Hi, I've been amusing myself over the weekend with breaking OpenVPN servers by hitting them hard with a constant flurry of incoming client connections and disconnects, connection time randomly between 0.1s and 15s, about 1/4 with --explicit-exit-notify, 1/4 with bad password, and 50% with "good password and just disappearing".
The setup needs --username-as-common-name on the server side (since all "clients" share the same cert), and a --auth-user-pass-verify script to do the "good/bad" password. Other than that, any server setup (udp, tcp, tls-auth/crypt/...) could be excercised. To get started, edit "gremlin.conf" to point to the server of your choice (needs to be a valid openvpn client config, and *should* contain route-noexec, because all clients would install the same routes otherwise). Then call "doas ./run-one.sh" to see if things work - if yes, call "doas ./run-all.sh" to make it run ~30-50 run-one's in parallel, until ctrl-c is pressed (or something crashes). This might eventually end up being more polished in the "openvpn-testing" repo, but for now I'm sharing so people can help break 2.6_beta2 with it :-) *NOTE* - to have meaningful results, run the server with verb 3..6 - so that *if* it crashes, there is something in the log to tell us why. *WARNING* - do not run this against a production setup. It will, at least, flood your logs with crap, and might cause a crash. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
--client --ca $myca --cert $mycert --key $mykey --remote-cert-tls server --nobind --verb 3 --dev tun remote-random remote mytestserver 41212 tcp4 remote mytestserver 41212 tcp6 route-noexec
run-one.sh
Description: Bourne shell script
run-all.sh
Description: Bourne shell script
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel