mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-24 05:46:09 +03:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: mirror:3c7273eb62106374585227623b78c8aea0c676ea
Branches Tags
mirror:master
...
compare: mirror:0fe30b0479b194dc9a80900a6dfac0613a84ea22
Branches Tags
mirror:master

2 Commits
3c7273eb62 ... 0fe30b0479

Author SHA1 Message Date
hwdsl2
0fe30b0479 Update tests 2022-07-31 00:05:10 -05:00
hwdsl2
9088681e89 Update tests 2022-07-30 23:17:53 -05:00
2 changed files with 107 additions and 78 deletions
Show Stats Expand all files Collapse all files

104
.github/workflows/test_set_1.yml vendored
View File

@ -17,7 +17,7 @@ jobs:
if: github.repository_owner == 'hwdsl2' if: github.repository_owner == 'hwdsl2'
strategy: strategy:
matrix: matrix:
os_version: ["centos:8s", "centos:7", "rockylinux:8", "almalinux:8", "amazonlinux:2", "oraclelinux:8", "oraclelinux:7"] os_version: ["centos:9s", "centos:8s", "centos:7", "rockylinux:9", "rockylinux:8", "almalinux:9", "almalinux:8", "amazonlinux:2", "oraclelinux:9", "oraclelinux:8", "oraclelinux:7"]
fail-fast: false fail-fast: false
env: env:
OS_VERSION: ${{ matrix.os_version }} OS_VERSION: ${{ matrix.os_version }}
@ -51,7 +51,7 @@ jobs:
} }
restart_ipsec() { restart_ipsec() {
if grep -qs 'release 8' /etc/oracle-release; then if grep -qs -E 'release (8|9)' /etc/oracle-release; then
sleep 3 sleep 3
fi fi
if ! command -v amazon-linux-extras; then if ! command -v amazon-linux-extras; then
@ -85,58 +85,75 @@ jobs:
cd /opt/src cd /opt/src
yum -y -q update yum -y -q update
yum -y -q install wget rsyslog yum -y -q install wget rsyslog
if grep -qs 'release 9' /etc/redhat-release; then
if grep -qi rocky /etc/redhat-release \
|| grep -qi alma /etc/redhat-release; then
yum -y -q install diffutils
fi
fi
systemctl start rsyslog systemctl start rsyslog
cp -f /opt/src/scripts/vpnsetup.sh . cp -f /opt/src/scripts/vpnsetup.sh .
cp -f /opt/src/scripts/extras/quickstart.sh .
cp -f /opt/src/scripts/extras/vpnuninstall.sh ./vpnunst.sh cp -f /opt/src/scripts/extras/vpnuninstall.sh ./vpnunst.sh
sed -i -e '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' \ sed -i -e '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' \
-e '/curl /a sed -i \x27/status=0/a sed -i "/swan_ver_latest=/s/^/#/" /opt/src/ikev2.sh\x27 "$tmpdir/vpn.sh"' \ -e '/curl /a sed -i \x27/status=0/a sed -i "/swan_ver_latest=/s/^/#/" /opt/src/ikev2.sh\x27 "$tmpdir/vpn.sh"' \
vpnsetup.sh quickstart.sh vpnsetup.sh
for vpnsc in vpnsetup.sh quickstart.sh; do sh vpnsetup.sh
sh "$vpnsc"
systemctl restart xl2tpd systemctl restart xl2tpd
restart_ipsec restart_ipsec
if ! grep -qs 'release 9' /etc/oracle-release; then
restart_fail2ban restart_fail2ban
cat /var/log/fail2ban.log cat /var/log/fail2ban.log
fi
netstat -anpu | grep pluto netstat -anpu | grep pluto
netstat -anpu | grep xl2tpd netstat -anpu | grep xl2tpd
if grep -qs 'release 9' /etc/redhat-release; then
nft list ruleset
nft list ruleset | grep -q '192\.168\.42\.0/24'
nft list ruleset | grep -q '192\.168\.43\.0/24'
else
iptables -nvL iptables -nvL
iptables -nvL | grep -q 'ppp+' iptables -nvL | grep -q 'ppp+'
iptables -nvL | grep -q '192\.168\.43\.0/24' iptables -nvL | grep -q '192\.168\.43\.0/24'
iptables -nvL -t nat iptables -nvL -t nat
iptables -nvL -t nat | grep -q '192\.168\.42\.0/24' iptables -nvL -t nat | grep -q '192\.168\.42\.0/24'
iptables -nvL -t nat | grep -q '192\.168\.43\.0/24' iptables -nvL -t nat | grep -q '192\.168\.43\.0/24'
