From 247298bb050afa862a0dc8ae0db9eceba278fa73 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Thu, 3 Jun 2021 22:09:56 -0500 Subject: [PATCH] Update tests --- .github/workflows/cron.yml | 514 ++++++++++++++++-------------------- .github/workflows/main.yml | 520 ++++++++++++++++--------------------- 2 files changed, 450 insertions(+), 584 deletions(-) diff --git a/.github/workflows/cron.yml b/.github/workflows/cron.yml index b5c9317..dd341a4 100644 --- a/.github/workflows/cron.yml +++ b/.github/workflows/cron.yml @@ -14,7 +14,65 @@ on: - cron: '25 2 * * 0,4' jobs: + check_urls: + runs-on: ubuntu-20.04 + if: github.repository_owner == 'hwdsl2' + steps: + - uses: actions/checkout@v2 + with: + persist-credentials: false + - name: Check + run: | + cd "$GITHUB_WORKSPACE" + mkdir workdir + cd workdir + set -x + + export DEBIAN_FRONTEND=noninteractive + sudo apt-get -yq update + sudo apt-get -yq install wget curl + + wget_c="wget -t 3 -T 30 -nv -O" + gh_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master" + + $wget_c vpnsetup.sh https://git.io/vpnsetup + $wget_c vpnsetup_centos.sh https://git.io/vpnsetup-centos + $wget_c vpnsetup_amzn.sh https://git.io/vpnsetup-amzn + $wget_c ikev2setup.sh https://git.io/ikev2setup + $wget_c vpnupgrade.sh https://git.io/vpnupgrade + $wget_c vpnupgrade_centos.sh https://git.io/vpnupgrade-centos + $wget_c vpnupgrade_amzn.sh https://git.io/vpnupgrade-amzn + + $wget_c vpnsetup2.sh "$gh_url/vpnsetup.sh" + $wget_c vpnsetup_centos2.sh "$gh_url/vpnsetup_centos.sh" + $wget_c vpnsetup_amzn2.sh "$gh_url/vpnsetup_amzn.sh" + $wget_c ikev2setup2.sh "$gh_url/extras/ikev2setup.sh" + $wget_c vpnupgrade2.sh "$gh_url/extras/vpnupgrade.sh" + $wget_c vpnupgrade_centos2.sh "$gh_url/extras/vpnupgrade_centos.sh" + $wget_c vpnupgrade_amzn2.sh "$gh_url/extras/vpnupgrade_amzn.sh" + + curl -fsSI https://bit.ly/addvpnuser | grep -q 'add_vpn_user.sh' + curl -fsSI https://bit.ly/delvpnuser | grep -q 'del_vpn_user.sh' + curl -fsSI https://bit.ly/updatevpnusers | grep -q 'update_vpn_users.sh' + + diff vpnsetup.sh ../vpnsetup.sh + diff vpnsetup_centos.sh ../vpnsetup_centos.sh + diff vpnsetup_amzn.sh ../vpnsetup_amzn.sh + diff ikev2setup.sh ../extras/ikev2setup.sh + diff vpnupgrade.sh ../extras/vpnupgrade.sh + diff vpnupgrade_centos.sh ../extras/vpnupgrade_centos.sh + diff vpnupgrade_amzn.sh ../extras/vpnupgrade_amzn.sh + + diff vpnsetup2.sh ../vpnsetup.sh + diff vpnsetup_centos2.sh ../vpnsetup_centos.sh + diff vpnsetup_amzn2.sh ../vpnsetup_amzn.sh + diff ikev2setup2.sh ../extras/ikev2setup.sh + diff vpnupgrade2.sh ../extras/vpnupgrade.sh + diff vpnupgrade_centos2.sh ../extras/vpnupgrade_centos.sh + diff vpnupgrade_amzn2.sh ../extras/vpnupgrade_amzn.sh + test_set_1: + needs: check_urls runs-on: ubuntu-20.04 if: github.repository_owner == 'hwdsl2' strategy: @@ -33,6 +91,9 @@ jobs: #!/bin/bash set -e + log1=/var/log/secure + log2=/var/log/messages + trap 'catch $? $LINENO' ERR catch() { @@ -41,56 +102,67 @@ jobs: exit 1 } - if [ "$1" = "centos" ] || [ "$1" = "amazon" ]; then - yum -y update - yum -y -q install wget rsyslog - systemctl start rsyslog - if [ "$1" = "centos" ]; then - wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-centos - else - wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-amzn - fi - else - export DEBIAN_FRONTEND=noninteractive - apt-get -yq update - apt-get -yq dist-upgrade - apt-get -yq install wget rsyslog - service rsyslog start - wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup - fi + restart_ipsec() { + sed -i '/pluto/d' "$log1" + pkill -HUP rsyslog + systemctl restart ipsec + echo "Waiting for IPsec to restart." + count=0 + while ! grep -q 'listening for IKE messages' "$log1"; do + [ "$count" -ge "30" ] && { echo "IPsec failed to start."; exit 1; } + count=$((count+1)) + printf '%s' '.' + sleep 0.5 + done + echo + } - sed -i '/swan_ver_url/s/^/#/' vpnsetup.sh - sh vpnsetup.sh - if [ "$1" = "centos" ] || [ "$1" = "amazon" ]; then - systemctl start ipsec - systemctl start xl2tpd - sleep 5 + restart_fail2ban() { + rm -f /var/log/fail2ban.log systemctl restart fail2ban - else - sleep 5 - service fail2ban restart - fi + echo "Waiting for Fail2ban to restart." + count=0 + while ! grep -qs -E "Jail '(sshd?