TestServiceStartStop (0.00s)
🟢 TestServiceRequests (0.00s)
🟢 TestServiceSetProperty (0.00s)
🟢 TestNewService (0.00s)
🟢 TestDevMonStartStop (0.00s)
🟢 TestDevMonUpdates (0.00s)
🟢 TestNewDevMon (0.00s)
🟢 TestConfigResolvConfDirs (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestDNSMonStartEvents (0.00s)
🟢 TestDNSMonStartStop (0.02s)
🟢 TestDNSMonUpdates (0.00s)
🟢 TestNewDNSMon (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestProxyHandleRequest (0.00s)
🟢 TestProxyHandleRequestRecords (0.00s)
🟢 TestProxyStartStop (0.00s)
🟢 TestProxyReports (0.00s)
🟢 TestProxySetRemotes (0.00s)
🟢 TestProxySetWatches (0.00s)
🟢 TestNewProxy (0.00s)
🟢 TestRemotesAdd (0.00s)
🟢 TestRemotesRemove (0.00s)
🟢 TestRemotesFlush (0.00s)
🟢 TestRemotesGet (0.00s)
🟢 TestNewRemotes (0.00s)
🟢 TestReportString (0.00s)
🟢 TestReportWaitDone (0.00s)
🟢 TestNewReport (0.00s)
🟢 TestWatchesAdd (0.00s)
🟢 TestWatchesAddTempCNAME (0.00s)
🟢 TestWatchesAddTempDNAME (0.00s)
🟢 TestWatchesRemove (0.00s)
🟢 TestWatchesCleanTemp (0.00s)
🟢 TestWatchesFlush (0.00s)
🟢 TestWatchesContains (0.00s)
🟢 TestWatchesContains/regular_watches (0.00s)
🟢 TestWatchesContains/temporary_CNAMEs (0.00s)
🟢 TestWatchesContains/temporary_DNAMEs (0.00s)
🟢 TestNewWatches (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestConfigCheckExecutables (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestRunCmd (0.01s)
🟢 TestRunIP (0.00s)
🟢 TestRunIPLink (0.00s)
🟢 TestRunIPAddress (0.00s)
🟢 TestRunIP4Route (0.00s)
🟢 TestRunIP6Route (0.00s)
🟢 TestRunIP4Rule (0.00s)
🟢 TestRunIP6Rule (0.00s)
🟢 TestRunSysctl (0.00s)
🟢 TestRunNft (0.00s)
🟢 TestRunResolvectl (0.00s)
🟢 TestSetExecutables (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestConnectStartStop (0.00s)
🟢 TestConnectSavePidFile (0.00s)
🟢 TestConnectConnect (0.00s)
🟢 TestConnectDisconnect (0.00s)
🟢 TestConnectEvents (0.00s)
🟢 TestNewConnect (0.00s)
🟢 TestCleanupConnect (0.00s)
🟢 TestProfileMonHandleEvent (0.00s)
🟢 TestProfileMonStartEvents (0.00s)
🟢 TestProfileMonStartStop (0.00s)
🟢 TestProfileMonUpdates (0.00s)
🟢 TestNewProfileMon (0.00s)
🟢 TestSleepMonHandleSignal (0.00s)
🟢 TestSleepMonStartEvents (0.00s)
🟢 TestSleepMonStartErrors (0.00s)
🟢 TestSleepMonStartStop (0.00s)
🟢 TestSleepMonEvents (0.00s)
🟢 TestNewSleepMon (0.00s)
🟢 TestAddressesAdd (0.00s)
🟢 TestAddressesRemove (0.00s)
🟢 TestAddressesGet (0.00s)
