mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-26 06:46:06 +03:00
Code Issues Projects Releases Wiki Activity

Update tests

Browse Source
This commit is contained in:
hwdsl2 2021-08-06 01:50:09 -05:00
parent 72ad762184
commit 1b1c1ecc8f
2 changed files with 470 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

247
.github/workflows/cron.yml vendored
View File

@ -195,17 +195,19 @@ jobs:
y y
ANSWERS ANSWERS
grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
ls -ld /etc/ipsec.d/vpnclient.mobileconfig ls -ld /etc/ipsec.d/vpnclient.mobileconfig
ls -ld /etc/ipsec.d/vpnclient.sswan ls -ld /etc/ipsec.d/vpnclient.sswan
ls -ld /etc/ipsec.d/vpnclient.p12 ls -ld /etc/ipsec.d/vpnclient.p12
restart_ipsec restart_ipsec
grep pluto "$log1" | tail -n 20 grep pluto "$log1" | tail -n 20
ipsec status
ipsec status | grep -q ikev2-cp ipsec status | grep -q ikev2-cp
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
1 1
invalidclient:
vpnclient
vpnclient2 vpnclient2
ANSWERS ANSWERS
@ -217,6 +219,7 @@ jobs:
rm -f /etc/ipsec.d/vpnclient2* rm -f /etc/ipsec.d/vpnclient2*
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
2 2
nonexistclient
vpnclient2 vpnclient2
ANSWERS ANSWERS
@ -230,14 +233,33 @@ jobs:
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
4 4
nonexistclient
vpnclient2 vpnclient2
y y
ANSWERS ANSWERS
bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
4
vpnclient2
ANSWERS
bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
2
vpnclient2
ANSWERS
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
100
6 6
ANSWERS ANSWERS
bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
5
ANSWERS
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
5 5
y y
@ -252,6 +274,11 @@ jobs:
rm -f /etc/ipsec.d/vpnclient* rm -f /etc/ipsec.d/vpnclient*
VPN_DNS_SRV1=invaliddns \
bash ikev2.sh --auto 2>&1 | grep -i "invalid"
sed -i '/^include /d' /etc/ipsec.conf
VPN_CLIENT_NAME=vpnclient1 \ VPN_CLIENT_NAME=vpnclient1 \
VPN_DNS_NAME=vpn.example.com \ VPN_DNS_NAME=vpn.example.com \
VPN_DNS_SRV1=1.1.1.1 \ VPN_DNS_SRV1=1.1.1.1 \
@ -267,16 +294,20 @@ jobs:
grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.sswan grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.sswan
restart_ipsec restart_ipsec
grep pluto "$log1" | tail -n 20
ipsec status
ipsec status | grep -q ikev2-cp ipsec status | grep -q ikev2-cp
bash ikev2.sh --auto --addclient invalidclient: 2>&1 | grep -i "warning"
bash ikev2.sh --addclient invalidclient: 2>&1 | grep -i "invalid"
bash ikev2.sh --addclient vpnclient1 2>&1 | grep -i "already exists"
bash ikev2.sh --addclient vpnclient2 bash ikev2.sh --addclient vpnclient2
ls -ld /etc/ipsec.d/vpnclient2.mobileconfig ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
ls -ld /etc/ipsec.d/vpnclient2.sswan ls -ld /etc/ipsec.d/vpnclient2.sswan
ls -ld /etc/ipsec.d/vpnclient2.p12 ls -ld /etc/ipsec.d/vpnclient2.p12
bash ikev2.sh --exportclient nonexistclient 2>&1 | grep -i "does not exist"
rm -f /etc/ipsec.d/vpnclient2* rm -f /etc/ipsec.d/vpnclient2*
bash ikev2.sh --exportclient vpnclient2 bash ikev2.sh --exportclient vpnclient2
@ -284,12 +315,93 @@ jobs:
ls -ld /etc/ipsec.d/vpnclient2.sswan ls -ld /etc/ipsec.d/vpnclient2.sswan
ls -ld /etc/ipsec.d/vpnclient2.p12 ls -ld /etc/ipsec.d/vpnclient2.p12
