Marown/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2024-06-28 00:26:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update tests

Browse Source 
- Add tests for Amazon Linux 2
- Other minor improvements
This commit is contained in:
hwdsl2 2020-12-28 00:45:59 -06:00
parent 8c166aa4c1
commit 8c859e7c43
1 changed files with 38 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
.github/workflows/main.yml vendored
View File

@ -41,7 +41,7 @@ jobs:
if: github.repository_owner == 'hwdsl2' if: github.repository_owner == 'hwdsl2'
strategy: strategy:
matrix: matrix:
os_version: ["centos:8", "centos:7", "ubuntu:16.04"] os_version: ["centos:8", "centos:7", "amazonlinux:2", "ubuntu:16.04"]
fail-fast: false fail-fast: false
env: env:
OS_VERSION: ${{ matrix.os_version }} OS_VERSION: ${{ matrix.os_version }}
@ -69,11 +69,15 @@ jobs:
exit 1 exit 1
} }
if [ "$1" = "centos" ]; then if [ "$1" = "centos" ] || [ "$1" = "amazon" ]; then
yum -y update yum -y update
yum -y -q install wget rsyslog yum -y -q install wget rsyslog
systemctl start rsyslog systemctl start rsyslog
wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-centos if [ "$1" = "centos" ]; then
wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup-centos
else
wget -t 3 -T 30 -nv -O vpnsetup.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/vpnsetup_amzn.sh
fi
else else
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
apt-get -yq update apt-get -yq update
@ -84,7 +88,7 @@ jobs:
fi fi
sh vpnsetup.sh sh vpnsetup.sh
if [ "$1" = "centos" ]; then if [ "$1" = "centos" ] || [ "$1" = "amazon" ]; then
systemctl start ipsec systemctl start ipsec
systemctl start xl2tpd systemctl start xl2tpd
sleep 5 sleep 5
@ -101,17 +105,16 @@ jobs:
iptables -nL | grep -q '192\.168\.42\.0/24' iptables -nL | grep -q '192\.168\.42\.0/24'
iptables -nL -t nat iptables -nL -t nat
iptables -nL -t nat | grep -q '192\.168\.43\.0/24' iptables -nL -t nat | grep -q '192\.168\.43\.0/24'
if [ "$1" = "centos" ]; then if [ "$1" = "centos" ] || [ "$1" = "amazon" ]; then
grep pluto /var/log/secure grep pluto /var/log/secure
grep pluto /var/log/secure | grep -q 'added IKEv1 connection "l2tp-psk"'
grep pluto /var/log/secure | grep -q 'added IKEv1 connection "xauth-psk"'
grep xl2tpd /var/log/messages grep xl2tpd /var/log/messages
else else
grep pluto /var/log/auth.log grep pluto /var/log/auth.log
grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "l2tp-psk"'
grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "xauth-psk"'
grep xl2tpd /var/log/syslog grep xl2tpd /var/log/syslog
fi fi
ipsec status
ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk
cat /var/log/fail2ban.log cat /var/log/fail2ban.log
grep -E "Jail '(sshd?|ssh-iptables)' started" /var/log/fail2ban.log grep -E "Jail '(sshd?|ssh-iptables)' started" /var/log/fail2ban.log
@ -119,7 +122,7 @@ jobs:
VPN_USER='your_vpn_username' \ VPN_USER='your_vpn_username' \
VPN_PASSWORD='your_vpn_password' \ VPN_PASSWORD='your_vpn_password' \
sh vpnsetup.sh sh vpnsetup.sh
if [ "$1" = "centos" ]; then if [ "$1" = "centos" ] || [ "$1" = "amazon" ]; then
systemctl restart ipsec systemctl restart ipsec
fi fi
@ -143,16 +146,16 @@ jobs:
ls -ld /etc/ipsec.d/ikev2vpnca*.cer ls -ld /etc/ipsec.d/ikev2vpnca*.cer
ls -ld /etc/ipsec.d/vpnclient*.p12 ls -ld /etc/ipsec.d/vpnclient*.p12
if [ "$1" = "centos" ]; then if [ "$1" = "centos" ] || [ "$1" = "amazon" ]; then
systemctl restart ipsec systemctl restart ipsec
sleep 10 sleep 10
grep pluto /var/log/secure | tail -n 20 grep pluto /var/log/secure | tail -n 20
grep pluto /var/log/secure | grep -q 'added IKEv2 connection "ikev2-cp"'
else else
sleep 10 sleep 10
grep pluto /var/log/auth.log | tail -n 20 grep pluto /var/log/auth.log | tail -n 20
grep pluto /var/log/auth.log | grep -q 'added IKEv2 connection "ikev2-cp"'
fi fi
ipsec status