🟢 TestNewAddresses (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestDevicesAdd (0.00s)
🟢 TestDevicesRemove (0.00s)
🟢 TestDevicesGetReal (0.00s)
🟢 TestDevicesGetVirtual (0.00s)
🟢 TestDevicesGetAll (0.00s)
🟢 TestNewDevices (0.00s)
🟢 TestExcludesAddStatic (0.00s)
🟢 TestExcludesAddDynamic (0.00s)
🟢 TestExcludesRemove (0.00s)
🟢 TestExcludesCleanup (0.00s)
🟢 TestExcludesStartStop (0.00s)
🟢 TestNewExcludes (0.00s)
🟢 TestSplitRoutingHandleDeviceUpdate (0.00s)
🟢 TestSplitRoutingHandleAddressUpdate (0.00s)
🟢 TestSplitRoutingHandleDNSReport (0.00s)
🟢 TestSplitRoutingStartStop (0.00s)
🟢 TestSplitRoutingDNSReports (0.00s)
🟢 TestNewSplitRouting (0.00s)
🟢 TestCleanup (0.00s)
🟢 TestAllowDevsAdd (0.00s)
🟢 TestAllowDevsRemove (0.00s)
🟢 TestNewAllowDevs (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestFilterFunctionsErrors (0.00s)
🟢 TestResolverStartStop (0.00s)
🟢 TestResolverResolve (1.01s)
🟢 TestNewResolver (0.00s)
🟢 TestTrafPolHandleDeviceUpdate (0.00s)
🟢 TestTrafPolHandleDNSUpdate (0.00s)
🟢 TestTrafPolHandleCPDReport (0.00s)
🟢 TestTrafPolStartEvents (0.01s)
🟢 TestTrafPolGetAllowedHostsIPs (0.00s)
🟢 TestTrafPolStartStop (0.02s)
🟢 TestTrafPolAddRemoveAllowedAddr (0.00s)
🟢 TestNewTrafPol (0.00s)
🟢 TestCleanup (0.00s)
🟢 TestRunClient (0.01s)
🟢 TestRun (0.00s)
🟢 TestCreateConfigSplit (0.00s)
🟢 TestCreateConfigUpdate (0.00s)
🟢 TestParseEnvironmentSplit (0.00s)
🟢 TestParseDNSSplitExcXML (0.00s)
🟢 TestParseBypassVSubnetsXML (0.00s)
🟢 TestGetPostAuthXML (0.00s)
🟢 TestParseDNSSplitExc (0.00s)
🟢 TestParseBypassVSubnets (0.00s)
🟢 TestParseDisableAlwaysOnVPN (0.00s)
🟢 TestParseEnvironment (0.00s)
🟢 TestSetupVPNDevice (0.00s)
🟢 TestTeardownVPNDevice (0.00s)
🟢 TestVPNSetupSetupDNS (0.00s)
🟢 TestVPNSetupTeardownDNS (0.00s)
🟢 TestVPNSetupCheckDNSProtocols (0.00s)
🟢 TestVPNSetupCheckDNSServers (0.00s)
🟢 TestVPNSetupCheckDNSDomain (0.00s)
🟢 TestVPNSetupEnsureDNS (0.00s)
🟢 TestVPNSetupStartStop (0.00s)
🟢 TestVPNSetupSetupTeardown (2.00s)
🟢 TestNewVPNSetup (0.00s)
🟢 TestCleanup (0.00s)
🟢 TestDBusClientSetGetConfig (0.00s)
🟢 TestDBusClientSetGetEnv (0.00s)
🟢 TestDBusClientSetGetLogin (0.00s)
🟢 TestDBusClientPing (0.00s)
🟢 TestDBusClientQuery (0.00s)
🟢 TestDBusClientSubscribe (0.00s)
🟢 TestDBusClientAuthenticate (0.00s)
🟢 TestDBusClientConnect (0.00s)
🟢 TestDBusClientDisconnect (0.00s)
🟢 TestNewDBusClient (0.00s)
🟢 TestNewClient (0.00s)
