Initial commit

.github/workflows/test.yml

@@ -0,0 +1,16 @@
+---
+name: Test VPN
+on: [ push, workflow_dispatch ]
+
+jobs:
+  test-vpn:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./
+        with:
+          server: ${{ secrets.VPN_SERVER }}
+          psk: ${{ secrets.VPN_PSK }}
+          username: ${{ secrets.VPN_USERNAME }}
+          password: ${{ secrets.VPN_PASSWORD }}
+      - run: curl --silent https://canhazip.com

action.yml

@@ -0,0 +1,26 @@
+name: 'Setup VPN connection'
+description: 'Connect Github Actions to VPN'
+author: 'Arne Jørgensen'
+branding:
+  color: green
+  icon: globe
+inputs:
+  server:
+    required: true
+    description: 'VPN server'
+  psk:
+    required: true
+    description: 'VPN pre-shared key'
+  username:
+    required: true
+    description: 'VPN username'
+  password:
+    required: true
+    description: 'VPN password'
+# outputs:
+#   pid:
+#     description: 'OpenVPN process ID'
+runs:
+  using: 'node20'
+  main: 'vpn-up.mjs'
+  post: 'vpn-down.mjs'

vpn-down.mjs

@@ -0,0 +1,6 @@
+// -*- javascript -*-
+// Config based on https://github.com/jabas06/l2tp-ipsec-vpn-client
+
+import { spawn } from "child_process";
+
+spawn("sudo", ["./vpn-up.sh"], { stdio: "inherit" });

vpn-down.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+bash -c 'echo "d myVPN" > /var/run/xl2tpd/l2tp-control'
+ipsec down L2TP-PSK

vpn-up.mjs

@@ -0,0 +1,92 @@
+// -*- javascript -*-
+// Config based on https://github.com/jabas06/l2tp-ipsec-vpn-client
+
+import { writeFile } from "fs";
+import { spawn } from "child_process";
+
+const server = process.env.INPUT_SERVER || "<VPN_SERVER>";
+const username = process.env.INPUT_USERNAME || "<VPN_USERNAME>";
+const password = process.env.INPUT_PASSWORD || "<VPN_PASSWORD>";
+const psk = process.env.INPUT_PSK || "<VPN_PSK>";
+
+let ipsecConf = "ipsec.conf";
+let ipsecSecrets = "ipsec.secrets";
+let xl2tpdConf = "xl2tpd.conf";
+let optionsL2tpdClient = "options.l2tpd.client";
+
+async function vpn() {
+  const ipsecConfContent = `
+config setup
+
+conn %default
+    ikelifetime=60m
+    keylife=20m
+    rekeymargin=3m
+    keyingtries=1
+    keyexchange=ikev1
+    authby=secret
+    ike=aes128-sha1-modp1024,3des-sha1-modp1024!
+    esp=aes128-sha1-modp1024,3des-sha1-modp1024!
+
+conn L2TP-PSK
+    keyexchange=ikev1
+    left=%defaultroute
+    auto=add
+    authby=secret
+    type=transport
+    leftprotoport=17/1701
+    rightprotoport=17/1701
+    right=${server}
+`;
+
+  await writeFile(ipsecConf, ipsecConfContent.trim(), (err) => {
+    if (err) throw err;
+  });
+
+  await writeFile(ipsecSecrets, psk, (err) => {
+    if (err) throw err;
+  });
+
+  const xl2tpdConfigContent = `
+[lac myVPN]
+lns = ${server}
+ppp debug = yes
+pppoptfile = /etc/ppp/options.l2tpd.client
+length bit = yes
+`;
+
+  await writeFile(xl2tpdConf, xl2tpdConfigContent.trim(), (err) => {
+    if (err) throw err;
+  });
+
+  const optionsL2tpdClientContent = `
+ipcp-accept-local
+ipcp-accept-remote
+refuse-eap
+require-mschap-v2
+noccp
+noauth
+logfile /var/log/xl2tpd.log
+idle 1800
+mtu 1410
+mru 1410
+defaultroute
+usepeerdns
+debug
+connect-delay 5000
+name ${username}
+password ${password}
+`;
+
+  await writeFile(
+    optionsL2tpdClient,
+    optionsL2tpdClientContent.trim(),
+    (err) => {
+      if (err) throw err;
+    },
+  );
+}
+
+await vpn();
+
+spawn("sudo", ["./vpn-up.sh"], { stdio: "inherit" });

vpn-up.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+apt-get --quiet --assume-yes update
+apt-get --quiet --assume-yes install strongswan xl2tpd
+
+mkdir -p /var/run/xl2tpd
+mkdir -p /etc/xl2tpd
+mkdir -p /etc/ppp
+
+cp ipsec.conf /etc/ipsec.conf
+cp ipsec.secrets /etc/ipsec.secrets
+cp xl2tpd.conf /etc/xl2tpd/xl2tpd.conf
+cp options.l2tpd.client /etc/ppp/options.l2tpd.client
+
+touch /var/run/xl2tpd/l2tp-control
+systemctl restart strongswan-starter xl2tpd ipsec
+sleep 8
+ipsec up L2TP-PSK
+sleep 8
+bash -c 'echo "c myVPN" > /var/run/xl2tpd/l2tp-control'
+sleep 8
+ifconfig