Initial commit

.github/workflows/test.yml

@@ -0,0 +1,16 @@
+---
+name: Test VPN
+on: [ push, workflow_dispatch ]
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./
+        with:
+          server: ${{ secrets.VPN_SERVER }}
+          psk: ${{ secrets.VPN_PSK }}
+          username: ${{ secrets.VPN_USERNAME }}
+          password: ${{ secrets.VPN_PASSWORD }}
+

action.yml

@@ -0,0 +1,26 @@
+name: 'Setup VPN connection'
+description: 'Connect Github Actions to VPN'
+author: 'Arne Jørgensen'
+branding:
+  color: green
+  icon: globe
+inputs:
+  server:
+    required: true
+    description: 'VPN server'
+  psk:
+    required: true
+    description: 'VPN pre-shared key'
+  username:
+    required: true
+    description: 'VPN username'
+  password:
+    required: true
+    description: 'VPN password'
+# outputs:
+#   pid:
+#     description: 'OpenVPN process ID'
+runs:
+  using: 'node20'
+  main: 'vpn.mjs'
+#  post: 'packages/action/dist/index.js'

run.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+mkdir -p /var/run/xl2tpd
+touch /var/run/xl2tpd/l2tp-control
+service strongswan restart
+service xl2tpd restart
+service ipsec restart
+sleep 8
+ipsec up L2TP-PSK
+sleep 8
+bash -c 'echo "c myVPN" > /var/run/xl2tpd/l2tp-control'
+sleep 8
+ifconfig

vpn.mjs

@@ -0,0 +1,110 @@
+// -*- javascript -*-
+// Config based on https://github.com/jabas06/l2tp-ipsec-vpn-client
+
+import { writeFile } from "fs";
+import { spawn } from "child_process";
+
+const server = process.env.INPUT_SERVER || "<VPN_SERVER>";
+const username = process.env.INPUT_USERNAME || "<VPN_USERNAME>";
+const password = process.env.INPUT_PASSWORD || "<VPN_PASSWORD>";
+const psk = process.env.INPUT_PSK || "<VPN_PSK>";
+
+let ipsecConf = process.env.GITHUB_ACTIONS ? "/etc/ipsec.conf" : "ipsec.conf";
+let ipsecSecrets = process.env.GITHUB_ACTIONS
+  ? "/etc/ipsec.secrets"
+  : "ipsec.secrets";
+let xl2tpdConf = process.env.GITHUB_ACTIONS
+  ? "/etc/xl2tpd/xl2tpd.conf"
+  : "xl2tpd.conf";
+let optionsL2tpdClient = process.env.GITHUB_ACTIONS
+  ? "/etc/ppp/options.l2tpd.client"
+  : "options.l2tpd.client";
+
+async function vpn() {
+  const ipsecConfContent = `
+config setup
+
+conn %default
+    ikelifetime=60m
+    keylife=20m
+    rekeymargin=3m
+    keyingtries=1
+    keyexchange=ikev1
+    authby=secret
+    ike=aes128-sha1-modp1024,3des-sha1-modp1024!
+    esp=aes128-sha1-modp1024,3des-sha1-modp1024!
+
+conn L2TP-PSK
+    keyexchange=ikev1
+    left=%defaultroute
+    auto=add
+    authby=secret
+    type=transport
+    leftprotoport=17/1701
+    rightprotoport=17/1701
+    right=${server}
+`;
+
+  await writeFile(ipsecConf, ipsecConfContent.trim(), (err) => {
+    if (err) throw err;
+  });
+
+  await writeFile(ipsecSecrets, psk, (err) => {
+    if (err) throw err;
+  });
+
+  const xl2tpdConfigContent = `
+[lac myVPN]
+lns = ${server}
+ppp debug = yes
+pppoptfile = /etc/ppp/options.l2tpd.client
+length bit = yes
+`;
+
+  await writeFile(xl2tpdConf, xl2tpdConfigContent.trim(), (err) => {
+    if (err) throw err;
+  });
+
+  const optionsL2tpdClientContent = `
+ipcp-accept-local
+ipcp-accept-remote
+refuse-eap
+require-mschap-v2
+noccp
+noauth
+logfile /var/log/xl2tpd.log
+idle 1800
+mtu 1410
+mru 1410
+defaultroute
+usepeerdns
+debug
+connect-delay 5000
+name ${username}
+password ${password}
+`;
+
+  await writeFile(
+    optionsL2tpdClient,
+    optionsL2tpdClientContent.trim(),
+    (err) => {
+      if (err) throw err;
+    },
+  );
+}
+
+await vpn();
+
+spawn("./run.sh", [], { stdio: "inherit" });
+
+// sudo mkdir -p /var/run/xl2tpd
+// sudo touch /var/run/xl2tpd/l2tp-control
+// sudo service strongswan restart
+// sudo service xl2tpd restart
+// sudo service ipsec restart
+// sleep 8
+// sudo ipsec up L2TP-PSK
+// sleep 8
+// sudo bash -c 'echo "c myVPN" > /var/run/xl2tpd/l2tp-control'
+// sleep 8
+// ifconfig