From 1b1c1ecc8f15bd66b90c91bda93c6aa65d39761d Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Fri, 6 Aug 2021 01:50:09 -0500
Subject: [PATCH] Update tests

---
 .github/workflows/cron.yml | 247 +++++++++++++++++++++++++++++++++++--
 .github/workflows/main.yml | 247 +++++++++++++++++++++++++++++++++++--
 2 files changed, 470 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/cron.yml b/.github/workflows/cron.yml
index 44ad71c..01b752b 100644
--- a/.github/workflows/cron.yml
+++ b/.github/workflows/cron.yml
@@ -195,17 +195,19 @@ jobs:
           y
           ANSWERS
 
+          grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
           ls -ld /etc/ipsec.d/vpnclient.mobileconfig
           ls -ld /etc/ipsec.d/vpnclient.sswan
           ls -ld /etc/ipsec.d/vpnclient.p12
 
           restart_ipsec
           grep pluto "$log1" | tail -n 20
-          ipsec status
           ipsec status | grep -q ikev2-cp
 
           bash ikev2.sh <<ANSWERS
           1
+          invalidclient:
+          vpnclient
           vpnclient2
 
           ANSWERS
@@ -217,6 +219,7 @@ jobs:
           rm -f /etc/ipsec.d/vpnclient2*
           bash ikev2.sh <<ANSWERS
           2
+          nonexistclient
           vpnclient2
           ANSWERS
 
@@ -230,14 +233,33 @@ jobs:
 
           bash ikev2.sh <<ANSWERS
           4
+          nonexistclient
           vpnclient2
           y
           ANSWERS
 
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          4
+          vpnclient2
+
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          2
+          vpnclient2
+
+          ANSWERS
+
           bash ikev2.sh <<ANSWERS
+          100
           6
           ANSWERS
 
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          5
+
+          ANSWERS
+
           bash ikev2.sh <<ANSWERS
           5
           y
@@ -252,6 +274,11 @@ jobs:
 
           rm -f /etc/ipsec.d/vpnclient*
 
+          VPN_DNS_SRV1=invaliddns \
+          bash ikev2.sh --auto 2>&1 | grep -i "invalid"
+
+          sed -i '/^include /d' /etc/ipsec.conf
+
           VPN_CLIENT_NAME=vpnclient1 \
           VPN_DNS_NAME=vpn.example.com \
           VPN_DNS_SRV1=1.1.1.1 \
@@ -267,16 +294,20 @@ jobs:
           grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.sswan
 
           restart_ipsec
-          grep pluto "$log1" | tail -n 20
-          ipsec status
           ipsec status | grep -q ikev2-cp
 
+          bash ikev2.sh --auto --addclient invalidclient: 2>&1 | grep -i "warning"
+          bash ikev2.sh --addclient invalidclient: 2>&1 | grep -i "invalid"
+          bash ikev2.sh --addclient vpnclient1 2>&1 | grep -i "already exists"
+
           bash ikev2.sh --addclient vpnclient2
 
           ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
           ls -ld /etc/ipsec.d/vpnclient2.sswan
           ls -ld /etc/ipsec.d/vpnclient2.p12
 
+          bash ikev2.sh --exportclient nonexistclient 2>&1 | grep -i "does not exist"
+
           rm -f /etc/ipsec.d/vpnclient2*
           bash ikev2.sh --exportclient vpnclient2
 
@@ -284,12 +315,93 @@ jobs:
           ls -ld /etc/ipsec.d/vpnclient2.sswan
           ls -ld /etc/ipsec.d/vpnclient2.p12
 
-          bash ikev2.sh --listclients
+          bash ikev2.sh --addclient vpnclient2 --exportclient vpnclient2 2>&1 | grep -i "invalid"
 
+          bash ikev2.sh --listclients | grep "vpnclient1"
+          bash ikev2.sh --listclients | grep "vpnclient2"
+
+          bash ikev2.sh --revokeclient nonexistclient 2>&1 | grep -i "does not exist"
           bash ikev2.sh --revokeclient vpnclient2 <<ANSWERS
           y
           ANSWERS
 