bash ikev2.sh --listclients bash ikev2.sh --addclient vpnclient2 --exportclient vpnclient2 2>&1 | grep -i "invalid"
bash ikev2.sh --listclients | grep "vpnclient1"
bash ikev2.sh --listclients | grep "vpnclient2"
bash ikev2.sh --revokeclient nonexistclient 2>&1 | grep -i "does not exist"
bash ikev2.sh --revokeclient vpnclient2 <<ANSWERS bash ikev2.sh --revokeclient vpnclient2 <<ANSWERS
y y
ANSWERS ANSWERS
bash ikev2.sh --revokeclient vpnclient2 2>&1 | grep -i "already been revoked"
bash ikev2.sh --exportclient vpnclient2 2>&1 | grep -i "revoked"
bash ikev2.sh -h 2>&1 | grep -i "usage:"
bash ikev2.sh --invalidoption 2>&1 | grep -i "usage:"
bash ikev2.sh --removeikev2 --exportclient vpnclient1 2>&1 | grep -i "invalid"
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
bash ikev2.sh <<ANSWERS
y
invalidfqdn
vpn.example.com
y
invaliddns
1.1.1.1
invaliddns
1.0.0.1
y
ANSWERS
grep -q 'leftid=@vpn.example.com' /etc/ipsec.d/ikev2.conf
grep -q 'modecfgdns="1.1.1.1 1.0.0.1"' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
bash ikev2.sh <<ANSWERS
invalidip
1.2.3.4
invalidclient:
vpnclient1
1000
12
y
1.1.1.1
y
ANSWERS
grep -q 'leftid=1.2.3.4' /etc/ipsec.d/ikev2.conf
grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
VPN_DNS_SRV1=1.1.1.1 \
bash ikev2.sh --auto
grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
bash ikev2.sh --auto
grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
sed -i '/pluto/d' "$log1" sed -i '/pluto/d' "$log1"
pkill -HUP rsyslog pkill -HUP rsyslog
@ -306,8 +418,7 @@ jobs:
y y
ANSWERS ANSWERS
restart_ipsec restart_ipsec
grep pluto "$log1" ipsec --version
ipsec status
ipsec status | grep -q l2tp-psk ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk ipsec status | grep -q xauth-psk
ipsec status | grep -q ikev2-cp ipsec status | grep -q ikev2-cp
@ -492,17 +603,19 @@ jobs:
y y
ANSWERS ANSWERS
grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
ls -ld /etc/ipsec.d/vpnclient.mobileconfig ls -ld /etc/ipsec.d/vpnclient.mobileconfig
ls -ld /etc/ipsec.d/vpnclient.sswan ls -ld /etc/ipsec.d/vpnclient.sswan
ls -ld /etc/ipsec.d/vpnclient.p12 ls -ld /etc/ipsec.d/vpnclient.p12
restart_ipsec restart_ipsec
grep pluto "$log1" | tail -n 20 grep pluto "$log1" | tail -n 20
ipsec status
ipsec status | grep -q ikev2-cp ipsec status | grep -q ikev2-cp
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
1 1
invalidclient:
vpnclient
vpnclient2 vpnclient2
ANSWERS ANSWERS
@ -514,6 +627,7 @@ jobs:
rm -f /etc/ipsec.d/vpnclient2* rm -f /etc/ipsec.d/vpnclient2*
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
2 2
nonexistclient
vpnclient2 vpnclient2
ANSWERS ANSWERS
@ -527,14 +641,33 @@ jobs:
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
4 4
nonexistclient
vpnclient2 vpnclient2
y y
ANSWERS ANSWERS
bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
4
vpnclient2
ANSWERS
bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
2
vpnclient2
ANSWERS
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
100
6 6
ANSWERS ANSWERS
bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
5
ANSWERS
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
5 5
y y
@ -549,6 +682,12 @@ jobs:
rm -f /etc/ipsec.d/vpnclient* rm -f /etc/ipsec.d/vpnclient*