🟢 TestConfigCopy (0.00s)
🟢 TestConfigEmpty (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestConfigExpand (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestLoadConfig (0.00s)
🟢 TestLoadUserSystemConfig (0.00s)
🟢 TestLoginInfoCopy (0.00s)
🟢 TestLoginInfoValid (0.00s)
🟢 TestLoginInfoParseLine (0.00s)
🟢 TestFromJSON (0.00s)
🟢 TestDNSRemotes (0.00s)
🟢 TestSplitDNSExcludes (0.00s)
🟢 TestConfigCopy (0.00s)
🟢 TestConfigEmpty (0.00s)
🟢 TestConfigEqual (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestConfigJSON (0.00s)
🟢 TestNew (0.00s)
🟢 TestNewFromJSON (0.00s)
🟢 TestTrustedNetworkTrusted (0.00s)
🟢 TestTrustedNetworkString (0.00s)
🟢 TestConnectionStateConnected (0.00s)
🟢 TestConnectionStateString (0.00s)
🟢 TestOCRunningRunning (0.00s)
🟢 TestOCRunningString (0.00s)
🟢 TestStatusCopy (0.00s)
🟢 TestJSON (0.00s)
🟢 TestNew (0.00s)
🟢 TestProfileGetAllowedHosts (0.00s)
🟢 TestProfileGetVPNServers (0.00s)
🟢 TestProfileGetVPNServerHostNames (0.00s)
🟢 TestProfileGetTNDServers (0.00s)
🟢 TestProfileGetTNDHTTPSServers (0.00s)
🟢 TestProfileGetAlwaysOn (0.00s)
🟢 TestProfileEqual (0.00s)
🟢 TestNewProfile (0.00s)
🟢 TestLoadProfile (0.00s)
🟢 TestLoadSystemProfile (0.00s)

Coverage

Total coverage: 🟩🟩🟩🟥 79.1%

Coverage Details
Coverage File Uncovered Lines
🟥🟥🟥🟥 0.0% /cmd/oc-client/main.go 8-10
🟥🟥🟥🟥 0.0% /cmd/oc-daemon-vpncscript/main.go 8-10
🟥🟥🟥🟥 0.0% /cmd/oc-daemon/main.go 8-10
🟩🟩🟩🟥 88.2% /internal/addrmon/addrmon.go 46-48, 67-69, 86-89, 102-104
🟩🟩🟩🟩 100.0% /internal/api/config.go
🟩🟩🟩🟩 97.1% /internal/api/message.go 122-124
🟩🟩🟩🟩 100.0% /internal/api/request.go
🟩🟩🟩🟥 85.4% /internal/api/server.go 36-37, 46-48, 91-92, 112-117, 135-138, 159-162, 191-193, 197-199, 222-224
🟩🟩🟩🟥 92.5% /internal/client/client.go 68-74, 120-122, 129-131, 135-138, 156-158, 232-234
🟩🟩🟩🟥 94.9% /internal/client/cmd.go 36-38, 39-41, 247-252
🟩🟩🟩🟩 100.0% /internal/cpd/config.go
🟩🟩🟩🟩 98.5% /internal/cpd/cpd.go 179-181
🟩🟩🟥🟥 73.1% /internal/daemon/cmd.go 114-141
🟩🟩🟩🟩 100.0% /internal/daemon/config.go
🟥🟥🟥🟥 2.1% /internal/daemon/daemon.go 76-485, 500-832
🟩🟩🟩🟥 92.9% /internal/daemon/vpnconfigupdate.go 44-46
🟩🟩🟩🟩 97.6% /internal/dbusapi/service.go 200-213, 416-416
🟩🟩🟩🟥 86.0% /internal/devmon/devmon.go 36-36, 85-95, 112-114, 145-147
🟩🟩🟩🟩 100.0% /internal/dnsmon/config.go
🟩🟩🟩🟥 86.8% /internal/dnsmon/dnsmon.go 47-49, 59-62, 88-90, 94-96
🟩🟩🟩🟩 100.0% /internal/dnsproxy/config.go
