[26-06-22 06:08:15] START access_openvpn scenario: cases/access_openvpn.sh header : add/remove OpenVPN and validate cipher negotiation topology: sw1(center) 192.41.0.1 | OpenVPN AES tcp/1194 | OpenVPN SM4 tcp/1194 | vpn1 vpn2 topology: # Topology: topology: # - Diagram: topology: # sw1(center) 192.41.0.1 topology: # ^ ^ topology: # | OpenVPN AES tcp/1194 | OpenVPN SM4 tcp/1194 topology: # vpn1 vpn2 topology: # 10.99.0.0/24 and 10.98.0.0/24 cipher paths topology: # - Docker mgmt network: 100.100.0.0/24 topology: # sw1=100.100.0.241, vpn containers join the same mgmt network. topology: # - OpenLAN service network "example": 192.41.0.0/24 topology: # sw1 gateway=192.41.0.1. topology: # - OpenVPN overlay: topology: # tcp/1194 with subnet 10.99.0.0/24 for default cipher checks, topology: # tcp/1194 with subnet 10.98.0.0/24 for SM4 cipher checks. topology: # Validation: topology: # (see scenario assertions in this case) Started switch pause container: tests-sw-openvpn-pause Started switch frr container: tests-sw-openvpn-frr Started switch ipsec container: tests-sw-openvpn-ipsec Started switch container: tests-sw-openvpn [26-06-22 06:08:16][ASSERT#0001][expect] at cases/access_openvpn.sh:65 fn=setup_sw1 retry=30 cmd="docker logs -f tests-sw-openvpn" expect="Http.Start" 2026/06/22 06:08:16 INFO|root|UdpServer.Listen: udp://0.0.0.0:10002 2026/06/22 06:08:16 INFO|root|Wait: ... 2026/06/22 06:08:16 INFO|root|TcpServer.Listen: tcp://0.0.0.0:10002 2026/06/22 06:08:16 INFO|root|Http.Start 0.0.0.0:10000 [26-06-22 06:08:17][ASSERT#0001][OK] cost=1.026s [26-06-22 06:08:17][ASSERT#0002][cmd] at cases/access_openvpn.sh:67 fn=setup_sw1 cmd="docker exec tests-sw-openvpn openlan network --name example add --address 192.41.0.1/24" [26-06-22 06:08:17][ASSERT#0002][OK] cost=0.257s [26-06-22 06:08:17][ASSERT#0003][cmd] at cases/access_openvpn.sh:68 fn=setup_sw1 cmd="docker exec tests-sw-openvpn openlan user add --name t1@example --password 123456" # total 1 username password role lease t1@example 123456 guest 2027-06-22T06 [26-06-22 06:08:17][ASSERT#0003][OK] cost=0.060s [26-06-22 06:08:17][ASSERT#0004][cmd] at cases/access_openvpn.sh:75 fn=setup_openvpn cmd="docker exec tests-sw-openvpn openlan network --name example openvpn add --listen :1194 --protocol tcp --subnet 10.99.0.0/24 --dns 8.8.8.8 --cipher AES-128-GCM:AES-256-GCM" [26-06-22 06:08:17][ASSERT#0004][OK] cost=0.133s [26-06-22 06:08:17][ASSERT#0005][cmd] at cases/access_openvpn.sh:77 fn=setup_openvpn cmd="docker exec tests-sw-openvpn test -f /var/openlan/openvpn/example/tcp1194server.conf" [26-06-22 06:08:17][ASSERT#0005][OK] cost=0.051s [26-06-22 06:08:17][ASSERT#0006][cmd] at cases/access_openvpn.sh:78 fn=setup_openvpn cmd="docker exec tests-sw-openvpn test -f /var/openlan/openvpn/example/tcp1194client.ovpn" [26-06-22 06:08:17][ASSERT#0006][OK] cost=0.057s [26-06-22 06:08:17][ASSERT#0007][cmd] at cases/access_openvpn.sh:80 fn=setup_openvpn cmd="docker exec tests-sw-openvpn openlan network --name example client add --user vpn1 --address 10.99.0.10" [26-06-22 06:08:17][ASSERT#0007][OK] cost=0.068s [26-06-22 06:08:17][ASSERT#0008][cmd] at cases/access_openvpn.sh:81 fn=setup_openvpn cmd="docker exec tests-sw-openvpn test -f /var/openlan/openvpn/example/ccd/vpn1@example" [26-06-22 06:08:17][ASSERT#0008][OK] cost=0.055s [26-06-22 06:08:17][ASSERT#0009][cmd] at cases/access_openvpn.sh:83 fn=setup_openvpn cmd="docker exec tests-sw-openvpn openlan network --name example client remove --user vpn1" [26-06-22 06:08:18][ASSERT#0009][OK] cost=0.073s [26-06-22 06:08:18][ASSERT#0010][cmd] at cases/access_openvpn.sh:84 fn=setup_openvpn cmd="docker exec tests-sw-openvpn test ! -f /var/openlan/openvpn/example/ccd/vpn1@example" [26-06-22 06:08:18][ASSERT#0010][OK] cost=0.066s Started OpenVPN client container: tests-sw-openvpn.vpn1 [26-06-22 06:08:18][ASSERT#0011][expect] at cases/access_openvpn.sh:94 fn=setup_openvpn retry=40 cmd="docker logs -f tests-sw-openvpn.vpn1" expect="Initialization Sequence Completed" 2026-06-22 06:08:18 net_addr_v4_add: 10.99.0.2/24 dev tun0 2026-06-22 06:08:18 net_route_v4_add: 10.99.0.0/24 via 10.99.0.1 dev [NULL] table 0 metric 300 2026-06-22 06:08:18 net_route_v4_add: 192.41.0.0/24 via 10.99.0.1 dev [NULL] table 0 metric 300 2026-06-22 06:08:18 Initialization Sequence Completed [26-06-22 06:08:19][ASSERT#0011][OK] cost=1.030s [26-06-22 06:08:19][ASSERT#0012][expect] at cases/access_openvpn.sh:95 fn=setup_openvpn retry=40 cmd="docker logs -f tests-sw-openvpn.vpn1" expect="Data Channel:" 2026-06-22 06:08:18 OPTIONS IMPORT: peer-id set 2026-06-22 06:08:18 OPTIONS IMPORT: adjusting link_mtu to 1626 2026-06-22 06:08:18 OPTIONS IMPORT: data channel crypto options modified 2026-06-22 06:08:18 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key 2026-06-22 06:08:18 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key 2026-06-22 06:08:18 net_route_v4_best_gw query: dst 0.0.0.0 2026-06-22 06:08:18 net_route_v4_best_gw result: via 100.100.0.1 dev eth0 2026-06-22 06:08:18 ROUTE_GATEWAY 100.100.0.1/255.255.255.0 IFACE=eth0 HWADDR=12:5f:e6:78:f6:22 [26-06-22 06:08:20][ASSERT#0012][OK] cost=1.028s 2026-06-22 06:08:18 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key 2026-06-22 06:08:18 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key [26-06-22 06:08:20][ASSERT#0013][match] at cases/access_openvpn.sh:98 fn=setup_openvpn retry=5 cmd="docker exec tests-sw-openvpn.vpn1 ping -c 3 192.41.0.1" expect="bytes from" PING 192.41.0.1 (192.41.0.1) 56(84) bytes of data. 64 bytes from 192.41.0.1: icmp_seq=1 ttl=64 time=0.311 ms 64 bytes from 192.41.0.1: icmp_seq=2 ttl=64 time=0.768 ms 64 bytes from 192.41.0.1: icmp_seq=3 ttl=64 time=0.707 ms --- 192.41.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2072ms [26-06-22 06:08:22][ASSERT#0013][OK] cost=2.172s [26-06-22 06:08:22][ASSERT#0014][cmd] at cases/access_openvpn.sh:100 fn=setup_openvpn cmd="docker exec tests-sw-openvpn openlan network --name example openvpn remove" [26-06-22 06:08:22][ASSERT#0014][OK] cost=0.175s [26-06-22 06:08:22][ASSERT#0015][cmd_fail] at cases/access_openvpn.sh:101 fn=setup_openvpn cmd="docker exec tests-sw-openvpn openlan network --name example client add --user vpn1 --address 10.99.0.10" 2026/06/22 06:08:22 400 Bad Request VPN was disabled [26-06-22 06:08:22][ASSERT#0015][OK] cost=0.063s [26-06-22 06:08:22][ASSERT#0016][cmd_fail] at cases/access_openvpn.sh:104 fn=setup_openvpn cmd="docker exec tests-sw-openvpn openlan network --name example openvpn add --listen :1194 --protocol tcp --subnet 10.99.0.0/24 --cipher BAD-CIPHER" 2026/06/22 06:08:22 400 Bad Request unsupported openvpn cipher: BAD-CIPHER [26-06-22 06:08:22][ASSERT#0016][OK] cost=0.068s [26-06-22 06:08:22][ASSERT#0017][cmd] at cases/access_openvpn.sh:109 fn=setup_openvpn_sm4 cmd="docker exec tests-sw-openvpn openlan network --name example openvpn add --listen :1194 --protocol tcp --subnet 10.98.0.0/24 --cipher SM4-CBC" [26-06-22 06:08:23][ASSERT#0017][OK] cost=0.109s Started OpenVPN client container: tests-sw-openvpn.vpn2 [26-06-22 06:08:23][ASSERT#0018][expect] at cases/access_openvpn.sh:117 fn=setup_openvpn_sm4 retry=40 cmd="docker logs -f tests-sw-openvpn.vpn2" expect="Initialization Sequence Completed" 2026-06-22 06:08:23 net_addr_v4_add: 10.98.0.2/24 dev tun0 2026-06-22 06:08:23 net_route_v4_add: 10.98.0.0/24 via 10.98.0.1 dev [NULL] table 0 metric 300 2026-06-22 06:08:23 net_route_v4_add: 192.41.0.0/24 via 10.98.0.1 dev [NULL] table 0 metric 300 2026-06-22 06:08:23 Initialization Sequence Completed [26-06-22 06:08:24][ASSERT#0018][OK] cost=1.034s [26-06-22 06:08:24][ASSERT#0019][expect] at cases/access_openvpn.sh:118 