diff --git a/.github/workflows/cron.yml b/.github/workflows/cron.yml
index 829bd5f..f7d29d5 100644
--- a/.github/workflows/cron.yml
+++ b/.github/workflows/cron.yml
@@ -39,23 +39,27 @@ jobs:
           $wget_c vpnsetup_centos.sh   https://git.io/vpnsetup-centos
           $wget_c vpnsetup_amzn.sh     https://git.io/vpnsetup-amzn
           $wget_c vpnsetup_ubuntu.sh   https://git.io/vpnsetup-ubuntu
+          $wget_c vpnsetup_alpine.sh   https://git.io/vpnsetup-alpine
           $wget_c quickstart.sh        https://git.io/vpnquickstart
           $wget_c ikev2setup.sh        https://git.io/ikev2setup
           $wget_c vpnupgrade.sh        https://git.io/vpnupgrade
           $wget_c vpnupgrade_centos.sh https://git.io/vpnupgrade-centos
           $wget_c vpnupgrade_amzn.sh   https://git.io/vpnupgrade-amzn
           $wget_c vpnupgrade_ubuntu.sh https://git.io/vpnupgrade-ubuntu
+          $wget_c vpnupgrade_alpine.sh https://git.io/vpnupgrade-alpine
 
           $wget_c vpnsetup2.sh          "$gh_url/vpnsetup.sh"
           $wget_c vpnsetup_centos2.sh   "$gh_url/vpnsetup_centos.sh"
           $wget_c vpnsetup_amzn2.sh     "$gh_url/vpnsetup_amzn.sh"
           $wget_c vpnsetup_ubuntu2.sh   "$gh_url/vpnsetup_ubuntu.sh"
+          $wget_c vpnsetup_alpine2.sh   "$gh_url/vpnsetup_alpine.sh"
           $wget_c quickstart2.sh        "$gh_url/extras/quickstart.sh"
           $wget_c ikev2setup2.sh        "$gh_url/extras/ikev2setup.sh"
           $wget_c vpnupgrade2.sh        "$gh_url/extras/vpnupgrade.sh"
           $wget_c vpnupgrade_centos2.sh "$gh_url/extras/vpnupgrade_centos.sh"
           $wget_c vpnupgrade_amzn2.sh   "$gh_url/extras/vpnupgrade_amzn.sh"
           $wget_c vpnupgrade_ubuntu2.sh "$gh_url/extras/vpnupgrade_ubuntu.sh"
+          $wget_c vpnupgrade_alpine2.sh "$gh_url/extras/vpnupgrade_alpine.sh"
 
           curl -fsSI https://bit.ly/addvpnuser | grep -q 'add_vpn_user.sh'
           curl -fsSI https://bit.ly/delvpnuser | grep -q 'del_vpn_user.sh'
@@ -65,23 +69,27 @@ jobs:
           diff vpnsetup_centos.sh ../vpnsetup_centos.sh
           diff vpnsetup_amzn.sh ../vpnsetup_amzn.sh
           diff vpnsetup_ubuntu.sh ../vpnsetup_ubuntu.sh
+          diff vpnsetup_alpine.sh ../vpnsetup_alpine.sh
           diff quickstart.sh ../extras/quickstart.sh
           diff ikev2setup.sh ../extras/ikev2setup.sh
           diff vpnupgrade.sh ../extras/vpnupgrade.sh
           diff vpnupgrade_centos.sh ../extras/vpnupgrade_centos.sh
           diff vpnupgrade_amzn.sh ../extras/vpnupgrade_amzn.sh
           diff vpnupgrade_ubuntu.sh ../extras/vpnupgrade_ubuntu.sh
+          diff vpnupgrade_alpine.sh ../extras/vpnupgrade_alpine.sh
 
           diff vpnsetup2.sh ../vpnsetup.sh
           diff vpnsetup_centos2.sh ../vpnsetup_centos.sh
           diff vpnsetup_amzn2.sh ../vpnsetup_amzn.sh
           diff vpnsetup_ubuntu2.sh ../vpnsetup_ubuntu.sh
+          diff vpnsetup_alpine2.sh ../vpnsetup_alpine.sh
           diff quickstart2.sh ../extras/quickstart.sh
           diff ikev2setup2.sh ../extras/ikev2setup.sh
           diff vpnupgrade2.sh ../extras/vpnupgrade.sh
           diff vpnupgrade_centos2.sh ../extras/vpnupgrade_centos.sh
           diff vpnupgrade_amzn2.sh ../extras/vpnupgrade_amzn.sh
           diff vpnupgrade_ubuntu2.sh ../extras/vpnupgrade_ubuntu.sh
+          diff vpnupgrade_alpine2.sh ../extras/vpnupgrade_alpine.sh
 
   test_set_1:
     needs: check_urls
@@ -147,12 +155,8 @@ jobs:
           yum -y -q install wget rsyslog
           systemctl start rsyslog
 
-          if [ "$1" != "amazon" ]; then
-            wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-centos
-          else
-            wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-amzn
-          fi
-          sed -i '/swan_ver_latest=/s/^/#/' vpnsetup.sh
+          wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup
+          sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' vpnsetup.sh
 
           sh vpnsetup.sh
 
@@ -178,6 +182,59 @@ jobs:
           ls -l /usr/bin/ikev2.sh
           ls -l /opt/src/ikev2.sh
 