grep pluto "$log1" fi
grep xl2tpd "$log2" grep pluto "$log1"
ipsec status grep xl2tpd "$log2"
ipsec status | grep -q l2tp-psk ipsec status
ipsec status | grep -q xauth-psk ipsec status | grep -q l2tp-psk
ipsec status | grep -q ikev2-cp ipsec status | grep -q xauth-psk
ipsec status | grep -q ikev2-cp
ls -ld /etc/ipsec.d/vpnclient.mobileconfig ls -ld /etc/ipsec.d/vpnclient.mobileconfig
ls -ld /etc/ipsec.d/vpnclient.sswan ls -ld /etc/ipsec.d/vpnclient.sswan
ls -ld /etc/ipsec.d/vpnclient.p12 ls -ld /etc/ipsec.d/vpnclient.p12
ls -l /usr/bin/ikev2.sh ls -l /usr/bin/ikev2.sh
ls -l /usr/bin/addvpnuser.sh ls -l /usr/bin/addvpnuser.sh
ls -l /usr/bin/delvpnuser.sh ls -l /usr/bin/delvpnuser.sh
ls -l /opt/src/ikev2.sh ls -l /opt/src/ikev2.sh
ls -l /opt/src/addvpnuser.sh ls -l /opt/src/addvpnuser.sh
ls -l /opt/src/delvpnuser.sh ls -l /opt/src/delvpnuser.sh
bash vpnunst.sh <<ANSWERS bash vpnunst.sh <<ANSWERS
y y
ANSWERS ANSWERS
rm -f /etc/ipsec.d/vpnclient* rm -f /etc/ipsec.d/vpnclient*
if grep -qi stream /etc/redhat-release \ if grep -qi stream /etc/redhat-release \
|| grep -qs 'release 8' /etc/oracle-release; then || grep -qs -E 'release (8|9)' /etc/oracle-release; then
mkdir /etc/xl2tpd
fi
if grep -qs 'release 9' /etc/redhat-release; then
if grep -qi rocky /etc/redhat-release \
|| grep -qi alma /etc/redhat-release; then
mkdir /etc/xl2tpd mkdir /etc/xl2tpd
fi fi
done fi
if [ "$1" != "amazon" ]; then if [ "$1" != "amazon" ]; then
cp -f /opt/src/scripts/vpnsetup_centos.sh ./vpnsetup.sh cp -f /opt/src/scripts/vpnsetup_centos.sh ./vpnsetup.sh
@ -161,12 +178,18 @@ jobs:
netstat -anpu | grep pluto netstat -anpu | grep pluto
netstat -anpu | grep xl2tpd netstat -anpu | grep xl2tpd
iptables -nvL if grep -qs 'release 9' /etc/redhat-release; then
iptables -nvL | grep -q 'ppp+' nft list ruleset
iptables -nvL | grep -q '192\.168\.43\.0/24' nft list ruleset | grep -q '192\.168\.42\.0/24'
iptables -nvL -t nat nft list ruleset | grep -q '192\.168\.43\.0/24'
iptables -nvL -t nat | grep -q '192\.168\.42\.0/24' else
iptables -nvL -t nat | grep -q '192\.168\.43\.0/24' iptables -nvL
iptables -nvL | grep -q 'ppp+'
iptables -nvL | grep -q '192\.168\.43\.0/24'
iptables -nvL -t nat
iptables -nvL -t nat | grep -q '192\.168\.42\.0/24'
iptables -nvL -t nat | grep -q '192\.168\.43\.0/24'
fi
ipsec status ipsec status
ipsec status | grep -q l2tp-psk ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk ipsec status | grep -q xauth-psk
@ -512,7 +535,9 @@ jobs:
exit 0 exit 0
EOF EOF
if [ "$OS_VERSION" = "centos:8s" ]; then if [ "$OS_VERSION" = "centos:9s" ]; then
echo "FROM quay.io/centos/centos:stream9" > Dockerfile
elif [ "$OS_VERSION" = "centos:8s" ]; then
echo "FROM quay.io/centos/centos:stream8" > Dockerfile echo "FROM quay.io/centos/centos:stream8" > Dockerfile
else else
echo "FROM $OS_VERSION" > Dockerfile echo "FROM $OS_VERSION" > Dockerfile
@ -524,6 +549,13 @@ jobs:
WORKDIR /opt/src WORKDIR /opt/src
RUN if command -v amazon-linux-extras; then amazon-linux-extras install -y kernel-ng; fi RUN if command -v amazon-linux-extras; then amazon-linux-extras install -y kernel-ng; fi
EOF
if [ "$OS_VERSION" = "centos:9s" ]; then
echo "RUN yum -y -q install systemd" >> Dockerfile
fi
cat >> Dockerfile <<'EOF'
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ "$i" = \ RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ "$i" = \
systemd-tmpfiles-setup.service ] || rm -f "$i"; done); \ systemd-tmpfiles-setup.service ] || rm -f "$i"; done); \

