diff options
| author | Markus Pettersson <markus.pettersson@mullvad.net> | 2025-07-12 15:08:02 +0200 |
|---|---|---|
| committer | Markus Pettersson <markus.pettersson@mullvad.net> | 2025-08-11 09:01:46 +0200 |
| commit | 8055589d4876765ec5a61146833a8879928152ff (patch) | |
| tree | a575730349fe5ec4634ae34a163d509967bd8c6e | |
| parent | d43339864b58a84beb63a8c650f8c8b96af0d7a5 (diff) | |
| download | mullvadvpn-8055589d4876765ec5a61146833a8879928152ff.tar.xz mullvadvpn-8055589d4876765ec5a61146833a8879928152ff.zip | |
Add e2e test `test_wireguard_over_quic` for QUIC obfuscation method
| -rw-r--r-- | mullvad-relay-selector/src/relay_selector/query.rs | 2 | ||||
| -rw-r--r-- | test/test-manager/src/tests/tunnel.rs | 34 |
2 files changed, 33 insertions, 3 deletions
diff --git a/mullvad-relay-selector/src/relay_selector/query.rs b/mullvad-relay-selector/src/relay_selector/query.rs index 0382b73803..af4b18e045 100644 --- a/mullvad-relay-selector/src/relay_selector/query.rs +++ b/mullvad-relay-selector/src/relay_selector/query.rs @@ -804,7 +804,7 @@ pub mod builder { } } - /// Enable QUIC obufscation. + /// Enable QUIC obfuscation. pub fn quic( mut self, ) -> RelayQueryBuilder<Wireguard<Multihop, Quic, Daita, QuantumResistant>> { diff --git a/test/test-manager/src/tests/tunnel.rs b/test/test-manager/src/tests/tunnel.rs index ecae2604c3..4f5d1d7cbb 100644 --- a/test/test-manager/src/tests/tunnel.rs +++ b/test/test-manager/src/tests/tunnel.rs @@ -5,10 +5,10 @@ use super::{ }; use crate::{ network_monitor::{MonitorOptions, start_packet_monitor}, - tests::helpers::{login_with_retries, update_relay_constraints}, + tests::helpers::{geoip_lookup_with_retries, login_with_retries, update_relay_constraints}, }; -use anyhow::Context; +use anyhow::{Context, ensure}; use mullvad_management_interface::MullvadProxyClient; use mullvad_relay_selector::query::builder::RelayQueryBuilder; use mullvad_types::{ @@ -199,6 +199,36 @@ pub async fn test_wireguard_over_shadowsocks( Ok(()) } +/// Use QUIC obfuscation. This tests whether the daemon can establish a QUIC connection. +/// Note that this doesn't verify that the outgoing traffic looks like http traffic (even though it +/// doesn't sound too difficult to do?). +#[test_function] +pub async fn test_wireguard_over_quic( + _: TestContext, + rpc: ServiceClient, + mut mullvad_client: MullvadProxyClient, +) -> anyhow::Result<()> { + log::info!("Enable QUIC as obfuscation method"); + let query = RelayQueryBuilder::wireguard().quic().build(); + apply_settings_from_relay_query(&mut mullvad_client, query).await?; + + log::info!("Connect to WireGuard via QUIC endpoint"); + connect_and_wait(&mut mullvad_client).await?; + + // Verify that the device has a Mullvad exit IP + let conncheck = geoip_lookup_with_retries(&rpc).await; + let mullvad_exit_ip = conncheck + .as_ref() + .is_ok_and(|am_i_mullvad| am_i_mullvad.mullvad_exit_ip); + ensure!( + mullvad_exit_ip, + "Device is either blocked ❌ or leaking 💦 - {:?}", + conncheck, + ); + + Ok(()) +} + /// Test whether bridge mode works. This fails if: /// * No outgoing traffic to the bridge/entry relay is observed from the SUT. /// * The conncheck reports an unexpected exit relay. |