+          wget -t 3 -T 30 -nv -O vpnunst.sh https://git.io/vpnuninstall
+          bash vpnunst.sh <<ANSWERS
+          y
+          ANSWERS
+          if grep -qi stream /etc/redhat-release; then
+            mkdir /etc/xl2tpd
+          fi
+
+          wget -t 3 -T 30 -nv -O quickstart.sh https://git.io/vpnquickstart
+          sed -i -e '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' \
+            -e '/sleep 1/a sed -i "/swan_ver_latest=/s/^/#/" /opt/src/ikev2.sh' quickstart.sh
+
+          sh quickstart.sh
+
+          systemctl restart xl2tpd
+          restart_ipsec
+          restart_fail2ban
+          cat /var/log/fail2ban.log
+
+          netstat -anpu | grep pluto
+          netstat -anpu | grep xl2tpd
+          iptables -nvL
+          iptables -nvL | grep -q 'ppp+'
+          iptables -nvL | grep -q '192\.168\.43\.0/24'
+          iptables -nvL -t nat
+          iptables -nvL -t nat | grep -q '192\.168\.42\.0/24'
+          iptables -nvL -t nat | grep -q '192\.168\.43\.0/24'
+          ipsec status
+          ipsec status | grep -q l2tp-psk
+          ipsec status | grep -q xauth-psk
+          ipsec status | grep -q ikev2-cp
+
+          ls -ld /etc/ipsec.d/vpnclient.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient.sswan
+          ls -ld /etc/ipsec.d/vpnclient.p12
+
+          ls -l /usr/bin/ikev2.sh
+          ls -l /opt/src/ikev2.sh
+
+          bash vpnunst.sh <<ANSWERS
+          y
+          ANSWERS
+          if grep -qi stream /etc/redhat-release; then
+            mkdir /etc/xl2tpd
+          fi
+
+          if [ "$1" != "amazon" ]; then
+            wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-centos
+          else
+            wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-amzn
+          fi
+          sed -i '/swan_ver_latest=/s/^/#/' vpnsetup.sh
+
           VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
           VPN_USER='your_vpn_username' \
           VPN_PASSWORD='your_vpn_password' \
@@ -413,6 +470,21 @@ jobs:
           restart_ipsec
           ipsec status | grep -q ikev2-cp
 
+          wget -t 3 -T 30 -nv -O vpnup.sh https://git.io/vpnupgrade
+          sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpnup.sh"' vpnup.sh
+
+          for ver in 3.32 4.1 4.2; do
+            sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
+          bash vpnup.sh <<ANSWERS
+          y
+          ANSWERS
+            restart_ipsec
+            ipsec --version | grep "$ver"
+            ipsec status | grep -q l2tp-psk
+            ipsec status | grep -q xauth-psk
+            ipsec status | grep -q ikev2-cp
+          done
+
           if [ "$1" != "amazon" ]; then
             wget -t 3 -T 30 -nv -O vpnup.sh https://git.io/vpnupgrade-centos
           else
@@ -420,7 +492,7 @@ jobs:
           fi
           sed -i '/swan_ver_latest=/s/^/#/' vpnup.sh
 
-          for ver in 3.32 4.1 4.2 4.3 4.4 4.5; do
+          for ver in 4.3 4.4 4.5; do
             [ "$ver" = "4.3" ] && shc=sh || shc=bash
             sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
           "$shc" vpnup.sh <<ANSWERS
@@ -507,7 +579,7 @@ jobs:
     if: github.repository_owner == 'hwdsl2'
     strategy:
       matrix:
-        os_version: ["ubuntu:20.04", "ubuntu:18.04", "debian:bullseye", "debian:10", "debian:9"]
+        os_version: ["ubuntu:20.04", "ubuntu:18.04", "debian:11", "debian:10", "debian:9"]
       fail-fast: false
     container:
       image: ${{ matrix.os_version }}
@@ -556,8 +628,8 @@ jobs:
           apt-get -yqq install wget rsyslog
           service rsyslog start
 
-          wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-ubuntu
-          sed -i '/swan_ver_latest=/s/^/#/' vpnsetup.sh
+          wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup
+          sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' vpnsetup.sh
 
           sh vpnsetup.sh
 
@@ -582,6 +654,48 @@ jobs:
           ls -l /usr/bin/ikev2.sh
           ls -l /opt/src/ikev2.sh
 
+          wget -t 3 -T 30 -nv -O vpnunst.sh https://git.io/vpnuninstall
+          bash vpnunst.sh <<ANSWERS
+          y
+          ANSWERS
+
+          wget -t 3 -T 30 -nv -O quickstart.sh https://git.io/vpnquickstart
+          sed -i -e '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' \
+            -e '/sleep 1/a sed -i "/swan_ver_latest=/s/^/#/" /opt/src/ikev2.sh' quickstart.sh
+
+          sh quickstart.sh
+
+          restart_ipsec
+          restart_fail2ban
+          cat /var/log/fail2ban.log
+
+          netstat -anpu | grep pluto
+          netstat -anpu | grep xl2tpd
+          iptables -nvL
+          iptables -nvL | grep -q 'ppp+'
+          iptables -nvL | grep -q '192\.168\.43\.0/24'
+          iptables -nvL -t nat
+          iptables -nvL -t nat | grep -q '192\.168\.42\.0/24'
+          iptables -nvL -t nat | grep -q '192\.168\.43\.0/24'
+          ipsec status
+          ipsec status | grep -q l2tp-psk
+          ipsec status | grep -q xauth-psk
+          ipsec status | grep -q ikev2-cp
+
+          ls -ld /etc/ipsec.d/vpnclient.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient.sswan
+          ls -ld /etc/ipsec.d/vpnclient.p12
+
+          ls -l /usr/bin/ikev2.sh
+          ls -l /opt/src/ikev2.sh
+
+          bash vpnunst.sh <<ANSWERS
+          y
+          ANSWERS
+
+          wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-ubuntu
+          sed -i '/swan_ver_latest=/s/^/#/' vpnsetup.sh
+
           VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
           VPN_USER='your_vpn_username' \
           VPN_PASSWORD='your_vpn_password' \
@@ -818,12 +932,27 @@ jobs:
           restart_ipsec
           ipsec status | grep -q ikev2-cp
 
+          wget -t 3 -T 30 -nv -O vpnup.sh https://git.io/vpnupgrade
+          sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpnup.sh"' vpnup.sh
+
+          os_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
+          for ver in 3.32 4.1 4.2; do
+            [ "$ver" = "3.32" ] && [ "$os_ver" = "11" ] && continue
+            sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
+          bash vpnup.sh <<ANSWERS
+          y
+          ANSWERS
+            restart_ipsec
+            ipsec --version | grep "$ver"
+            ipsec status | grep -q l2tp-psk
+            ipsec status | grep -q xauth-psk
+            ipsec status | grep -q ikev2-cp
+          done
+
           wget -t 3 -T 30 -nv -O vpnup.sh https://git.io/vpnupgrade-ubuntu
           sed -i '/swan_ver_latest=/s/^/#/' vpnup.sh
 