VPN_DNS_SRV1=invaliddns \
bash ikev2.sh --auto 2>&1 | grep -i "invalid"
apt-get -yqq remove uuid-runtime
sed -i '/^include /d' /etc/ipsec.conf
VPN_CLIENT_NAME=vpnclient1 \ VPN_CLIENT_NAME=vpnclient1 \
VPN_DNS_NAME=vpn.example.com \ VPN_DNS_NAME=vpn.example.com \
VPN_DNS_SRV1=1.1.1.1 \ VPN_DNS_SRV1=1.1.1.1 \
@ -564,16 +703,20 @@ jobs:
grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.sswan grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.sswan
restart_ipsec restart_ipsec
grep pluto "$log1" | tail -n 20
ipsec status
ipsec status | grep -q ikev2-cp ipsec status | grep -q ikev2-cp
bash ikev2.sh --auto --addclient invalidclient: 2>&1 | grep -i "warning"
bash ikev2.sh --addclient invalidclient: 2>&1 | grep -i "invalid"
bash ikev2.sh --addclient vpnclient1 2>&1 | grep -i "already exists"
bash ikev2.sh --addclient vpnclient2 bash ikev2.sh --addclient vpnclient2
ls -ld /etc/ipsec.d/vpnclient2.mobileconfig ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
ls -ld /etc/ipsec.d/vpnclient2.sswan ls -ld /etc/ipsec.d/vpnclient2.sswan
ls -ld /etc/ipsec.d/vpnclient2.p12 ls -ld /etc/ipsec.d/vpnclient2.p12
bash ikev2.sh --exportclient nonexistclient 2>&1 | grep -i "does not exist"
rm -f /etc/ipsec.d/vpnclient2* rm -f /etc/ipsec.d/vpnclient2*
bash ikev2.sh --exportclient vpnclient2 bash ikev2.sh --exportclient vpnclient2
@ -581,12 +724,93 @@ jobs:
ls -ld /etc/ipsec.d/vpnclient2.sswan ls -ld /etc/ipsec.d/vpnclient2.sswan
ls -ld /etc/ipsec.d/vpnclient2.p12 ls -ld /etc/ipsec.d/vpnclient2.p12
bash ikev2.sh --listclients bash ikev2.sh --addclient vpnclient2 --exportclient vpnclient2 2>&1 | grep -i "invalid"
bash ikev2.sh --listclients | grep "vpnclient1"
bash ikev2.sh --listclients | grep "vpnclient2"
bash ikev2.sh --revokeclient nonexistclient 2>&1 | grep -i "does not exist"
bash ikev2.sh --revokeclient vpnclient2 <<ANSWERS bash ikev2.sh --revokeclient vpnclient2 <<ANSWERS
y y
ANSWERS ANSWERS
bash ikev2.sh --revokeclient vpnclient2 2>&1 | grep -i "already been revoked"
bash ikev2.sh --exportclient vpnclient2 2>&1 | grep -i "revoked"
bash ikev2.sh -h 2>&1 | grep -i "usage:"
bash ikev2.sh --invalidoption 2>&1 | grep -i "usage:"
bash ikev2.sh --removeikev2 --exportclient vpnclient1 2>&1 | grep -i "invalid"
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
bash ikev2.sh <<ANSWERS
y
invalidfqdn
vpn.example.com
y
invaliddns
1.1.1.1
invaliddns
1.0.0.1
y
ANSWERS
grep -q 'leftid=@vpn.example.com' /etc/ipsec.d/ikev2.conf
grep -q 'modecfgdns="1.1.1.1 1.0.0.1"' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
bash ikev2.sh <<ANSWERS
invalidip
1.2.3.4
invalidclient:
vpnclient1
1000
12
y
1.1.1.1
y
ANSWERS
grep -q 'leftid=1.2.3.4' /etc/ipsec.d/ikev2.conf
grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
VPN_DNS_SRV1=1.1.1.1 \
bash ikev2.sh --auto
grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
bash ikev2.sh --auto
grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
sed -i '/pluto/d' "$log1" sed -i '/pluto/d' "$log1"
pkill -HUP rsyslog pkill -HUP rsyslog
@ -599,8 +823,7 @@ jobs:
y y
ANSWERS ANSWERS
restart_ipsec restart_ipsec
grep pluto "$log1" ipsec --version
ipsec status
ipsec status | grep -q l2tp-psk ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk ipsec status | grep -q xauth-psk
