@@ -392,6 +392,113 @@ check wait_for "Select an option:" 5
392392it " key permission restored to 600 after fix"
393393check assert_file_perms " $OVPN_PKI /private/$TEST_CLIENT2 .key" " 600"
394394
395+ # ── Suite 8: Firewall Check and Configure ────────────────────────────────────
396+ # UCI changes are committed before the restart prompts — we answer 'n' to both
397+ # network and firewall restarts to avoid dropping the SSH management session.
398+ # Assertions are against UCI state, which is persisted before any restart.
399+
400+ printf " \n--- [%s] Suite 8: Firewall Check and Configure ---\n" " $( ts) "
401+
402+ it " option 10 runs firewall check"
403+ select_option " 10"
404+ expect_send " Press Enter" " "
405+ check wait_for " Select an option:"
406+
407+ it " option 11 configures VPN firewall (no restart)"
408+ select_option " 11"
409+ expect_send " Continue with firewall configuration" " yes"
410+ expect_send " Restart network service" " n"
411+ expect_send " Restart firewall" " n"
412+ expect_send " Press Enter" " "
413+ check wait_for " Select an option:"
414+
415+ it " firewall.ovpn rule created in UCI"
416+ if uci get firewall.ovpn.name 2> /dev/null | grep -q " Allow-OpenVPN" ; then
417+ pass
418+ else
419+ fail " firewall.ovpn rule not found in UCI"
420+ fi
421+
422+ it " firewall.ovpn targets WAN port 1194"
423+ if uci get firewall.ovpn.dest_port 2> /dev/null | grep -q " 1194" ; then
424+ pass
425+ else
426+ fail " firewall.ovpn dest_port is not 1194"
427+ fi
428+
429+ it " tun+ interface added to LAN zone"
430+ if uci get firewall.lan.device 2> /dev/null | grep -q " tun+" ; then
431+ pass
432+ else
433+ fail " tun+ not found in firewall LAN zone"
434+ fi
435+
436+ it " VPN network interface created in UCI"
437+ if uci get network.vpn.device 2> /dev/null | grep -q " tun+" ; then
438+ pass
439+ else
440+ fail " network.vpn UCI interface not created"
441+ fi
442+
443+ # ── Suite 9: Server Start and Stop ───────────────────────────────────────────
444+ # Starting OpenVPN only creates tun0 — it does not touch br-lan or the SSH
445+ # management interface, so the session is safe throughout.
446+
447+ printf " \n--- [%s] Suite 9: Server Start and Stop ---\n" " $( ts) "
448+
449+ it " option s → 1 starts OpenVPN server"
450+ select_option " s"
451+ expect_send " Select action" " 1"
452+ # start runs /etc/init.d/openvpn start + sleep 2 — wait for status line then gate
453+ wait_for " Server started\|already running"
454+ check wait_for " Press Enter"
455+ send " "
456+ check wait_for " Select an option:"
457+
458+ it " OpenVPN process is running"
459+ if pgrep -f " [/]openvpn .*server" > /dev/null 2>&1 ; then
460+ pass
461+ else
462+ fail " openvpn process not found after start"
463+ fi
464+
465+ it " tun0 interface exists"
466+ if ip link show tun0 > /dev/null 2>&1 ; then
467+ pass
468+ else
469+ fail " tun0 interface not found after start"
470+ fi
471+
472+ it " option s → 2 stops OpenVPN server"
473+ select_option " s"
474+ expect_send " Select action" " 2"
475+ expect_send " Stop OpenVPN server" " yes"
476+ # stop runs /etc/init.d/openvpn stop + sleep 2 — wait for status line then gate
477+ wait_for " Server stopped\|stopped successfully\|already stopped"
478+ check wait_for " Press Enter"
479+ send " "
480+ check wait_for " Select an option:"
481+
482+ it " OpenVPN process is stopped"
483+ if pgrep -f " [/]openvpn .*server" > /dev/null 2>&1 ; then
484+ fail " openvpn process still running after stop"
485+ else
486+ pass
487+ fi
488+
489+ it " tun0 interface removed after stop"
490+ if ip link show tun0 > /dev/null 2>&1 ; then
491+ fail " tun0 still exists after stop"
492+ else
493+ pass
494+ fi
495+
496+ it " option s → 4 shows detailed status as STOPPED"
497+ select_option " s"
498+ expect_send " Select action" " 4"
499+ expect_send " Press Enter" " "
500+ check wait_for " Select an option:"
501+
395502# ── Done ──────────────────────────────────────────────────────────────────────
396503
397504quit_script
0 commit comments