-          os_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
-          for ver in 3.32 4.1 4.2 4.3 4.4 4.5; do
-            [ "$ver" = "3.32" ] && [ "$os_ver" = "11" ] && continue
+          for ver in 4.3 4.4 4.5; do
             [ "$ver" = "4.3" ] && shc=sh || shc=bash
             sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
           "$shc" vpnup.sh <<ANSWERS
@@ -850,3 +979,398 @@ jobs:
           ls -ld vpnsetup.sh
           ls -ld ikev2.sh
           ls -ld vpnup.sh
+
+  test_set_3:
+    needs: [shellcheck, check_urls]
+    runs-on: ubuntu-20.04
+    if: github.repository_owner == 'hwdsl2'
+    strategy:
+      matrix:
+        os_version: ["alpine:3.14"]
+      fail-fast: false
+    container:
+      image: ${{ matrix.os_version }}
+      options: --cap-add=NET_ADMIN --device=/dev/ppp
+    steps:
+      - name: Test
+        run: |
+          set -ex
+
+          log1=/var/log/auth.log
+          log2=/var/log/messages
+
+          restart_ipsec() {
+            ipsec whack --shutdown || true
+            ipsec pluto --config /etc/ipsec.conf
+            echo "Waiting for IPsec to restart."
+            count=0
+            while ! grep -q "pluto\[$(cat /var/run/pluto/pluto.pid)\]: listening for IKE messages" "$log1"; do
+              [ "$count" -ge "30" ] && { echo "IPsec failed to start."; exit 1; }
+              count=$((count+1))
+              printf '%s' '.'
+              sleep 0.5
+            done
+            echo
+          }
+
+          mkdir -p /opt/src
+          cd /opt/src
+          echo "# hwdsl2" > run.sh
+
+          apk add -U wget rsyslog
+          rsyslogd
+
+          wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup
+          sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' vpnsetup.sh
+
+          sh vpnsetup.sh
+
+          ipsec initnss
+          xl2tpd -c /etc/xl2tpd/xl2tpd.conf
+          restart_ipsec
+
+          netstat -anpu | grep pluto
+          netstat -anpu | grep xl2tpd
+          iptables -nvL
+          iptables -nvL | grep -q 'ppp+'
+          iptables -nvL | grep -q '192\.168\.43\.0/24'
+          iptables -nvL -t nat
+          iptables -nvL -t nat | grep -q '192\.168\.42\.0/24'
+          iptables -nvL -t nat | grep -q '192\.168\.43\.0/24'
+          grep pluto "$log1"
+          grep xl2tpd "$log2"
+          ipsec status
+          ipsec status | grep -q l2tp-psk
+          ipsec status | grep -q xauth-psk
+
+          ls -l /usr/bin/ikev2.sh
+          ls -l /opt/src/ikev2.sh
+
+          wget -t 3 -T 30 -nv -O vpnunst.sh https://git.io/vpnuninstall
+          bash vpnunst.sh <<ANSWERS
+          y
+          ANSWERS
+          killall pluto || true
+          killall xl2tpd || true
+
+          wget -t 3 -T 30 -nv -O quickstart.sh https://git.io/vpnquickstart
+          sed -i -e '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' \
+            -e '/sleep 1/a sed -i "/swan_ver_latest=/s/^/#/" /opt/src/ikev2.sh' quickstart.sh
+
+          sh quickstart.sh
+
+          xl2tpd -c /etc/xl2tpd/xl2tpd.conf
+          restart_ipsec
+
+          netstat -anpu | grep pluto
+          netstat -anpu | grep xl2tpd
+          iptables -nvL
+          iptables -nvL | grep -q 'ppp+'
+          iptables -nvL | grep -q '192\.168\.43\.0/24'
+          iptables -nvL -t nat
+          iptables -nvL -t nat | grep -q '192\.168\.42\.0/24'
+          iptables -nvL -t nat | grep -q '192\.168\.43\.0/24'
+          ipsec status
+          ipsec status | grep -q l2tp-psk
+          ipsec status | grep -q xauth-psk
+          ipsec status | grep -q ikev2-cp
+
+          ls -ld /etc/ipsec.d/vpnclient.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient.sswan
+          ls -ld /etc/ipsec.d/vpnclient.p12
+
+          ls -l /usr/bin/ikev2.sh
+          ls -l /opt/src/ikev2.sh
+
+          bash vpnunst.sh <<ANSWERS
+          y
+          ANSWERS
+          killall pluto || true
+          killall xl2tpd || true
+
+          wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-alpine
+          sed -i '/swan_ver_latest=/s/^/#/' vpnsetup.sh
+
+          VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
+          VPN_USER='your_vpn_username' \
+          VPN_PASSWORD='your_vpn_password' \
+          VPN_DNS_SRV1='1.1.1.1' \
+          VPN_DNS_SRV2='1.0.0.1' \
+          bash vpnsetup.sh
+
+          ipsec initnss
+          restart_ipsec
+          grep -q "your_ipsec_pre_shared_key" /etc/ipsec.secrets
+          grep -q "your_vpn_username" /etc/ppp/chap-secrets
+          grep -q "your_vpn_password" /etc/ppp/chap-secrets
+          grep -q "your_vpn_username" /etc/ipsec.d/passwd
+          grep -q 'modecfgdns="1.1.1.1 1.0.0.1"' /etc/ipsec.conf
+          grep -q 'ms-dns 1.1.1.1' /etc/ppp/options.xl2tpd
+          grep -q 'ms-dns 1.0.0.1' /etc/ppp/options.xl2tpd
+
+          wget -t 3 -T 30 -nv -O ikev2.sh https://git.io/ikev2setup
+          sed -i '/swan_ver_latest=/s/^/#/' ikev2.sh
+
+          bash ikev2.sh <<ANSWERS
+
+
+
+
+
+          y
+          ANSWERS
+
+          grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
+          ls -ld /etc/ipsec.d/vpnclient.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient.sswan
+          ls -ld /etc/ipsec.d/vpnclient.p12
+
+          restart_ipsec
+          grep pluto "$log1" | tail -n 20
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh <<ANSWERS
+          1
+          invalidclient:
+          vpnclient
+          vpnclient2
+
+          ANSWERS
+
+          ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient2.sswan
+          ls -ld /etc/ipsec.d/vpnclient2.p12
+
+          rm -f /etc/ipsec.d/vpnclient2*
+          bash ikev2.sh <<ANSWERS
+          2
+          nonexistclient
+          vpnclient2
+          ANSWERS
+
+          ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient2.sswan
+          ls -ld /etc/ipsec.d/vpnclient2.p12
+
+          bash ikev2.sh <<ANSWERS
+          3
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS
+          4
+          nonexistclient
+          vpnclient2
+          y
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          4
+          vpnclient2
+
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          2
+          vpnclient2
