name: vpn test on: push: branches: [master] paths: - '**.sh' - '.github/workflows/main.yml' schedule: - cron: '25 2 * * 0,4' jobs: shellcheck: runs-on: ubuntu-20.04 if: github.repository_owner == 'hwdsl2' && github.event_name == 'push' steps: - uses: actions/checkout@v2 with: persist-credentials: false - name: Check if: success() run: | if [ ! -x /usr/bin/shellcheck ]; then export DEBIAN_FRONTEND=noninteractive sudo apt-get -yq update sudo apt-get -yq install shellcheck fi cd "$GITHUB_WORKSPACE" pwd ls -ld vpnsetup.sh export SHELLCHECK_OPTS="-e SC1091,SC1117" shellcheck --version shopt -s globstar ls -ld -- **/*.sh shellcheck **/*.sh test_set_1: runs-on: ubuntu-20.04 if: github.repository_owner == 'hwdsl2' strategy: matrix: os_version: ["centos:8", "centos:7", "ubuntu:16.04"] fail-fast: false env: OS_VERSION: ${{ matrix.os_version }} EVENT_NAME: ${{ github.event_name }} steps: - name: Build run: | if [ "$EVENT_NAME" = "push" ]; then echo "Waiting 60 seconds..." sleep 60 fi mkdir -p "$GITHUB_WORKSPACE/testing/${OS_VERSION//:}" cd "$GITHUB_WORKSPACE/testing/${OS_VERSION//:}" cat > run.sh <<'EOF' #!/bin/bash set -e trap 'catch $? $LINENO' ERR catch() { echo "Error $1 occurred on line $2." cat -n -- "$0" | tail -n+"$(($2 - 3))" | head -n7 exit 1 } if [ "$1" = "centos" ]; then yum -y update yum -y -q install wget rsyslog systemctl start rsyslog wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-centos else export DEBIAN_FRONTEND=noninteractive apt-get -yq update apt-get -yq dist-upgrade apt-get -yq install wget rsyslog service rsyslog start wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup fi sh vpnsetup.sh if [ "$1" = "centos" ]; then systemctl start ipsec systemctl start xl2tpd sleep 5 systemctl restart fail2ban else sleep 5 service fail2ban restart fi sleep 5 netstat -anpu | grep pluto netstat -anpu | grep xl2tpd iptables -nL iptables -nL | grep -q '192\.168\.42\.0/24' iptables -nL -t nat iptables -nL -t nat | grep -q '192\.168\.43\.0/24' if [ "$1" = "centos" ]; then grep pluto /var/log/secure grep pluto /var/log/secure | grep -q 'added IKEv1 connection "l2tp-psk"' grep pluto /var/log/secure | grep -q 'added IKEv1 connection "xauth-psk"' grep xl2tpd /var/log/messages else grep pluto /var/log/auth.log grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "l2tp-psk"' grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "xauth-psk"' grep xl2tpd /var/log/syslog fi cat /var/log/fail2ban.log grep -E "Jail '(sshd?|ssh-iptables)' started" /var/log/fail2ban.log VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \ VPN_USER='your_vpn_username' \ VPN_PASSWORD='your_vpn_password' \ sh vpnsetup.sh if [ "$1" = "centos" ]; then systemctl restart ipsec fi sleep 10 grep "your_ipsec_pre_shared_key" /etc/ipsec.secrets grep "your_vpn_username" /etc/ppp/chap-secrets grep "your_vpn_password" /etc/ppp/chap-secrets grep "your_vpn_username" /etc/ipsec.d/passwd wget -t 3 -T 30 -nv -O ikev2.sh https://git.io/ikev2setup # hwdsl2 sed -i 's/pk12util/pk12util -W test/' ikev2.sh bash ikev2.sh < Dockerfile <> Dockerfile <<'EOF' ENV container docker WORKDIR /opt/src RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ "$i" = \ systemd-tmpfiles-setup.service ] || rm -f "$i"; done); \ rm -f /lib/systemd/system/multi-user.target.wants/*; \ rm -f /etc/systemd/system/*.wants/*; \ rm -f /lib/systemd/system/local-fs.target.wants/*; \ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ rm -f /lib/systemd/system/basic.target.wants/*; \ rm -f /lib/systemd/system/anaconda.target.wants/*; COPY ./run.sh /opt/src/run.sh RUN chmod 755 /opt/src/run.sh VOLUME [ "/sys/fs/cgroup" ] CMD ["/sbin/init"] EOF cat Dockerfile cat run.sh docker build -t "${OS_VERSION//:}-test" . - name: Test if: success() run: | docker run -d --name "${OS_VERSION//:}-test-1" -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ --privileged "${OS_VERSION//:}-test" sleep 10 docker exec "${OS_VERSION//:}-test-1" /opt/src/run.sh "${OS_VERSION::6}" - name: Clear if: always() run: | rm -rf "$GITHUB_WORKSPACE/testing/${OS_VERSION//:}" docker rm -f "${OS_VERSION//:}-test-1" || true docker rmi "${OS_VERSION//:}-test" || true test_set_2: runs-on: ubuntu-20.04 if: github.repository_owner == 'hwdsl2' strategy: matrix: os_version: ["ubuntu:20.04", "ubuntu:18.04", "debian:10", "debian:9"] fail-fast: false container: image: ${{ matrix.os_version }} env: EVENT_NAME: ${{ github.event_name }} options: --privileged -v /lib/modules:/lib/modules:ro steps: - name: Test run: | if [ "$EVENT_NAME" = "push" ]; then echo "Waiting 60 seconds..." sleep 60 fi mkdir -p /opt/src cd /opt/src echo "# hwdsl2" > run.sh export DEBIAN_FRONTEND=noninteractive apt-get -yq update apt-get -yq dist-upgrade apt-get -yq install wget rsyslog service rsyslog start wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup sh vpnsetup.sh sleep 5 service fail2ban restart sleep 5 netstat -anpu | grep pluto netstat -anpu | grep xl2tpd iptables -nL iptables -nL | grep -q '192\.168\.42\.0/24' iptables -nL -t nat iptables -nL -t nat | grep -q '192\.168\.43\.0/24' grep pluto /var/log/auth.log grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "l2tp-psk"' grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "xauth-psk"' grep xl2tpd /var/log/syslog cat /var/log/fail2ban.log grep -E "Jail '(sshd?|ssh-iptables)' started" /var/log/fail2ban.log VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \ VPN_USER='your_vpn_username' \ VPN_PASSWORD='your_vpn_password' \ sh vpnsetup.sh sleep 10 grep "your_ipsec_pre_shared_key" /etc/ipsec.secrets grep "your_vpn_username" /etc/ppp/chap-secrets grep "your_vpn_password" /etc/ppp/chap-secrets grep "your_vpn_username" /etc/ipsec.d/passwd wget -t 3 -T 30 -nv -O ikev2.sh https://git.io/ikev2setup sed -i 's/pk12util/pk12util -W test/' ikev2.sh bash ikev2.sh <