+          bash ikev2.sh --revokeclient vpnclient2 2>&1 | grep -i "already been revoked"
+          bash ikev2.sh --exportclient vpnclient2 2>&1 | grep -i "revoked"
+          bash ikev2.sh -h 2>&1 | grep -i "usage:"
+          bash ikev2.sh --invalidoption 2>&1 | grep -i "usage:"
+
+          bash ikev2.sh --removeikev2 --exportclient vpnclient1 2>&1 | grep -i "invalid"
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh <<ANSWERS
+          y
+          invalidfqdn
+          vpn.example.com
+
+
+          y
+          invaliddns
+          1.1.1.1
+          invaliddns
+          1.0.0.1
+          y
+          ANSWERS
+
+          grep -q 'leftid=@vpn.example.com' /etc/ipsec.d/ikev2.conf
+          grep -q 'modecfgdns="1.1.1.1 1.0.0.1"' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh <<ANSWERS
+
+          invalidip
+          1.2.3.4
+          invalidclient:
+          vpnclient1
+          1000
+          12
+          y
+          1.1.1.1
+
+          y
+          ANSWERS
+
+          grep -q 'leftid=1.2.3.4' /etc/ipsec.d/ikev2.conf
+          grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          VPN_DNS_SRV1=1.1.1.1 \
+          bash ikev2.sh --auto
+
+          grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh --auto
+
+          grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
           sed -i '/pluto/d' "$log1"
           pkill -HUP rsyslog
 
@@ -306,8 +418,7 @@ jobs:
           y
           ANSWERS
             restart_ipsec
-            grep pluto "$log1"
-            ipsec status
+            ipsec --version
             ipsec status | grep -q l2tp-psk
             ipsec status | grep -q xauth-psk
             ipsec status | grep -q ikev2-cp
@@ -492,17 +603,19 @@ jobs:
           y
           ANSWERS
 
+          grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
           ls -ld /etc/ipsec.d/vpnclient.mobileconfig
           ls -ld /etc/ipsec.d/vpnclient.sswan
           ls -ld /etc/ipsec.d/vpnclient.p12
 
           restart_ipsec
           grep pluto "$log1" | tail -n 20
-          ipsec status
           ipsec status | grep -q ikev2-cp
 
           bash ikev2.sh <<ANSWERS
           1
+          invalidclient:
+          vpnclient
           vpnclient2
 
           ANSWERS
@@ -514,6 +627,7 @@ jobs:
           rm -f /etc/ipsec.d/vpnclient2*
           bash ikev2.sh <<ANSWERS
           2
+          nonexistclient
           vpnclient2
           ANSWERS
 
@@ -527,14 +641,33 @@ jobs:
 
           bash ikev2.sh <<ANSWERS
           4
+          nonexistclient
           vpnclient2
           y
           ANSWERS
 
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          4
+          vpnclient2
+
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          2
+          vpnclient2
+
+          ANSWERS
+
           bash ikev2.sh <<ANSWERS
+          100
           6
           ANSWERS
 
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          5
+
+          ANSWERS
+
           bash ikev2.sh <<ANSWERS
           5
           y
@@ -549,6 +682,12 @@ jobs:
 
           rm -f /etc/ipsec.d/vpnclient*
 
+          VPN_DNS_SRV1=invaliddns \
+          bash ikev2.sh --auto 2>&1 | grep -i "invalid"
+
+          apt-get -yqq remove uuid-runtime
+          sed -i '/^include /d' /etc/ipsec.conf
+
           VPN_CLIENT_NAME=vpnclient1 \
           VPN_DNS_NAME=vpn.example.com \
           VPN_DNS_SRV1=1.1.1.1 \
@@ -564,16 +703,20 @@ jobs:
           grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.sswan
 
           restart_ipsec
-          grep pluto "$log1" | tail -n 20
-          ipsec status
           ipsec status | grep -q ikev2-cp
 
+          bash ikev2.sh --auto --addclient invalidclient: 2>&1 | grep -i "warning"
+          bash ikev2.sh --addclient invalidclient: 2>&1 | grep -i "invalid"
+          bash ikev2.sh --addclient vpnclient1 2>&1 | grep -i "already exists"
+
           bash ikev2.sh --addclient vpnclient2
 
           ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
           ls -ld /etc/ipsec.d/vpnclient2.sswan
           ls -ld /etc/ipsec.d/vpnclient2.p12
 
+          bash ikev2.sh --exportclient nonexistclient 2>&1 | grep -i "does not exist"
+
           rm -f /etc/ipsec.d/vpnclient2*
           bash ikev2.sh --exportclient vpnclient2
 