+
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS
+          100
+          6
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          5
+
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS
+          5
+          y
+          ANSWERS
+
+          restart_ipsec
+          ls -ld /etc/ipsec.d/ikev2.conf && exit 1
+          ipsec status | grep -q l2tp-psk
+          ipsec status | grep -q xauth-psk
+          ipsec status | grep -q ikev2-cp && exit 1
+          certutil -L -d sql:/etc/ipsec.d
+
+          rm -f /etc/ipsec.d/vpnclient*
+
+          VPN_DNS_SRV1=invaliddns \
+          bash ikev2.sh --auto 2>&1 | grep -i "invalid"
+
+          apk del uuidgen
+          sed -i '/^include /d' /etc/ipsec.conf
+
+          VPN_CLIENT_NAME=vpnclient1 \
+          VPN_DNS_NAME=vpn.example.com \
+          VPN_DNS_SRV1=1.1.1.1 \
+          VPN_DNS_SRV2=1.0.0.1 \
+          bash ikev2.sh --auto
+
+          grep -q 'leftid=@vpn.example.com' /etc/ipsec.d/ikev2.conf
+          grep -q 'modecfgdns="1.1.1.1 1.0.0.1"' /etc/ipsec.d/ikev2.conf
+          ls -ld /etc/ipsec.d/vpnclient1.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient1.sswan
+          ls -ld /etc/ipsec.d/vpnclient1.p12
+          grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.mobileconfig
+          grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.sswan
+
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --auto --addclient invalidclient: 2>&1 | grep -i "warning"
+          bash ikev2.sh --addclient invalidclient: 2>&1 | grep -i "invalid"
+          bash ikev2.sh --addclient vpnclient1 2>&1 | grep -i "already exists"
+
+          bash ikev2.sh --addclient vpnclient2
+
+          ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient2.sswan
+          ls -ld /etc/ipsec.d/vpnclient2.p12
+
+          bash ikev2.sh --exportclient nonexistclient 2>&1 | grep -i "does not exist"
+
+          rm -f /etc/ipsec.d/vpnclient2*
+          bash ikev2.sh --exportclient vpnclient2
+
+          ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient2.sswan
+          ls -ld /etc/ipsec.d/vpnclient2.p12
+
+          bash ikev2.sh --addclient vpnclient2 --exportclient vpnclient2 2>&1 | grep -i "invalid"
+
+          bash ikev2.sh --listclients | grep "vpnclient1"
+          bash ikev2.sh --listclients | grep "vpnclient2"
+
+          bash ikev2.sh --revokeclient nonexistclient 2>&1 | grep -i "does not exist"
+          bash ikev2.sh --revokeclient vpnclient2 <<ANSWERS
+          y
+          ANSWERS
+
+          bash ikev2.sh --revokeclient vpnclient2 2>&1 | grep -i "already been revoked"
+          bash ikev2.sh --exportclient vpnclient2 2>&1 | grep -i "revoked"
+          bash ikev2.sh -h 2>&1 | grep -i "usage:"
+          bash ikev2.sh --invalidoption 2>&1 | grep -i "usage:"
+
+          bash ikev2.sh --removeikev2 --exportclient vpnclient1 2>&1 | grep -i "invalid"
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh <<ANSWERS
+          y
+          invalidfqdn
+          vpn.example.com
+
+
+          y
+          invaliddns
+          1.1.1.1
+          invaliddns
+          1.0.0.1
+          y
+          ANSWERS
+
+          grep -q 'leftid=@vpn.example.com' /etc/ipsec.d/ikev2.conf
+          grep -q 'modecfgdns="1.1.1.1 1.0.0.1"' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh <<ANSWERS
+
+          invalidip
+          1.2.3.4
+          invalidclient:
+          vpnclient1
+          1000
+          12
+          y
+          1.1.1.1
+
+          y
+          ANSWERS
+
+          grep -q 'leftid=1.2.3.4' /etc/ipsec.d/ikev2.conf
+          grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          VPN_DNS_SRV1=1.1.1.1 \
+          bash ikev2.sh --auto
+
+          grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh --auto
+
+          grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          wget -t 3 -T 30 -nv -O vpnup.sh https://git.io/vpnupgrade
+          sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpnup.sh"' vpnup.sh
+
+          for ver in 4.5; do
+            sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
+          bash vpnup.sh <<ANSWERS
+          y
+          y
+          ANSWERS
+            restart_ipsec
+            ipsec --version | grep "$ver"
+            ipsec status | grep -q l2tp-psk
+            ipsec status | grep -q xauth-psk
+            ipsec status | grep -q ikev2-cp
+          done
+
+          wget -t 3 -T 30 -nv -O vpnup.sh https://git.io/vpnupgrade-alpine
+          sed -i '/swan_ver_latest=/s/^/#/' vpnup.sh
+
+          for ver in 4.5; do
+            sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
+          bash vpnup.sh <<ANSWERS
+          y
+          y
+          ANSWERS
+            restart_ipsec
+            ipsec --version | grep "$ver"
+            ipsec status | grep -q l2tp-psk
+            ipsec status | grep -q xauth-psk
+            ipsec status | grep -q ikev2-cp
+          done
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          ls -ld /etc/ipsec.d/ikev2.conf && exit 1
+          ipsec status | grep -q l2tp-psk
+          ipsec status | grep -q xauth-psk
+          ipsec status | grep -q ikev2-cp && exit 1
+          certutil -L -d sql:/etc/ipsec.d
+
+          ls -ld vpnsetup.sh
+          ls -ld ikev2.sh
+          ls -ld vpnup.sh
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 578dc15..5914a9e 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -68,23 +68,27 @@ jobs:
           $wget_c vpnsetup_centos.sh   https://git.io/vpnsetup-centos
           $wget_c vpnsetup_amzn.sh     https://git.io/vpnsetup-amzn
           $wget_c vpnsetup_ubuntu.sh   https://git.io/vpnsetup-ubuntu
+          $wget_c vpnsetup_alpine.sh   https://git.io/vpnsetup-alpine
           $wget_c quickstart.sh        https://git.io/vpnquickstart
           $wget_c ikev2setup.sh        https://git.io/ikev2setup
           $wget_c vpnupgrade.sh        https://git.io/vpnupgrade
           $wget_c vpnupgrade_centos.sh https://git.io/vpnupgrade-centos
           $wget_c vpnupgrade_amzn.sh   https://git.io/vpnupgrade-amzn
           $wget_c vpnupgrade_ubuntu.sh https://git.io/vpnupgrade-ubuntu
+          $wget_c vpnupgrade_alpine.sh https://git.io/vpnupgrade-alpine
 