ipsec status | grep -q ikev2-cp ipsec status | grep -q ikev2-cp

247
.github/workflows/main.yml vendored
View File

@ -224,17 +224,19 @@ jobs:
y y
ANSWERS ANSWERS
grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
ls -ld /etc/ipsec.d/vpnclient.mobileconfig ls -ld /etc/ipsec.d/vpnclient.mobileconfig
ls -ld /etc/ipsec.d/vpnclient.sswan ls -ld /etc/ipsec.d/vpnclient.sswan
ls -ld /etc/ipsec.d/vpnclient.p12 ls -ld /etc/ipsec.d/vpnclient.p12
restart_ipsec restart_ipsec
grep pluto "$log1" | tail -n 20 grep pluto "$log1" | tail -n 20
ipsec status
ipsec status | grep -q ikev2-cp ipsec status | grep -q ikev2-cp
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
1 1
invalidclient:
vpnclient
vpnclient2 vpnclient2
ANSWERS ANSWERS
@ -246,6 +248,7 @@ jobs:
rm -f /etc/ipsec.d/vpnclient2* rm -f /etc/ipsec.d/vpnclient2*
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
2 2
nonexistclient
vpnclient2 vpnclient2
ANSWERS ANSWERS
@ -259,14 +262,33 @@ jobs:
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
4 4
nonexistclient
vpnclient2 vpnclient2
y y
ANSWERS ANSWERS
bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
4
vpnclient2
ANSWERS
bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
2
vpnclient2
ANSWERS
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
100
6 6
ANSWERS ANSWERS
bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
5
ANSWERS
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
5 5
y y
@ -281,6 +303,11 @@ jobs:
rm -f /etc/ipsec.d/vpnclient* rm -f /etc/ipsec.d/vpnclient*
VPN_DNS_SRV1=invaliddns \
bash ikev2.sh --auto 2>&1 | grep -i "invalid"
sed -i '/^include /d' /etc/ipsec.conf
VPN_CLIENT_NAME=vpnclient1 \ VPN_CLIENT_NAME=vpnclient1 \
VPN_DNS_NAME=vpn.example.com \ VPN_DNS_NAME=vpn.example.com \
VPN_DNS_SRV1=1.1.1.1 \ VPN_DNS_SRV1=1.1.1.1 \
@ -296,16 +323,20 @@ jobs:
grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.sswan grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.sswan
restart_ipsec restart_ipsec
grep pluto "$log1" | tail -n 20
ipsec status
ipsec status | grep -q ikev2-cp ipsec status | grep -q ikev2-cp
bash ikev2.sh --auto --addclient invalidclient: 2>&1 | grep -i "warning"
bash ikev2.sh --addclient invalidclient: 2>&1 | grep -i "invalid"
bash ikev2.sh --addclient vpnclient1 2>&1 | grep -i "already exists"
bash ikev2.sh --addclient vpnclient2 bash ikev2.sh --addclient vpnclient2
ls -ld /etc/ipsec.d/vpnclient2.mobileconfig ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
ls -ld /etc/ipsec.d/vpnclient2.sswan ls -ld /etc/ipsec.d/vpnclient2.sswan
ls -ld /etc/ipsec.d/vpnclient2.p12 ls -ld /etc/ipsec.d/vpnclient2.p12
bash ikev2.sh --exportclient nonexistclient 2>&1 | grep -i "does not exist"
rm -f /etc/ipsec.d/vpnclient2* rm -f /etc/ipsec.d/vpnclient2*
bash ikev2.sh --exportclient vpnclient2 bash ikev2.sh --exportclient vpnclient2
@ -313,12 +344,93 @@ jobs:
ls -ld /etc/ipsec.d/vpnclient2.sswan ls -ld /etc/ipsec.d/vpnclient2.sswan
ls -ld /etc/ipsec.d/vpnclient2.p12 ls -ld /etc/ipsec.d/vpnclient2.p12
bash ikev2.sh --listclients bash ikev2.sh --addclient vpnclient2 --exportclient vpnclient2 2>&1 | grep -i "invalid"
bash ikev2.sh --listclients | grep "vpnclient1"