@@ -581,12 +724,93 @@ jobs:
           ls -ld /etc/ipsec.d/vpnclient2.sswan
           ls -ld /etc/ipsec.d/vpnclient2.p12
 
-          bash ikev2.sh --listclients
+          bash ikev2.sh --addclient vpnclient2 --exportclient vpnclient2 2>&1 | grep -i "invalid"
 
+          bash ikev2.sh --listclients | grep "vpnclient1"
+          bash ikev2.sh --listclients | grep "vpnclient2"
+
+          bash ikev2.sh --revokeclient nonexistclient 2>&1 | grep -i "does not exist"
           bash ikev2.sh --revokeclient vpnclient2 <<ANSWERS
           y
           ANSWERS
 
+          bash ikev2.sh --revokeclient vpnclient2 2>&1 | grep -i "already been revoked"
+          bash ikev2.sh --exportclient vpnclient2 2>&1 | grep -i "revoked"
+          bash ikev2.sh -h 2>&1 | grep -i "usage:"
+          bash ikev2.sh --invalidoption 2>&1 | grep -i "usage:"
+
+          bash ikev2.sh --removeikev2 --exportclient vpnclient1 2>&1 | grep -i "invalid"
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh <<ANSWERS
+          y
+          invalidfqdn
+          vpn.example.com
+
+
+          y
+          invaliddns
+          1.1.1.1
+          invaliddns
+          1.0.0.1
+          y
+          ANSWERS
+
+          grep -q 'leftid=@vpn.example.com' /etc/ipsec.d/ikev2.conf
+          grep -q 'modecfgdns="1.1.1.1 1.0.0.1"' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh <<ANSWERS
+
+          invalidip
+          1.2.3.4
+          invalidclient:
+          vpnclient1
+          1000
+          12
+          y
+          1.1.1.1
+
+          y
+          ANSWERS
+
+          grep -q 'leftid=1.2.3.4' /etc/ipsec.d/ikev2.conf
+          grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          VPN_DNS_SRV1=1.1.1.1 \
+          bash ikev2.sh --auto
+
+          grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh --auto
+
+          grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
           sed -i '/pluto/d' "$log1"
           pkill -HUP rsyslog
 
@@ -599,8 +823,7 @@ jobs:
           y
           ANSWERS
             restart_ipsec
-            grep pluto "$log1"
-            ipsec status
+            ipsec --version
             ipsec status | grep -q l2tp-psk
             ipsec status | grep -q xauth-psk
             ipsec status | grep -q ikev2-cp
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 2ac85b4..b097f94 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -224,17 +224,19 @@ jobs:
           y
           ANSWERS
 
+          grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
           ls -ld /etc/ipsec.d/vpnclient.mobileconfig
           ls -ld /etc/ipsec.d/vpnclient.sswan
           ls -ld /etc/ipsec.d/vpnclient.p12
 
           restart_ipsec
           grep pluto "$log1" | tail -n 20
-          ipsec status
           ipsec status | grep -q ikev2-cp
 
           bash ikev2.sh <<ANSWERS
           1
+          invalidclient:
+          vpnclient
           vpnclient2
 
           ANSWERS
@@ -246,6 +248,7 @@ jobs:
           rm -f /etc/ipsec.d/vpnclient2*
           bash ikev2.sh <<ANSWERS
           2
+          nonexistclient
           vpnclient2
           ANSWERS
 
@@ -259,14 +262,33 @@ jobs:
 
           bash ikev2.sh <<ANSWERS
           4
+          nonexistclient
           vpnclient2
           y
           ANSWERS
 
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          4
+          vpnclient2
+
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          2
+          vpnclient2
+
+          ANSWERS
+
           bash ikev2.sh <<ANSWERS
+          100
           6
           ANSWERS
 
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          5
+
+          ANSWERS
+
           bash ikev2.sh <<ANSWERS
           5
           y
@@ -281,6 +303,11 @@ jobs:
 
           rm -f /etc/ipsec.d/vpnclient*
 
+          VPN_DNS_SRV1=invaliddns \
+          bash ikev2.sh --auto 2>&1 | grep -i "invalid"
+
+          sed -i '/^include /d' /etc/ipsec.conf
+
           VPN_CLIENT_NAME=vpnclient1 \
           VPN_DNS_NAME=vpn.example.com \
           VPN_DNS_SRV1=1.1.1.1 \
@@ -296,16 +323,20 @@ jobs:
           grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.sswan
 
           restart_ipsec
-          grep pluto "$log1" | tail -n 20
-          ipsec status
           ipsec status | grep -q ikev2-cp
 