           $wget_c vpnsetup2.sh          "$gh_url/vpnsetup.sh"
           $wget_c vpnsetup_centos2.sh   "$gh_url/vpnsetup_centos.sh"
           $wget_c vpnsetup_amzn2.sh     "$gh_url/vpnsetup_amzn.sh"
           $wget_c vpnsetup_ubuntu2.sh   "$gh_url/vpnsetup_ubuntu.sh"
+          $wget_c vpnsetup_alpine2.sh   "$gh_url/vpnsetup_alpine.sh"
           $wget_c quickstart2.sh        "$gh_url/extras/quickstart.sh"
           $wget_c ikev2setup2.sh        "$gh_url/extras/ikev2setup.sh"
           $wget_c vpnupgrade2.sh        "$gh_url/extras/vpnupgrade.sh"
           $wget_c vpnupgrade_centos2.sh "$gh_url/extras/vpnupgrade_centos.sh"
           $wget_c vpnupgrade_amzn2.sh   "$gh_url/extras/vpnupgrade_amzn.sh"
           $wget_c vpnupgrade_ubuntu2.sh "$gh_url/extras/vpnupgrade_ubuntu.sh"
+          $wget_c vpnupgrade_alpine2.sh "$gh_url/extras/vpnupgrade_alpine.sh"
 