ipsec status | grep -q ikev2-cp
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
y y
@ -163,10 +166,14 @@ jobs:
ls -ld /etc/ipsec.d/vpnclient2*.p12 ls -ld /etc/ipsec.d/vpnclient2*.p12
if [ "$1" = "centos" ]; then if [ "$1" = "centos" ] || [ "$1" = "amazon" ]; then
sed -i '/pluto/d' /var/log/secure sed -i '/pluto/d' /var/log/secure
pkill -HUP rsyslog pkill -HUP rsyslog
wget -t 3 -T 30 -nv -O vpnupgrade.sh https://git.io/vpnupgrade-centos if [ "$1" = "centos" ]; then
wget -t 3 -T 30 -nv -O vpnupgrade.sh https://git.io/vpnupgrade-centos
else
wget -t 3 -T 30 -nv -O vpnupgrade.sh https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/vpnupgrade_amzn.sh
fi
else else
sed -i '/pluto/d' /var/log/auth.log sed -i '/pluto/d' /var/log/auth.log
pkill -HUP rsyslog pkill -HUP rsyslog
@ -177,20 +184,18 @@ jobs:
y y
ANSWERS ANSWERS
if [ "$1" = "centos" ]; then if [ "$1" = "centos" ] || [ "$1" = "amazon" ]; then
systemctl restart ipsec systemctl restart ipsec
sleep 10 sleep 10
grep pluto /var/log/secure grep pluto /var/log/secure
grep pluto /var/log/secure | grep -q 'added IKEv1 connection "l2tp-psk"'
grep pluto /var/log/secure | grep -q 'added IKEv1 connection "xauth-psk"'
grep pluto /var/log/secure | grep -q 'added IKEv2 connection "ikev2-cp"'
else else
sleep 10 sleep 10
grep pluto /var/log/auth.log grep pluto /var/log/auth.log
grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "l2tp-psk"'
grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "xauth-psk"'
grep pluto /var/log/auth.log | grep -q 'added IKEv2 connection "ikev2-cp"'
fi fi
ipsec status
ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk
ipsec status | grep -q ikev2-cp
ls -ld vpnsetup.sh ls -ld vpnsetup.sh
ls -ld ikev2.sh ls -ld ikev2.sh
@ -208,6 +213,8 @@ jobs:
ENV container docker ENV container docker
WORKDIR /opt/src WORKDIR /opt/src
RUN if command -v amazon-linux-extras; then amazon-linux-extras install -y kernel-ng; fi
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ "$i" = \ RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ "$i" = \
systemd-tmpfiles-setup.service ] || rm -f "$i"; done); \ systemd-tmpfiles-setup.service ] || rm -f "$i"; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*; \ rm -f /lib/systemd/system/multi-user.target.wants/*; \
@ -287,9 +294,10 @@ jobs:
iptables -nL -t nat iptables -nL -t nat
iptables -nL -t nat | grep -q '192\.168\.43\.0/24' iptables -nL -t nat | grep -q '192\.168\.43\.0/24'
grep pluto /var/log/auth.log grep pluto /var/log/auth.log
grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "l2tp-psk"'
grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "xauth-psk"'
grep xl2tpd /var/log/syslog grep xl2tpd /var/log/syslog
ipsec status
ipsec status | grep -q l2tp-psk
ipsec status | grep -q xauth-psk
cat /var/log/fail2ban.log cat /var/log/fail2ban.log
grep -E "Jail '(sshd?|ssh-iptables)' started" /var/log/fail2ban.log grep -E "Jail '(sshd?|ssh-iptables)' started" /var/log/fail2ban.log
@ -320,7 +328,8 @@ jobs:
ls -ld /etc/ipsec.d/vpnclient*.p12 ls -ld /etc/ipsec.d/vpnclient*.p12
sleep 10 sleep 10
grep pluto /var/log/auth.log | tail -n 20 grep pluto /var/log/auth.log | tail -n 20
grep pluto /var/log/auth.log | grep -q 'added IKEv2 connection "ikev2-cp"' ipsec status
ipsec status | grep -q ikev2-cp
bash ikev2.sh <<ANSWERS bash ikev2.sh <<ANSWERS
y y
@ -341,9 +350,10 @@ jobs:
sleep 10 sleep 10
grep pluto /var/log/auth.log grep pluto /var/log/auth.log
grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "l2tp-psk"' ipsec status
grep pluto /var/log/auth.log | grep -q 'added IKEv1 connection "xauth-psk"' ipsec status | grep -q l2tp-psk
grep pluto /var/log/auth.log | grep -q 'added IKEv2 connection "ikev2-cp"' ipsec status | grep -q xauth-psk
ipsec status | grep -q ikev2-cp
ls -ld vpnsetup.sh ls -ld vpnsetup.sh
ls -ld ikev2.sh ls -ld ikev2.sh