From 47ae8f63b0be3a31e1fed8f47cc75481342d17b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= Date: Wed, 28 Aug 2024 14:20:32 +0200 Subject: [PATCH] Initial commit --- .github/workflows/test.yml | 16 +++++++ action.yml | 26 +++++++++++ run.sh | 21 +++++++++ vpn.mjs | 92 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 155 insertions(+) create mode 100644 .github/workflows/test.yml create mode 100644 action.yml create mode 100755 run.sh create mode 100644 vpn.mjs diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..8b73ae7 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,16 @@ +--- +name: Test VPN +on: [ push, workflow_dispatch ] + +jobs: + test-vpn: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: ./ + with: + server: ${{ secrets.VPN_SERVER }} + psk: ${{ secrets.VPN_PSK }} + username: ${{ secrets.VPN_USERNAME }} + password: ${{ secrets.VPN_PASSWORD }} + - run: curl https://canhazip.com diff --git a/action.yml b/action.yml new file mode 100644 index 0000000..6d29af8 --- /dev/null +++ b/action.yml @@ -0,0 +1,26 @@ +name: 'Setup VPN connection' +description: 'Connect Github Actions to VPN' +author: 'Arne Jørgensen' +branding: + color: green + icon: globe +inputs: + server: + required: true + description: 'VPN server' + psk: + required: true + description: 'VPN pre-shared key' + username: + required: true + description: 'VPN username' + password: + required: true + description: 'VPN password' +# outputs: +# pid: +# description: 'OpenVPN process ID' +runs: + using: 'node20' + main: 'vpn.mjs' +# post: 'packages/action/dist/index.js' diff --git a/run.sh b/run.sh new file mode 100755 index 0000000..acf6160 --- /dev/null +++ b/run.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +sudo apt -y install strongswan xl2tpd + +mkdir -p /var/run/xl2tpd +mkdir -p /etc/xl2tpd +mkdir -p /etc/ppp + +cp ipsec.conf /etc/ipsec.conf +cp ipsec.secrets /etc/ipsec.secrets +cp xl2tpd.conf /etc/xl2tpd/xl2tpd.conf +cp options.xl2tpd.client /etc/ppp/options.xl2tpd.client + +touch /var/run/xl2tpd/l2tp-control +systemctl restart strongswan xl2tpd ipsec +sleep 8 +ipsec up L2TP-PSK +sleep 8 +bash -c 'echo "c myVPN" > /var/run/xl2tpd/l2tp-control' +sleep 8 +ifconfig diff --git a/vpn.mjs b/vpn.mjs new file mode 100644 index 0000000..6b0e109 --- /dev/null +++ b/vpn.mjs @@ -0,0 +1,92 @@ +// -*- javascript -*- +// Config based on https://github.com/jabas06/l2tp-ipsec-vpn-client + +import { writeFile } from "fs"; +import { spawn } from "child_process"; + +const server = process.env.INPUT_SERVER || ""; +const username = process.env.INPUT_USERNAME || ""; +const password = process.env.INPUT_PASSWORD || ""; +const psk = process.env.INPUT_PSK || ""; + +let ipsecConf = "ipsec.conf"; +let ipsecSecrets = "ipsec.secrets"; +let xl2tpdConf = "xl2tpd.conf"; +let optionsL2tpdClient = "options.l2tpd.client"; + +async function vpn() { + const ipsecConfContent = ` +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + authby=secret + ike=aes128-sha1-modp1024,3des-sha1-modp1024! + esp=aes128-sha1-modp1024,3des-sha1-modp1024! + +conn L2TP-PSK + keyexchange=ikev1 + left=%defaultroute + auto=add + authby=secret + type=transport + leftprotoport=17/1701 + rightprotoport=17/1701 + right=${server} +`; + + await writeFile(ipsecConf, ipsecConfContent.trim(), (err) => { + if (err) throw err; + }); + + await writeFile(ipsecSecrets, psk, (err) => { + if (err) throw err; + }); + + const xl2tpdConfigContent = ` +[lac myVPN] +lns = ${server} +ppp debug = yes +pppoptfile = /etc/ppp/options.l2tpd.client +length bit = yes +`; + + await writeFile(xl2tpdConf, xl2tpdConfigContent.trim(), (err) => { + if (err) throw err; + }); + + const optionsL2tpdClientContent = ` +ipcp-accept-local +ipcp-accept-remote +refuse-eap +require-mschap-v2 +noccp +noauth +logfile /var/log/xl2tpd.log +idle 1800 +mtu 1410 +mru 1410 +defaultroute +usepeerdns +debug +connect-delay 5000 +name ${username} +password ${password} +`; + + await writeFile( + optionsL2tpdClient, + optionsL2tpdClientContent.trim(), + (err) => { + if (err) throw err; + }, + ); +} + +await vpn(); + +spawn("sudo", ["./run.sh"], { stdio: "inherit" });