           curl -fsSI https://bit.ly/addvpnuser | grep -q 'add_vpn_user.sh'
           curl -fsSI https://bit.ly/delvpnuser | grep -q 'del_vpn_user.sh'
@@ -94,23 +98,27 @@ jobs:
           diff vpnsetup_centos.sh ../vpnsetup_centos.sh
           diff vpnsetup_amzn.sh ../vpnsetup_amzn.sh
           diff vpnsetup_ubuntu.sh ../vpnsetup_ubuntu.sh
+          diff vpnsetup_alpine.sh ../vpnsetup_alpine.sh
           diff quickstart.sh ../extras/quickstart.sh
           diff ikev2setup.sh ../extras/ikev2setup.sh
           diff vpnupgrade.sh ../extras/vpnupgrade.sh
           diff vpnupgrade_centos.sh ../extras/vpnupgrade_centos.sh
           diff vpnupgrade_amzn.sh ../extras/vpnupgrade_amzn.sh
           diff vpnupgrade_ubuntu.sh ../extras/vpnupgrade_ubuntu.sh
+          diff vpnupgrade_alpine.sh ../extras/vpnupgrade_alpine.sh
 
           diff vpnsetup2.sh ../vpnsetup.sh
           diff vpnsetup_centos2.sh ../vpnsetup_centos.sh
           diff vpnsetup_amzn2.sh ../vpnsetup_amzn.sh
           diff vpnsetup_ubuntu2.sh ../vpnsetup_ubuntu.sh
+          diff vpnsetup_alpine2.sh ../vpnsetup_alpine.sh
           diff quickstart2.sh ../extras/quickstart.sh
           diff ikev2setup2.sh ../extras/ikev2setup.sh
           diff vpnupgrade2.sh ../extras/vpnupgrade.sh
           diff vpnupgrade_centos2.sh ../extras/vpnupgrade_centos.sh
           diff vpnupgrade_amzn2.sh ../extras/vpnupgrade_amzn.sh
           diff vpnupgrade_ubuntu2.sh ../extras/vpnupgrade_ubuntu.sh
+          diff vpnupgrade_alpine2.sh ../extras/vpnupgrade_alpine.sh
 
   test_set_1:
     needs: [shellcheck, check_urls]
@@ -176,12 +184,8 @@ jobs:
           yum -y -q install wget rsyslog
           systemctl start rsyslog
 
-          if [ "$1" != "amazon" ]; then
-            wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-centos
-          else
-            wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-amzn
-          fi
-          sed -i '/swan_ver_latest=/s/^/#/' vpnsetup.sh
+          wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup
+          sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' vpnsetup.sh
 
           sh vpnsetup.sh
 
@@ -207,6 +211,59 @@ jobs:
           ls -l /usr/bin/ikev2.sh
           ls -l /opt/src/ikev2.sh
 
+          wget -t 3 -T 30 -nv -O vpnunst.sh https://git.io/vpnuninstall
+          bash vpnunst.sh <<ANSWERS
+          y
+          ANSWERS
+          if grep -qi stream /etc/redhat-release; then
+            mkdir /etc/xl2tpd
+          fi
+
+          wget -t 3 -T 30 -nv -O quickstart.sh https://git.io/vpnquickstart
+          sed -i -e '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' \
+            -e '/sleep 1/a sed -i "/swan_ver_latest=/s/^/#/" /opt/src/ikev2.sh' quickstart.sh
+
+          sh quickstart.sh
+
+          systemctl restart xl2tpd
+          restart_ipsec
+          restart_fail2ban
+          cat /var/log/fail2ban.log
+
+          netstat -anpu | grep pluto
+          netstat -anpu | grep xl2tpd
+          iptables -nvL
+          iptables -nvL | grep -q 'ppp+'
+          iptables -nvL | grep -q '192\.168\.43\.0/24'
+          iptables -nvL -t nat
+          iptables -nvL -t nat | grep -q '192\.168\.42\.0/24'
+          iptables -nvL -t nat | grep -q '192\.168\.43\.0/24'
+          ipsec status
+          ipsec status | grep -q l2tp-psk
+          ipsec status | grep -q xauth-psk
+          ipsec status | grep -q ikev2-cp
+
+          ls -ld /etc/ipsec.d/vpnclient.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient.sswan
+          ls -ld /etc/ipsec.d/vpnclient.p12
+
+          ls -l /usr/bin/ikev2.sh
+          ls -l /opt/src/ikev2.sh
+
+          bash vpnunst.sh <<ANSWERS
+          y
+          ANSWERS
+          if grep -qi stream /etc/redhat-release; then
+            mkdir /etc/xl2tpd
+          fi
+
+          if [ "$1" != "amazon" ]; then
+            wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-centos
+          else
+            wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-amzn
+          fi
+          sed -i '/swan_ver_latest=/s/^/#/' vpnsetup.sh
+
           VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
           VPN_USER='your_vpn_username' \
           VPN_PASSWORD='your_vpn_password' \
@@ -442,6 +499,21 @@ jobs:
           restart_ipsec
           ipsec status | grep -q ikev2-cp
 