fn=setup_openvpn_sm4 retry=40 cmd="docker logs -f tests-sw-openvpn.vpn2" expect="Data Channel:" 2026-06-22 06:08:23 OPTIONS IMPORT: peer-id set 2026-06-22 06:08:23 OPTIONS IMPORT: adjusting link_mtu to 1626 2026-06-22 06:08:23 OPTIONS IMPORT: data channel crypto options modified 2026-06-22 06:08:23 Data Channel: using negotiated cipher 'SM4-CBC' 2026-06-22 06:08:23 Outgoing Data Channel: Cipher 'SM4-CBC' initialized with 128 bit key 2026-06-22 06:08:23 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication 2026-06-22 06:08:23 Incoming Data Channel: Cipher 'SM4-CBC' initialized with 128 bit key 2026-06-22 06:08:23 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication 2026-06-22 06:08:23 net_route_v4_best_gw query: dst 0.0.0.0 2026-06-22 06:08:23 net_route_v4_best_gw result: via 100.100.0.1 dev eth0 2026-06-22 06:08:23 ROUTE_GATEWAY 100.100.0.1/255.255.255.0 IFACE=eth0 HWADDR=9e:70:97:b6:64:a3 [26-06-22 06:08:25][ASSERT#0019][OK] cost=1.031s [26-06-22 06:08:25][ASSERT#0020][fuzzy] at cases/access_openvpn.sh:119 fn=setup_openvpn_sm4 retry=15 cmd="docker logs tests-sw-openvpn.vpn2" pattern="Data Channel:.*SM4-CBC" 2026-06-22 06:08:23 OPTIONS IMPORT: peer-id set 2026-06-22 06:08:23 OPTIONS IMPORT: adjusting link_mtu to 1626 2026-06-22 06:08:23 OPTIONS IMPORT: data channel crypto options modified 2026-06-22 06:08:23 Data Channel: using negotiated cipher 'SM4-CBC' 2026-06-22 06:08:23 Outgoing Data Channel: Cipher 'SM4-CBC' initialized with 128 bit key 2026-06-22 06:08:23 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication 2026-06-22 06:08:23 Incoming Data Channel: Cipher 'SM4-CBC' initialized with 128 bit key 2026-06-22 06:08:23 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication 2026-06-22 06:08:23 net_route_v4_best_gw query: dst 0.0.0.0 2026-06-22 06:08:23 net_route_v4_best_gw result: via 100.100.0.1 dev eth0 [26-06-22 06:08:25][ASSERT#0020][OK] cost=0.028s [26-06-22 06:08:25][ASSERT#0021][fuzzy] at cases/access_openvpn.sh:120 fn=setup_openvpn_sm4 retry=15 cmd="docker logs tests-sw-openvpn.vpn2" pattern="Outgoing Data Channel:.*SM4-CBC.*initialized" 2026-06-22 06:08:23 OPTIONS IMPORT: adjusting link_mtu to 1626 2026-06-22 06:08:23 OPTIONS IMPORT: data channel crypto options modified 2026-06-22 06:08:23 Data Channel: using negotiated cipher 'SM4-CBC' 2026-06-22 06:08:23 Outgoing Data Channel: Cipher 'SM4-CBC' initialized with 128 bit key 2026-06-22 06:08:23 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication 2026-06-22 06:08:23 Incoming Data Channel: Cipher 'SM4-CBC' initialized with 128 bit key 2026-06-22 06:08:23 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication [26-06-22 06:08:25][ASSERT#0021][OK] cost=0.027s [26-06-22 06:08:25][ASSERT#0022][fuzzy] at cases/access_openvpn.sh:121 fn=setup_openvpn_sm4 retry=15 cmd="docker logs tests-sw-openvpn.vpn2" pattern="Incoming Data Channel:.*SM4-CBC.*initialized" 2026-06-22 06:08:23 Data Channel: using negotiated cipher 'SM4-CBC' 2026-06-22 06:08:23 Outgoing Data Channel: Cipher 'SM4-CBC' initialized with 128 bit key 2026-06-22 06:08:23 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication 2026-06-22 06:08:23 Incoming Data Channel: Cipher 'SM4-CBC' initialized with 128 bit key 2026-06-22 06:08:23 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication 2026-06-22 06:08:23 net_route_v4_best_gw query: dst 0.0.0.0 2026-06-22 06:08:23 net_route_v4_best_gw result: via 100.100.0.1 dev eth0 [26-06-22 06:08:25][ASSERT#0022][OK] cost=0.026s [26-06-22 06:08:25][ASSERT#0023][cmd] at cases/access_openvpn.sh:123 fn=setup_openvpn_sm4 cmd="docker exec tests-sw-openvpn openlan network --name example openvpn remove" [26-06-22 06:08:25][ASSERT#0023][OK] cost=0.151s SM4 cipher negotiation check passed. [26-06-22 06:08:26] END access_openvpn status=PASS cost=10.982s