DocHub
DocHub/WhatsApp CRM/Gateway/VPN E2E Test Suite
7-phase automated test suite validating per-slice VPN provisioning (64 tests)

Per-Slice VPN Provisioning — E2E Test Suite

Overview

Automated test suite that validates the entire VPN provisioning chain on the production server (slices, 192.99.145.61). Created after two production failures (missing sudo, UFW blocking microsocks) destroyed real users’ WhatsApp sessions.

How to Run

# Full suite (all 7 phases, ~6 minutes)
ssh ovh "bash /home/ubuntu/vpn/test-vpn-e2e.sh all"

# Individual phase
ssh ovh "bash /home/ubuntu/vpn/test-vpn-e2e.sh 1"  # Infrastructure pre-flight
ssh ovh "bash /home/ubuntu/vpn/test-vpn-e2e.sh 4"  # Full gateway provisioning

7 Phases (64 tests)

Phase Tests What It Validates
1. Infrastructure 10 sudo, WireGuard, microsocks, UFW, Docker, PostgreSQL
2. Single Tunnel 11 WireGuard interface, SOCKS proxy, Docker bridge/dual-network
3. Concurrent (5) 8 Config deduplication, routing isolation, no leaks
4. Gateway Provisioning 10 POST /api/connect → VPN → Docker → Chrome → QR state
5. Multi-User (3) 12 Independent tunnels, exit IPs, teardown isolation
6. Edge Cases 6 Idempotent teardown, invalid country, orphan cleanup
7. Gateway Integration 4 TypeScript compiles, systemd active, HTTP, admin API

Key Files

File Purpose
gateway/scripts/test-vpn-e2e.sh Test script (local copy)
Server: /home/ubuntu/vpn/test-vpn-e2e.sh Deployed test script
gateway/scripts/vpn-up.sh Per-slice VPN tunnel setup
gateway/scripts/vpn-down.sh Per-slice VPN teardown

Known Issues Found

  1. Concurrent provisioning race: getNextPort() TOCTOU — needs mutex
  2. WireGuard handshake timing: 2s sleep insufficient, gateway 30s timeout handles it
  3. VPN provider capacity: 5+ concurrent tunnels through same endpoint can fail