+          wget -t 3 -T 30 -nv -O vpnup.sh https://git.io/vpnupgrade
+          sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpnup.sh"' vpnup.sh
+
+          for ver in 3.32 4.1 4.2; do
+            sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
+          bash vpnup.sh <<ANSWERS
+          y
+          ANSWERS
+            restart_ipsec
+            ipsec --version | grep "$ver"
+            ipsec status | grep -q l2tp-psk
+            ipsec status | grep -q xauth-psk
+            ipsec status | grep -q ikev2-cp
+          done
+
           if [ "$1" != "amazon" ]; then
             wget -t 3 -T 30 -nv -O vpnup.sh https://git.io/vpnupgrade-centos
           else
@@ -449,7 +521,7 @@ jobs:
           fi
           sed -i '/swan_ver_latest=/s/^/#/' vpnup.sh
 
-          for ver in 3.32 4.1 4.2 4.3 4.4 4.5; do
+          for ver in 4.3 4.4 4.5; do
             [ "$ver" = "4.3" ] && shc=sh || shc=bash
             sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
           "$shc" vpnup.sh <<ANSWERS
@@ -536,7 +608,7 @@ jobs:
     if: github.repository_owner == 'hwdsl2'
     strategy:
       matrix:
-        os_version: ["ubuntu:20.04", "ubuntu:18.04", "debian:bullseye", "debian:10", "debian:9"]
+        os_version: ["ubuntu:20.04", "ubuntu:18.04", "debian:11", "debian:10", "debian:9"]
       fail-fast: false
     container:
       image: ${{ matrix.os_version }}
@@ -585,8 +657,8 @@ jobs:
           apt-get -yqq install wget rsyslog
           service rsyslog start
 
-          wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-ubuntu
-          sed -i '/swan_ver_latest=/s/^/#/' vpnsetup.sh
+          wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup
+          sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' vpnsetup.sh
 
           sh vpnsetup.sh
 
@@ -611,6 +683,48 @@ jobs:
           ls -l /usr/bin/ikev2.sh
           ls -l /opt/src/ikev2.sh
 
+          wget -t 3 -T 30 -nv -O vpnunst.sh https://git.io/vpnuninstall
+          bash vpnunst.sh <<ANSWERS
+          y
+          ANSWERS
+
+          wget -t 3 -T 30 -nv -O quickstart.sh https://git.io/vpnquickstart
+          sed -i -e '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' \
+            -e '/sleep 1/a sed -i "/swan_ver_latest=/s/^/#/" /opt/src/ikev2.sh' quickstart.sh
+
+          sh quickstart.sh
+
+          restart_ipsec
+          restart_fail2ban
+          cat /var/log/fail2ban.log
+
+          netstat -anpu | grep pluto
+          netstat -anpu | grep xl2tpd
+          iptables -nvL
+          iptables -nvL | grep -q 'ppp+'
+          iptables -nvL | grep -q '192\.168\.43\.0/24'
+          iptables -nvL -t nat
+          iptables -nvL -t nat | grep -q '192\.168\.42\.0/24'
+          iptables -nvL -t nat | grep -q '192\.168\.43\.0/24'
+          ipsec status
+          ipsec status | grep -q l2tp-psk
+          ipsec status | grep -q xauth-psk
+          ipsec status | grep -q ikev2-cp
+
+          ls -ld /etc/ipsec.d/vpnclient.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient.sswan
+          ls -ld /etc/ipsec.d/vpnclient.p12
+
+          ls -l /usr/bin/ikev2.sh
+          ls -l /opt/src/ikev2.sh
+
+          bash vpnunst.sh <<ANSWERS
+          y
+          ANSWERS
+
+          wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-ubuntu
+          sed -i '/swan_ver_latest=/s/^/#/' vpnsetup.sh
+
           VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
           VPN_USER='your_vpn_username' \
           VPN_PASSWORD='your_vpn_password' \
@@ -847,12 +961,27 @@ jobs:
           restart_ipsec
           ipsec status | grep -q ikev2-cp
 
+          wget -t 3 -T 30 -nv -O vpnup.sh https://git.io/vpnupgrade
+          sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpnup.sh"' vpnup.sh
+
+          os_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
+          for ver in 3.32 4.1 4.2; do
+            [ "$ver" = "3.32" ] && [ "$os_ver" = "11" ] && continue
+            sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
+          bash vpnup.sh <<ANSWERS
+          y
+          ANSWERS
+            restart_ipsec
+            ipsec --version | grep "$ver"
+            ipsec status | grep -q l2tp-psk
+            ipsec status | grep -q xauth-psk
+            ipsec status | grep -q ikev2-cp
+          done
+
           wget -t 3 -T 30 -nv -O vpnup.sh https://git.io/vpnupgrade-ubuntu
           sed -i '/swan_ver_latest=/s/^/#/' vpnup.sh
 