+          bash ikev2.sh --auto --addclient invalidclient: 2>&1 | grep -i "warning"
+          bash ikev2.sh --addclient invalidclient: 2>&1 | grep -i "invalid"
+          bash ikev2.sh --addclient vpnclient1 2>&1 | grep -i "already exists"
+
           bash ikev2.sh --addclient vpnclient2
 
           ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
           ls -ld /etc/ipsec.d/vpnclient2.sswan
           ls -ld /etc/ipsec.d/vpnclient2.p12
 
+          bash ikev2.sh --exportclient nonexistclient 2>&1 | grep -i "does not exist"
+
           rm -f /etc/ipsec.d/vpnclient2*
           bash ikev2.sh --exportclient vpnclient2
 
@@ -313,12 +344,93 @@ jobs:
           ls -ld /etc/ipsec.d/vpnclient2.sswan
           ls -ld /etc/ipsec.d/vpnclient2.p12
 
-          bash ikev2.sh --listclients
+          bash ikev2.sh --addclient vpnclient2 --exportclient vpnclient2 2>&1 | grep -i "invalid"
 
+          bash ikev2.sh --listclients | grep "vpnclient1"
+          bash ikev2.sh --listclients | grep "vpnclient2"
+
+          bash ikev2.sh --revokeclient nonexistclient 2>&1 | grep -i "does not exist"
           bash ikev2.sh --revokeclient vpnclient2 <<ANSWERS
           y
           ANSWERS
 
+          bash ikev2.sh --revokeclient vpnclient2 2>&1 | grep -i "already been revoked"
+          bash ikev2.sh --exportclient vpnclient2 2>&1 | grep -i "revoked"
+          bash ikev2.sh -h 2>&1 | grep -i "usage:"
+          bash ikev2.sh --invalidoption 2>&1 | grep -i "usage:"
+
+          bash ikev2.sh --removeikev2 --exportclient vpnclient1 2>&1 | grep -i "invalid"
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh <<ANSWERS
+          y
+          invalidfqdn
+          vpn.example.com
+
+
+          y
+          invaliddns
+          1.1.1.1
+          invaliddns
+          1.0.0.1
+          y
+          ANSWERS
+
+          grep -q 'leftid=@vpn.example.com' /etc/ipsec.d/ikev2.conf
+          grep -q 'modecfgdns="1.1.1.1 1.0.0.1"' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh <<ANSWERS
+
+          invalidip
+          1.2.3.4
+          invalidclient:
+          vpnclient1
+          1000
+          12
+          y
+          1.1.1.1
+
+          y
+          ANSWERS
+
+          grep -q 'leftid=1.2.3.4' /etc/ipsec.d/ikev2.conf
+          grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          VPN_DNS_SRV1=1.1.1.1 \
+          bash ikev2.sh --auto
+
+          grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh --auto
+
+          grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
           sed -i '/pluto/d' "$log1"
           pkill -HUP rsyslog
 
@@ -335,8 +447,7 @@ jobs:
           y
           ANSWERS
             restart_ipsec
-            grep pluto "$log1"
-            ipsec status
+            ipsec --version
             ipsec status | grep -q l2tp-psk
             ipsec status | grep -q xauth-psk
             ipsec status | grep -q ikev2-cp
@@ -521,17 +632,19 @@ jobs:
           y
           ANSWERS
 
+          grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
           ls -ld /etc/ipsec.d/vpnclient.mobileconfig
           ls -ld /etc/ipsec.d/vpnclient.sswan
           ls -ld /etc/ipsec.d/vpnclient.p12
 
           restart_ipsec
           grep pluto "$log1" | tail -n 20
-          ipsec status
           ipsec status | grep -q ikev2-cp
 
           bash ikev2.sh <<ANSWERS
           1
+          invalidclient:
+          vpnclient
           vpnclient2
 
           ANSWERS
@@ -543,6 +656,7 @@ jobs:
           rm -f /etc/ipsec.d/vpnclient2*
           bash ikev2.sh <<ANSWERS
           2
+          nonexistclient
           vpnclient2
           ANSWERS
 
@@ -556,14 +670,33 @@ jobs:
 
           bash ikev2.sh <<ANSWERS
           4
+          nonexistclient
           vpnclient2
           y
           ANSWERS
 