81
.github/workflows/test_set_2.yml vendored
View File

@ -17,7 +17,7 @@ jobs:
if: github.repository_owner == 'hwdsl2' if: github.repository_owner == 'hwdsl2'
strategy: strategy:
matrix: matrix:
os_version: ["ubuntu:22.04", "ubuntu:20.04", "ubuntu:18.04", "debian:11", "debian:10", "debian:9", "alpine:3.15", "alpine:3.16"] os_version: ["ubuntu:22.04", "ubuntu:20.04", "ubuntu:18.04", "debian:11", "debian:10", "alpine:3.15", "alpine:3.16"]
fail-fast: false fail-fast: false
container: container:
image: ${{ matrix.os_version }} image: ${{ matrix.os_version }}
@ -92,59 +92,56 @@ jobs:
fi fi
cp -f "$GITHUB_WORKSPACE"/vpnsetup.sh . cp -f "$GITHUB_WORKSPACE"/vpnsetup.sh .
cp -f "$GITHUB_WORKSPACE"/extras/quickstart.sh .
cp -f "$GITHUB_WORKSPACE"/extras/vpnuninstall.sh ./vpnunst.sh cp -f "$GITHUB_WORKSPACE"/extras/vpnuninstall.sh ./vpnunst.sh
sed -i -e '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' \ sed -i -e '/curl /a sed -i "/swan_ver_latest=/s/^/#/" "$tmpdir/vpn.sh"' \
-e '/curl /a sed -i \x27/status=0/a sed -i "/swan_ver_latest=/s/^/#/" /opt/src/ikev2.sh\x27 "$tmpdir/vpn.sh"' \ -e '/curl /a sed -i \x27/status=0/a sed -i "/swan_ver_latest=/s/^/#/" /opt/src/ikev2.sh\x27 "$tmpdir/vpn.sh"' \
vpnsetup.sh quickstart.sh vpnsetup.sh
for vpnsc in vpnsetup.sh quickstart.sh; do sh vpnsetup.sh
sh "$vpnsc"
if [ "$os_type" = "alpine" ]; then if [ "$os_type" = "alpine" ]; then
xl2tpd -c /etc/xl2tpd/xl2tpd.conf xl2tpd -c /etc/xl2tpd/xl2tpd.conf
restart_ipsec restart_ipsec
else else
restart_ipsec restart_ipsec
restart_fail2ban restart_fail2ban
cat /var/log/fail2ban.log cat /var/log/fail2ban.log
fi fi
netstat -anpu | grep pluto netstat -anpu | grep pluto
netstat -anpu | grep xl2tpd netstat -anpu | grep xl2tpd
iptables -nvL iptables -nvL
iptables -nvL | grep -q 'ppp+' iptables -nvL | grep -q 'ppp+'
iptables -nvL | grep -q '192\.168\.43\.0/24' iptables -nvL | grep -q '192\.168\.43\.0/24'
iptables -nvL -t nat iptables -nvL -t nat
iptables -nvL -t nat | grep -q '192\.168\.42\.0/24' iptables -nvL -t nat | grep -q '192\.168\.42\.0/24'
iptables -nvL -t nat | grep -q '192\.168\.43\.0/24' iptables -nvL -t nat | grep -q '192\.168\.43\.0/24'
grep pluto "$log1" grep pluto "$log1"
grep xl2tpd "$log2" grep xl2tpd "$log2"
ipsec status ipsec status
ipsec status | grep -q l2tp-psk ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk ipsec status | grep -q xauth-psk
ipsec status | grep -q ikev2-cp ipsec status | grep -q ikev2-cp
ls -ld /etc/ipsec.d/vpnclient.mobileconfig ls -ld /etc/ipsec.d/vpnclient.mobileconfig
ls -ld /etc/ipsec.d/vpnclient.sswan ls -ld /etc/ipsec.d/vpnclient.sswan
ls -ld /etc/ipsec.d/vpnclient.p12 ls -ld /etc/ipsec.d/vpnclient.p12
ls -l /usr/bin/ikev2.sh ls -l /usr/bin/ikev2.sh
ls -l /usr/bin/addvpnuser.sh ls -l /usr/bin/addvpnuser.sh
ls -l /usr/bin/delvpnuser.sh ls -l /usr/bin/delvpnuser.sh
ls -l /opt/src/ikev2.sh ls -l /opt/src/ikev2.sh
ls -l /opt/src/addvpnuser.sh ls -l /opt/src/addvpnuser.sh
ls -l /opt/src/delvpnuser.sh ls -l /opt/src/delvpnuser.sh
bash vpnunst.sh <<ANSWERS bash vpnunst.sh <<ANSWERS
y y
ANSWERS ANSWERS
rm -f /etc/ipsec.d/vpnclient* rm -f /etc/ipsec.d/vpnclient*
if [ "$os_type" = "alpine" ]; then if [ "$os_type" = "alpine" ]; then
killall pluto || true killall pluto || true
killall xl2tpd || true killall xl2tpd || true
fi fi
done
if [ "$os_type" = "alpine" ]; then if [ "$os_type" = "alpine" ]; then
cp -f "$GITHUB_WORKSPACE"/vpnsetup_alpine.sh ./vpnsetup.sh cp -f "$GITHUB_WORKSPACE"/vpnsetup_alpine.sh ./vpnsetup.sh