Refactor Unbound setup and add E2E tests (#1340)

Refactor Unbound DNS installation to use modern `conf.d` pattern and add E2E testing. **Changes:** - Unified Unbound config across all distros using `/etc/unbound/unbound.conf.d/openvpn.conf` - Added startup validation with retry logic - Added `ip-freebind` to allow binding before tun interface exists - E2E tests now verify Unbound DNS resolution from VPN clients **Testing:** - Server: verifies config creation, interface binding, security options - Client: verifies DNS resolution through Unbound (10.8.0.1) --- Closes https://github.com/angristan/openvpn-install/issues/602 Closes https://github.com/angristan/openvpn-install/pull/604 Closes https://github.com/angristan/openvpn-install/issues/1189 Co-authored-by: Henry N <henrynmail-github@yahoo.de>
2025-12-16 00:47:02 +01:00 · 2025-12-11 13:14:56 +01:00
parent 1aae852c60
commit 2374e4e81c
5 changed files with 180 additions and 112 deletions
--- a/test/client-entrypoint.sh
+++ b/test/client-entrypoint.sh
@@ -81,6 +81,28 @@ else
 	exit 1
 fi

+# Test 3: DNS resolution through Unbound
+echo "Test 3: Testing DNS resolution via Unbound (10.8.0.1)..."
+DNS_SUCCESS=false
+for i in 1 2 3 4 5; do
+	DIG_OUTPUT=$(dig @10.8.0.1 example.com +short +time=5 2>&1)
+	if [ -n "$DIG_OUTPUT" ] && ! echo "$DIG_OUTPUT" | grep -qi "timed out\|SERVFAIL\|connection refused"; then
+		DNS_SUCCESS=true
+		break
+	fi
+	echo "DNS attempt $i failed:"
+	echo "$DIG_OUTPUT"
+	sleep 2
+done
+if [ "$DNS_SUCCESS" = true ]; then
+	echo "PASS: DNS resolution through Unbound works"
+	echo "Resolved example.com to: $(dig @10.8.0.1 example.com +short +time=5)"
+else
+	echo "FAIL: DNS resolution through Unbound failed after 5 attempts"
+	dig @10.8.0.1 example.com +time=5 || true
+	exit 1
+fi
+
 echo ""
 echo "=========================================="
 echo "  ALL TESTS PASSED!"