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          4
+          vpnclient2
+
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          2
+          vpnclient2
+
+          ANSWERS
+
           bash ikev2.sh <<ANSWERS
+          100
           6
           ANSWERS
 
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          5
+
+          ANSWERS
+
           bash ikev2.sh <<ANSWERS
           5
           y
@@ -578,6 +711,12 @@ jobs:
 
           rm -f /etc/ipsec.d/vpnclient*
 
+          VPN_DNS_SRV1=invaliddns \
+          bash ikev2.sh --auto 2>&1 | grep -i "invalid"
+
+          apt-get -yqq remove uuid-runtime
+          sed -i '/^include /d' /etc/ipsec.conf
+
           VPN_CLIENT_NAME=vpnclient1 \
           VPN_DNS_NAME=vpn.example.com \
           VPN_DNS_SRV1=1.1.1.1 \
@@ -593,16 +732,20 @@ jobs:
           grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.sswan
 
           restart_ipsec
-          grep pluto "$log1" | tail -n 20
-          ipsec status
           ipsec status | grep -q ikev2-cp
 
+          bash ikev2.sh --auto --addclient invalidclient: 2>&1 | grep -i "warning"
+          bash ikev2.sh --addclient invalidclient: 2>&1 | grep -i "invalid"
+          bash ikev2.sh --addclient vpnclient1 2>&1 | grep -i "already exists"
+
           bash ikev2.sh --addclient vpnclient2
 
           ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
           ls -ld /etc/ipsec.d/vpnclient2.sswan
           ls -ld /etc/ipsec.d/vpnclient2.p12
 
+          bash ikev2.sh --exportclient nonexistclient 2>&1 | grep -i "does not exist"
+
           rm -f /etc/ipsec.d/vpnclient2*
           bash ikev2.sh --exportclient vpnclient2
 
@@ -610,12 +753,93 @@ jobs:
           ls -ld /etc/ipsec.d/vpnclient2.sswan
           ls -ld /etc/ipsec.d/vpnclient2.p12
 
-          bash ikev2.sh --listclients
+          bash ikev2.sh --addclient vpnclient2 --exportclient vpnclient2 2>&1 | grep -i "invalid"
 
+          bash ikev2.sh --listclients | grep "vpnclient1"
+          bash ikev2.sh --listclients | grep "vpnclient2"
+
+          bash ikev2.sh --revokeclient nonexistclient 2>&1 | grep -i "does not exist"
           bash ikev2.sh --revokeclient vpnclient2 <<ANSWERS
           y
           ANSWERS
 
+          bash ikev2.sh --revokeclient vpnclient2 2>&1 | grep -i "already been revoked"
+          bash ikev2.sh --exportclient vpnclient2 2>&1 | grep -i "revoked"
+          bash ikev2.sh -h 2>&1 | grep -i "usage:"
+          bash ikev2.sh --invalidoption 2>&1 | grep -i "usage:"
+
+          bash ikev2.sh --removeikev2 --exportclient vpnclient1 2>&1 | grep -i "invalid"
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh <<ANSWERS
+          y
+          invalidfqdn
+          vpn.example.com
+
+
+          y
+          invaliddns
+          1.1.1.1
+          invaliddns
+          1.0.0.1
+          y
+          ANSWERS
+
+          grep -q 'leftid=@vpn.example.com' /etc/ipsec.d/ikev2.conf
+          grep -q 'modecfgdns="1.1.1.1 1.0.0.1"' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh <<ANSWERS
+
+          invalidip
+          1.2.3.4
+          invalidclient:
+          vpnclient1
+          1000
+          12
+          y
+          1.1.1.1
+
+          y
+          ANSWERS
+
+          grep -q 'leftid=1.2.3.4' /etc/ipsec.d/ikev2.conf
+          grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          VPN_DNS_SRV1=1.1.1.1 \
+          bash ikev2.sh --auto
+
+          grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh --auto
+
+          grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
           sed -i '/pluto/d' "$log1"
           pkill -HUP rsyslog
 
@@ -628,8 +852,7 @@ jobs:
           y
           ANSWERS
             restart_ipsec
-            grep pluto "$log1"
-            ipsec status
+            ipsec --version
             ipsec status | grep -q l2tp-psk
             ipsec status | grep -q xauth-psk
             ipsec status | grep -q ikev2-cp