-          os_ver=$(sed 's/\..*//' /etc/debian_version | tr -dc 'A-Za-z0-9')
-          for ver in 3.32 4.1 4.2 4.3 4.4 4.5; do
-            [ "$ver" = "3.32" ] && [ "$os_ver" = "11" ] && continue
+          for ver in 4.3 4.4 4.5; do
             [ "$ver" = "4.3" ] && shc=sh || shc=bash
             sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
           "$shc" vpnup.sh <<ANSWERS
@@ -879,3 +1008,398 @@ jobs:
           ls -ld vpnsetup.sh
           ls -ld ikev2.sh
           ls -ld vpnup.sh
+
+  test_set_3:
+    needs: [shellcheck, check_urls]
+    runs-on: ubuntu-20.04
+    if: github.repository_owner == 'hwdsl2'
+    strategy:
+      matrix:
+        os_version: ["alpine:3.14"]
+      fail-fast: false
+    container:
+      image: ${{ matrix.os_version }}
+      options: --cap-add=NET_ADMIN --device=/dev/ppp
+    steps:
+      - name: Test
+        run: |
+          set -ex
+
+          log1=/var/log/auth.log
+          log2=/var/log/messages
+
+          restart_ipsec() {
+            ipsec whack --shutdown || true
+            ipsec pluto --config /etc/ipsec.conf
+            echo "Waiting for IPsec to restart."
+            count=0
+            while ! grep -q "pluto\[$(cat /var/run/pluto/pluto.pid)\]: listening for IKE messages" "$log1"; do
+              [ "$count" -ge "30" ] && { echo "IPsec failed to start."; exit 1; }
+              count=$((count+1))
+              printf '%s' '.'
+              sleep 0.5
+            done
+            echo
+          }
+
+          mkdir -p /opt/src
+          cd /opt/src
+          echo "# hwdsl2" > run.sh
+
+          apk add -U wget rsyslog
+          rsyslogd
+
+          wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup
+          sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' vpnsetup.sh
+
+          sh vpnsetup.sh
+
+          ipsec initnss
+          xl2tpd -c /etc/xl2tpd/xl2tpd.conf
+          restart_ipsec
+
+          netstat -anpu | grep pluto
+          netstat -anpu | grep xl2tpd
+          iptables -nvL
+          iptables -nvL | grep -q 'ppp+'
+          iptables -nvL | grep -q '192\.168\.43\.0/24'
+          iptables -nvL -t nat
+          iptables -nvL -t nat | grep -q '192\.168\.42\.0/24'
+          iptables -nvL -t nat | grep -q '192\.168\.43\.0/24'
+          grep pluto "$log1"
+          grep xl2tpd "$log2"
+          ipsec status
+          ipsec status | grep -q l2tp-psk
+          ipsec status | grep -q xauth-psk
+
+          ls -l /usr/bin/ikev2.sh
+          ls -l /opt/src/ikev2.sh
+
+          wget -t 3 -T 30 -nv -O vpnunst.sh https://git.io/vpnuninstall
+          bash vpnunst.sh <<ANSWERS
+          y
+          ANSWERS
+          killall pluto || true
+          killall xl2tpd || true
+
+          wget -t 3 -T 30 -nv -O quickstart.sh https://git.io/vpnquickstart
+          sed -i -e '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' \
+            -e '/sleep 1/a sed -i "/swan_ver_latest=/s/^/#/" /opt/src/ikev2.sh' quickstart.sh
+
+          sh quickstart.sh
+
+          xl2tpd -c /etc/xl2tpd/xl2tpd.conf
+          restart_ipsec
+
+          netstat -anpu | grep pluto
+          netstat -anpu | grep xl2tpd
+          iptables -nvL
+          iptables -nvL | grep -q 'ppp+'
+          iptables -nvL | grep -q '192\.168\.43\.0/24'
+          iptables -nvL -t nat
+          iptables -nvL -t nat | grep -q '192\.168\.42\.0/24'
+          iptables -nvL -t nat | grep -q '192\.168\.43\.0/24'
+          ipsec status
+          ipsec status | grep -q l2tp-psk
+          ipsec status | grep -q xauth-psk
+          ipsec status | grep -q ikev2-cp
+
+          ls -ld /etc/ipsec.d/vpnclient.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient.sswan
+          ls -ld /etc/ipsec.d/vpnclient.p12
+
+          ls -l /usr/bin/ikev2.sh
+          ls -l /opt/src/ikev2.sh
+
+          bash vpnunst.sh <<ANSWERS
+          y
+          ANSWERS
+          killall pluto || true
+          killall xl2tpd || true
+
+          wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-alpine
+          sed -i '/swan_ver_latest=/s/^/#/' vpnsetup.sh
+
+          VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
+          VPN_USER='your_vpn_username' \
+          VPN_PASSWORD='your_vpn_password' \
+          VPN_DNS_SRV1='1.1.1.1' \
+          VPN_DNS_SRV2='1.0.0.1' \
+          bash vpnsetup.sh
+
+          ipsec initnss
+          restart_ipsec
+          grep -q "your_ipsec_pre_shared_key" /etc/ipsec.secrets
+          grep -q "your_vpn_username" /etc/ppp/chap-secrets
+          grep -q "your_vpn_password" /etc/ppp/chap-secrets
+          grep -q "your_vpn_username" /etc/ipsec.d/passwd
+          grep -q 'modecfgdns="1.1.1.1 1.0.0.1"' /etc/ipsec.conf
+          grep -q 'ms-dns 1.1.1.1' /etc/ppp/options.xl2tpd
+          grep -q 'ms-dns 1.0.0.1' /etc/ppp/options.xl2tpd
+
+          wget -t 3 -T 30 -nv -O ikev2.sh https://git.io/ikev2setup
+          sed -i '/swan_ver_latest=/s/^/#/' ikev2.sh
+
+          bash ikev2.sh <<ANSWERS
+
+
+
+
+
+          y
+          ANSWERS
+
+          grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
+          ls -ld /etc/ipsec.d/vpnclient.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient.sswan
+          ls -ld /etc/ipsec.d/vpnclient.p12
+
+          restart_ipsec
+          grep pluto "$log1" | tail -n 20
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh <<ANSWERS
+          1
+          invalidclient:
+          vpnclient
+          vpnclient2
+
+          ANSWERS
+
+          ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient2.sswan
+          ls -ld /etc/ipsec.d/vpnclient2.p12
+
+          rm -f /etc/ipsec.d/vpnclient2*
+          bash ikev2.sh <<ANSWERS
+          2
+          nonexistclient
+          vpnclient2
+          ANSWERS
+
+          ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient2.sswan
+          ls -ld /etc/ipsec.d/vpnclient2.p12
+
+          bash ikev2.sh <<ANSWERS
+          3
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS
+          4
+          nonexistclient
+          vpnclient2
+          y
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          4
+          vpnclient2
+
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          2
+          vpnclient2
+
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS
+          100
+          6
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS 2>&1 | grep -i "abort"
+          5
+
+          ANSWERS
+
+          bash ikev2.sh <<ANSWERS
+          5
+          y
+          ANSWERS
+
+          restart_ipsec
+          ls -ld /etc/ipsec.d/ikev2.conf && exit 1
+          ipsec status | grep -q l2tp-psk
+          ipsec status | grep -q xauth-psk
+          ipsec status | grep -q ikev2-cp && exit 1
+          certutil -L -d sql:/etc/ipsec.d
+
+          rm -f /etc/ipsec.d/vpnclient*
+
+          VPN_DNS_SRV1=invaliddns \
+          bash ikev2.sh --auto 2>&1 | grep -i "invalid"
+
+          apk del uuidgen
+          sed -i '/^include /d' /etc/ipsec.conf
+
+          VPN_CLIENT_NAME=vpnclient1 \
+          VPN_DNS_NAME=vpn.example.com \
+          VPN_DNS_SRV1=1.1.1.1 \
+          VPN_DNS_SRV2=1.0.0.1 \
+          bash ikev2.sh --auto
+
+          grep -q 'leftid=@vpn.example.com' /etc/ipsec.d/ikev2.conf
+          grep -q 'modecfgdns="1.1.1.1 1.0.0.1"' /etc/ipsec.d/ikev2.conf
+          ls -ld /etc/ipsec.d/vpnclient1.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient1.sswan
+          ls -ld /etc/ipsec.d/vpnclient1.p12
+          grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.mobileconfig
+          grep -q 'vpn.example.com' /etc/ipsec.d/vpnclient1.sswan
+
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --auto --addclient invalidclient: 2>&1 | grep -i "warning"
+          bash ikev2.sh --addclient invalidclient: 2>&1 | grep -i "invalid"
+          bash ikev2.sh --addclient vpnclient1 2>&1 | grep -i "already exists"
+
+          bash ikev2.sh --addclient vpnclient2
+
+          ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient2.sswan
+          ls -ld /etc/ipsec.d/vpnclient2.p12
+
+          bash ikev2.sh --exportclient nonexistclient 2>&1 | grep -i "does not exist"
+
+          rm -f /etc/ipsec.d/vpnclient2*
+          bash ikev2.sh --exportclient vpnclient2
+
+          ls -ld /etc/ipsec.d/vpnclient2.mobileconfig
+          ls -ld /etc/ipsec.d/vpnclient2.sswan
+          ls -ld /etc/ipsec.d/vpnclient2.p12
+
+          bash ikev2.sh --addclient vpnclient2 --exportclient vpnclient2 2>&1 | grep -i "invalid"
+
+          bash ikev2.sh --listclients | grep "vpnclient1"
+          bash ikev2.sh --listclients | grep "vpnclient2"
+
+          bash ikev2.sh --revokeclient nonexistclient 2>&1 | grep -i "does not exist"
+          bash ikev2.sh --revokeclient vpnclient2 <<ANSWERS
+          y
+          ANSWERS
+
+          bash ikev2.sh --revokeclient vpnclient2 2>&1 | grep -i "already been revoked"
+          bash ikev2.sh --exportclient vpnclient2 2>&1 | grep -i "revoked"
+          bash ikev2.sh -h 2>&1 | grep -i "usage:"
+          bash ikev2.sh --invalidoption 2>&1 | grep -i "usage:"
+
+          bash ikev2.sh --removeikev2 --exportclient vpnclient1 2>&1 | grep -i "invalid"
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh <<ANSWERS
+          y
+          invalidfqdn
+          vpn.example.com
+
+
+          y
+          invaliddns
+          1.1.1.1
+          invaliddns
+          1.0.0.1
+          y
+          ANSWERS
+
+          grep -q 'leftid=@vpn.example.com' /etc/ipsec.d/ikev2.conf
+          grep -q 'modecfgdns="1.1.1.1 1.0.0.1"' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh <<ANSWERS
+
+          invalidip
+          1.2.3.4
+          invalidclient:
+          vpnclient1
+          1000
+          12
+          y
+          1.1.1.1
+
+          y
+          ANSWERS
+
+          grep -q 'leftid=1.2.3.4' /etc/ipsec.d/ikev2.conf
+          grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          VPN_DNS_SRV1=1.1.1.1 \
+          bash ikev2.sh --auto
+
+          grep -q 'modecfgdns=1.1.1.1' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          bash ikev2.sh --auto
+
+          grep -q 'modecfgdns="8.8.8.8 8.8.4.4"' /etc/ipsec.d/ikev2.conf
+          restart_ipsec
+          ipsec status | grep -q ikev2-cp
+
+          wget -t 3 -T 30 -nv -O vpnup.sh https://git.io/vpnupgrade
+          sed -i '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpnup.sh"' vpnup.sh
+
+          for ver in 4.5; do
+            sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
+          bash vpnup.sh <<ANSWERS
+          y
+          y
+          ANSWERS
+            restart_ipsec
+            ipsec --version | grep "$ver"
+            ipsec status | grep -q l2tp-psk
+            ipsec status | grep -q xauth-psk
+            ipsec status | grep -q ikev2-cp
+          done
+
+          wget -t 3 -T 30 -nv -O vpnup.sh https://git.io/vpnupgrade-alpine
+          sed -i '/swan_ver_latest=/s/^/#/' vpnup.sh
+
+          for ver in 4.5; do
+            sed -i "s/^SWAN_VER=.*/SWAN_VER=$ver/" vpnup.sh
+          bash vpnup.sh <<ANSWERS
+          y
+          y
+          ANSWERS
+            restart_ipsec
+            ipsec --version | grep "$ver"
+            ipsec status | grep -q l2tp-psk
+            ipsec status | grep -q xauth-psk
+            ipsec status | grep -q ikev2-cp
+          done
+
+          bash ikev2.sh --removeikev2 <<ANSWERS
+          y
+          ANSWERS
+
+          restart_ipsec
+          ls -ld /etc/ipsec.d/ikev2.conf && exit 1
+          ipsec status | grep -q l2tp-psk
+          ipsec status | grep -q xauth-psk
+          ipsec status | grep -q ikev2-cp && exit 1
+          certutil -L -d sql:/etc/ipsec.d
+
+          ls -ld vpnsetup.sh
+          ls -ld ikev2.sh
+          ls -ld vpnup.sh