|ssh-iptables)' started" /var/log/fail2ban.log; do + [ "$count" -ge "30" ] && { echo "Fail2ban failed to start."; exit 1; } + count=$((count+1)) + printf '%s' '.' + sleep 0.5 + done + echo + } + + yum -y update + yum -y -q install wget rsyslog + systemctl start rsyslog + + if [ "$1" = "centos" ]; then + wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-centos + else + wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-amzn + fi + sed -i '/swan_ver_latest=/s/^/#/' vpnsetup.sh + + sh vpnsetup.sh + + systemctl start xl2tpd + restart_ipsec + restart_fail2ban + cat /var/log/fail2ban.log - sleep 5 netstat -anpu | grep pluto netstat -anpu | grep xl2tpd iptables -nL iptables -nL | grep -q '192\.168\.42\.0/24' iptables -nL -t nat iptables -nL -t nat | grep -q '192\.168\.43\.0/24' - if [ "$1" = "centos" ] || [ "$1" = "amazon" ]; then - grep pluto /var/log/secure - grep xl2tpd /var/log/messages - else - grep pluto /var/log/auth.log - grep xl2tpd /var/log/syslog - fi + grep pluto "$log1" + grep xl2tpd "$log2" ipsec status ipsec status | grep -q l2tp-psk ipsec status | grep -q xauth-psk - cat /var/log/fail2ban.log - grep -E "Jail '(sshd?|ssh-iptables)' started" /var/log/fail2ban.log + ls -l /usr/bin/ikev2.sh + ls -l /opt/src/ikev2.sh VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \ VPN_USER='your_vpn_username' \ @@ -98,11 +170,8 @@ jobs: VPN_DNS_SRV1='1.1.1.1' \ VPN_DNS_SRV2='1.0.0.1' \ sh vpnsetup.sh - if [ "$1" = "centos" ] || [ "$1" = "amazon" ]; then - systemctl restart ipsec - fi - sleep 10 + restart_ipsec grep -q "your_ipsec_pre_shared_key" /etc/ipsec.secrets grep -q "your_vpn_username" /etc/ppp/chap-secrets grep -q "your_vpn_password" /etc/ppp/chap-secrets @@ -111,8 +180,9 @@ jobs: grep -q 'ms-dns 1.1.1.1' /etc/ppp/options.xl2tpd grep -q 'ms-dns 1.0.0.1' /etc/ppp/options.xl2tpd - wget -t 3 -T 30 -nv -O ikev2.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/ikev2setup.sh # hwdsl2 + wget -t 3 -T 30 -nv -O ikev2.sh https://git.io/ikev2setup # hwdsl2 sed -i '/swan_ver_latest=/s/^/#/' ikev2.sh + bash ikev2.sh < run.sh @@ -454,28 +434,30 @@ jobs: apt-get -yq dist-upgrade apt-get -yq install wget rsyslog service rsyslog start - wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup - sed -i '/swan_ver_url/s/^/#/' vpnsetup.sh + wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup + sed -i '/swan_ver_latest=/s/^/#/' vpnsetup.sh + sh vpnsetup.sh - sleep 5 - service fail2ban restart - sleep 5 + restart_ipsec + restart_fail2ban + cat /var/log/fail2ban.log + netstat -anpu | grep pluto netstat -anpu | grep xl2tpd iptables -nL iptables -nL | grep -q '192\.168\.42\.0/24' iptables -nL -t nat iptables -nL -t nat | grep -q '192\.168\.43\.0/24' - grep pluto /var/log/auth.log - grep xl2tpd /var/log/syslog + grep pluto "$log1" + grep xl2tpd "$log2" ipsec status ipsec status | grep -q l2tp-psk ipsec status | grep -q xauth-psk - cat /var/log/fail2ban.log - grep -E "Jail '(sshd?|ssh-iptables)' started" /var/log/fail2ban.log + ls -l /usr/bin/ikev2.sh + ls -l /opt/src/ikev2.sh VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \ VPN_USER='your_vpn_username' \ @@ -484,7 +466,7 @@ jobs: VPN_DNS_SRV2='1.0.0.1' \ sh vpnsetup.sh - sleep 10 + restart_ipsec grep -q "your_ipsec_pre_shared_key" /etc/ipsec.secrets grep -q "your_vpn_username" /etc/ppp/chap-secrets grep -q "your_vpn_password" /etc/ppp/chap-secrets @@ -493,8 +475,9 @@ jobs: grep -q 'ms-dns 1.1.1.1' /etc/ppp/options.xl2tpd grep -q 'ms-dns 1.0.0.1' /etc/ppp/options.xl2tpd - wget -t 3 -T 30 -nv -O ikev2.sh https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh + wget -t 3 -T 30 -nv -O ikev2.sh https://git.io/ikev2setup sed -i '/swan_ver_latest=/s/^/#/' ikev2.sh + bash ikev2.sh <