From c9ada1eac45150f3a5d5c593b08b753938ee40f3 Mon Sep 17 00:00:00 2001
From: Luke <luke@ip-10-0-1-157.eu-west-1.compute.internal>
Date: Wed, 25 Jan 2017 14:06:19 +0000
Subject: [PATCH] reneg-sec needs to be set to 0 when using otp because
 otherwise the connection will be ask for a otp every hour. Tests added to
 make sure it's there when otp is enabled

---
 test/tests/otp/run.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/test/tests/otp/run.sh b/test/tests/otp/run.sh
index 4cb53ca..bea67a8 100755
--- a/test/tests/otp/run.sh
+++ b/test/tests/otp/run.sh
@@ -17,6 +17,9 @@ SERV_IP=$(ip -4 -o addr show scope global  | awk '{print $4}' | sed -e 's:/.*::'
 # Configure server with two factor authentication
 docker run -v $OVPN_DATA:/etc/openvpn --rm $IMG ovpn_genconfig -u udp://$SERV_IP -2
 
+# Ensure reneg-sec 0 in server config when two factor is enabled
+docker run -v $OVPN_DATA:/etc/openvpn --rm $IMG cat /etc/openvpn/openvpn.conf | grep 'reneg-sec 0' || abort 'reneg-sec not set to 0 in server config'
+
 # nopass is insecure
 docker run -v $OVPN_DATA:/etc/openvpn --rm -it -e "EASYRSA_BATCH=1" -e "EASYRSA_REQ_CN=Travis-CI Test CA" $IMG ovpn_initpki nopass
 
@@ -40,6 +43,9 @@ echo -e "$OTP_USER\n$OTP_TOKEN" > $CLIENT_DIR/credentials.txt
 # Override the auth-user-pass directive to use a credentials file
 docker run -v $OVPN_DATA:/etc/openvpn --rm $IMG ovpn_getclient $CLIENT | sed 's/auth-user-pass/auth-user-pass \/client\/credentials.txt/' | tee $CLIENT_DIR/config.ovpn
 
+# Ensure reneg-sec 0 in client config when two factor is enabled
+grep 'reneg-sec 0' $CLIENT_DIR/config.ovpn || abort 'reneg-sec not set to 0 in client config'
+
 #
 # Fire up the server
 #