🟩🟩🟩🟥 91.3% /internal/dnsproxy/proxy.go 27-27, 35-35, 70-73, 85-88, 100-103, 113-116
🟩🟩🟩🟩 100.0% /internal/dnsproxy/remotes.go
🟩🟩🟩🟩 100.0% /internal/dnsproxy/report.go
🟩🟩🟩🟥 94.8% /internal/dnsproxy/watches.go 109-114, 118-120
🟩🟩🟩🟩 100.0% /internal/execs/config.go
🟩🟩🟩🟩 100.0% /internal/execs/execs.go
🟩🟩🟩🟩 100.0% /internal/ocrunner/config.go
🟩🟩🟩🟩 100.0% /internal/ocrunner/connect.go
🟩🟩🟩🟥 87.8% /internal/profilemon/profilemon.go 30-30, 57-59, 66-70, 97-99, 103-105
🟩🟩🟩🟩 100.0% /internal/sleepmon/sleepmon.go 30-30
🟩🟩🟩🟩 100.0% /internal/splitrt/addresses.go
🟩🟩🟩🟩 100.0% /internal/splitrt/config.go
🟩🟩🟩🟩 100.0% /internal/splitrt/devices.go
🟩🟩🟩🟩 96.3% /internal/splitrt/excludes.go 188-190, 193-195
🟩🟩🟩🟩 100.0% /internal/splitrt/filter.go
🟩🟩🟩🟩 100.0% /internal/splitrt/route.go
🟩🟩🟩🟩 95.2% /internal/splitrt/splitrt.go 254-257, 260-264
🟩🟩🟩🟩 100.0% /internal/trafpol/allowdevs.go
🟩🟩🟩🟩 100.0% /internal/trafpol/config.go
🟩🟩🟩🟩 100.0% /internal/trafpol/filter.go
🟩🟩🟩🟩 98.9% /internal/trafpol/resolver.go 26-28, 98-98
🟩🟩🟩🟥 92.0% /internal/trafpol/trafpol.go 236-238, 243-245, 253-259
🟩🟩🟩🟥 83.3% /internal/vpncscript/client.go 25-27, 29-31, 33-35, 39-41
🟩🟩🟩🟥 86.2% /internal/vpncscript/cmd.go 74-79
🟩🟩🟩🟥 85.7% /internal/vpncscript/config.go 33-35, 52-54, 72-74, 89-91, 111-113, 120-122, 127-129, 143-145, 152-154, 159-161, 190-192, 195-197, 200-202, 205-207, 210-212
🟩🟩🟩🟩 100.0% /internal/vpncscript/env.go
🟩🟩🟩🟩 97.5% /internal/vpnsetup/vpnsetup.go 115-117, 119-121, 126-128, 391-391, 459-459
🟩🟩🟩🟥 94.4% /pkg/client/client.go 125-127, 180-183, 191-201, 297-304, 360-360, 505-517, 532-536
🟩🟩🟩🟩 100.0% /pkg/client/config.go
🟩🟩🟩🟩 100.0% /pkg/logininfo/logininfo.go
🟩🟩🟩🟩 100.0% /pkg/vpnconfig/config.go
🟩🟩🟩🟩 100.0% /pkg/vpnstatus/status.go
🟩🟩🟩🟩 100.0% /pkg/xmlprofile/profile.go
🟥🟥🟥🟥 0.0% /tools/dbusclient/main.go 14-162
🟥🟥🟥🟥 0.0% /tools/devmon/main.go 11-19
🟥🟥🟥🟥 0.0% /tools/dnsproxy/main.go 22-85

@hwipl hwipl requested review from jandd and malaupa July 23, 2024 09:46
@hwipl hwipl merged commit 76d91fa into main Jul 24, 2024
2 checks passed
@hwipl hwipl deleted the feature/add-server-ip-to-allowed-addrs branch July 24, 2024 08:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jandd jandd jandd approved these changes

@malaupa malaupa Awaiting requested review from malaupa

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hwipl @jandd