bash ikev2.sh --listclients | grep "vpnclient2"
bash ikev2.sh --revokeclient nonexistclient 2>&1 | grep -i "does not exist"
bash ikev2.sh --revokeclient vpnclient2 <<ANSWERS bash ikev2.sh --revokeclient vpnclient2 <<ANSWERS
y y
ANSWERS ANSWERS
bash ikev2.sh --revokeclient vpnclient2 2>&1 | grep -i "already been revoked"
bash ikev2.sh --exportclient vpnclient2 2>&1 | grep -i "revoked"
bash ikev2.sh -h 2>&1 | grep -i "usage:"
bash ikev2.sh --invalidoption 2>&1 | grep -i "usage:"
bash ikev2.sh --removeikev2 --exportclient vpnclient1 2>&1 | grep -i "invalid"
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
bash ikev2.sh <<ANSWERS
y
invalidfqdn
vpn.example.com
y
invaliddns
1.1.1.1
invaliddns
1.0.0.1
y
ANSWERS
grep -q 'leftid=@vpn.example.com' /etc/ipsec.d/ikev2.conf
grep -q 'modecfgdns="1.1.1.1 1.0.0.1"' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
bash ikev2.sh <<ANSWERS
invalidip
1.2.3.4
invalidclient:
vpnclient1
1000
12
y
1.1.1.1
y
ANSWERS
grep -q 'leftid=1.2.3.4' /etc/ipsec.d/ikev2.conf
grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
VPN_DNS_SRV1=1.1.1.1 \
bash ikev2.sh --auto
grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
bash ikev2.sh --auto
grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
sed -i '/pluto/d' "$log1" sed -i '/pluto/d' "$log1"
pkill -HUP rsyslog pkill -HUP rsyslog
@ -335,8 +447,7 @@ jobs:
y y
ANSWERS ANSWERS
restart_ipsec restart_ipsec
grep pluto "$log1" ipsec --version
ipsec status
ipsec status | grep -q l2tp-psk ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk ipsec status | grep -q xauth-psk
ipsec status | grep -q ikev2-cp ipsec status | grep -q ikev2-cp
@ -521,17 +632,19 @@ jobs:
y y
ANSWERS ANSWERS
grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
ls -ld /etc/ipsec.d/vpnclient.mobileconfig ls -ld /etc/ipsec.d/vpnclient.mobileconfig
ls -ld /etc/ipsec.d/vpnclient.sswan ls -ld /etc/ipsec.d/vpnclient.sswan
ls -ld /etc/ipsec.d/vpnclient.p12 ls -ld /etc/ipsec.d/vpnclient.p12
restart_ipsec restart_ipsec
grep pluto "$log1" | tail -n 20 grep pluto "$log1" | tail -n 20
ipsec status
ipsec status | grep -q ikev2-cp ipsec status | grep -q ikev2-cp
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
1 1
invalidclient:
vpnclient
vpnclient2 vpnclient2
ANSWERS ANSWERS
@ -543,6 +656,7 @@ jobs:
rm -f /etc/ipsec.d/vpnclient2* rm -f /etc/ipsec.d/vpnclient2*
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
2 2
nonexistclient
vpnclient2 vpnclient2
ANSWERS ANSWERS
@ -556,14 +670,33 @@ jobs:
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
4 4
nonexistclient
vpnclient2 vpnclient2
y y
ANSWERS ANSWERS
bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
4
vpnclient2
ANSWERS
bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
2
vpnclient2
ANSWERS
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
100
6 6
ANSWERS ANSWERS
bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
5
ANSWERS
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
5 5
y y
@ -578,6 +711,12 @@ jobs:
rm -f /etc/ipsec.d/vpnclient* rm -f /etc/ipsec.d/vpnclient*
VPN_DNS_SRV1=invaliddns \
bash ikev2.sh --auto 2>&1 | grep -i "invalid"
apt-get -yqq remove uuid-runtime
sed -i '/^include /d' /etc/ipsec.conf
VPN_CLIENT_NAME=vpnclient1 \ VPN_CLIENT_NAME=vpnclient1 \
VPN_DNS_NAME=vpn.example.com \ VPN_DNS_NAME=vpn.example.com \
VPN_DNS_SRV1=1.1.1.1 \ VPN_DNS_SRV1=1.1.1.1 \
@ -593,16 +732,20 @@ jobs:
grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.sswan grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.sswan
restart_ipsec restart_ipsec
grep pluto "$log1" | tail -n 20
ipsec status
ipsec status | grep -q ikev2-cp ipsec status | grep -q ikev2-cp
bash ikev2.sh --auto --addclient invalidclient: 2>&1 | grep -i "warning"
bash ikev2.sh --addclient invalidclient: 2>&1 | grep -i "invalid"
bash ikev2.sh --addclient vpnclient1 2>&1 | grep -i "already exists"
bash ikev2.sh --addclient vpnclient2 bash ikev2.sh --addclient vpnclient2
ls -ld /etc/ipsec.d/vpnclient2.mobileconfig ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
ls -ld /etc/ipsec.d/vpnclient2.sswan ls -ld /etc/ipsec.d/vpnclient2.sswan
ls -ld /etc/ipsec.d/vpnclient2.p12 ls -ld /etc/ipsec.d/vpnclient2.p12
bash ikev2.sh --exportclient nonexistclient 2>&1 | grep -i "does not exist"
rm -f /etc/ipsec.d/vpnclient2* rm -f /etc/ipsec.d/vpnclient2*
bash ikev2.sh --exportclient vpnclient2 bash ikev2.sh --exportclient vpnclient2
@ -610,12 +753,93 @@ jobs:
ls -ld /etc/ipsec.d/vpnclient2.sswan ls -ld /etc/ipsec.d/vpnclient2.sswan
ls -ld /etc/ipsec.d/vpnclient2.p12 ls -ld /etc/ipsec.d/vpnclient2.p12
bash ikev2.sh --listclients bash ikev2.sh --addclient vpnclient2 --exportclient vpnclient2 2>&1 | grep -i "invalid"
bash ikev2.sh --listclients | grep "vpnclient1"
bash ikev2.sh --listclients | grep "vpnclient2"
bash ikev2.sh --revokeclient nonexistclient 2>&1 | grep -i "does not exist"
bash ikev2.sh --revokeclient vpnclient2 <<ANSWERS bash ikev2.sh --revokeclient vpnclient2 <<ANSWERS
y y
ANSWERS ANSWERS
bash ikev2.sh --revokeclient vpnclient2 2>&1 | grep -i "already been revoked"
bash ikev2.sh --exportclient vpnclient2 2>&1 | grep -i "revoked"
bash ikev2.sh -h 2>&1 | grep -i "usage:"
bash ikev2.sh --invalidoption 2>&1 | grep -i "usage:"
bash ikev2.sh --removeikev2 --exportclient vpnclient1 2>&1 | grep -i "invalid"
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
bash ikev2.sh <<ANSWERS
y
invalidfqdn
vpn.example.com
y
invaliddns
1.1.1.1
invaliddns
1.0.0.1
y
ANSWERS
grep -q 'leftid=@vpn.example.com' /etc/ipsec.d/ikev2.conf
grep -q 'modecfgdns="1.1.1.1 1.0.0.1"' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
bash ikev2.sh <<ANSWERS
invalidip
1.2.3.4
invalidclient:
vpnclient1
1000
12
y
1.1.1.1
y
ANSWERS
grep -q 'leftid=1.2.3.4' /etc/ipsec.d/ikev2.conf
grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
VPN_DNS_SRV1=1.1.1.1 \
bash ikev2.sh --auto
grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
bash ikev2.sh --removeikev2 <<ANSWERS
y
ANSWERS
restart_ipsec
bash ikev2.sh --auto
grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
restart_ipsec
ipsec status | grep -q ikev2-cp
sed -i '/pluto/d' "$log1" sed -i '/pluto/d' "$log1"
pkill -HUP rsyslog pkill -HUP rsyslog
@ -628,8 +852,7 @@ jobs:
y y
ANSWERS ANSWERS
restart_ipsec restart_ipsec
grep pluto "$log1" ipsec --version
ipsec status
ipsec status | grep -q l2tp-psk ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk ipsec status | grep -q xauth-psk
ipsec status | grep -q ikev2-cp ipsec status | grep -q ikev2-cp