From fcc7b2522331f2e4a9f60baa7cfa4909bd395aa4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= Date: Wed, 28 Aug 2024 14:12:35 +0200 Subject: [PATCH] Initial commit --- .github/workflows/test.yml | 16 ++++++ action.yml | 26 +++++++++ run.sh | 12 ++++ vpn.mjs | 111 +++++++++++++++++++++++++++++++++++++ 4 files changed, 165 insertions(+) create mode 100644 .github/workflows/test.yml create mode 100644 action.yml create mode 100755 run.sh create mode 100644 vpn.mjs diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..a3fc2ec --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,16 @@ +--- +name: Test VPN +on: [ push, workflow_dispatch ] + +jobs: + build: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: ./ + with: + server: ${{ secrets.VPN_SERVER }} + psk: ${{ secrets.VPN_PSK }} + username: ${{ secrets.VPN_USERNAME }} + password: ${{ secrets.VPN_PASSWORD }} + diff --git a/action.yml b/action.yml new file mode 100644 index 0000000..6d29af8 --- /dev/null +++ b/action.yml @@ -0,0 +1,26 @@ +name: 'Setup VPN connection' +description: 'Connect Github Actions to VPN' +author: 'Arne Jørgensen' +branding: + color: green + icon: globe +inputs: + server: + required: true + description: 'VPN server' + psk: + required: true + description: 'VPN pre-shared key' + username: + required: true + description: 'VPN username' + password: + required: true + description: 'VPN password' +# outputs: +# pid: +# description: 'OpenVPN process ID' +runs: + using: 'node20' + main: 'vpn.mjs' +# post: 'packages/action/dist/index.js' diff --git a/run.sh b/run.sh new file mode 100755 index 0000000..d795f90 --- /dev/null +++ b/run.sh @@ -0,0 +1,12 @@ +#!/bin/bash +mkdir -p /var/run/xl2tpd +touch /var/run/xl2tpd/l2tp-control +service strongswan restart +service xl2tpd restart +service ipsec restart +sleep 8 +ipsec up L2TP-PSK +sleep 8 +bash -c 'echo "c myVPN" > /var/run/xl2tpd/l2tp-control' +sleep 8 +ifconfig diff --git a/vpn.mjs b/vpn.mjs new file mode 100644 index 0000000..cb7f319 --- /dev/null +++ b/vpn.mjs @@ -0,0 +1,111 @@ +// -*- javascript -*- +// Config based on https://github.com/jabas06/l2tp-ipsec-vpn-client + +import { writeFile } from "fs"; +import { spawn } from "child_process"; + +const server = process.env.INPUT_SERVER || ""; +const username = process.env.INPUT_USERNAME || ""; +const password = process.env.INPUT_PASSWORD || ""; +const psk = process.env.INPUT_PSK || ""; + +let ipsecConf = process.env.GITHUB_ACTIONS ? "/etc/ipsec.conf" : "ipsec.conf"; +let ipsecSecrets = process.env.GITHUB_ACTIONS + ? "/etc/ipsec.secrets" + : "ipsec.secrets"; +let xl2tpdConf = process.env.GITHUB_ACTIONS + ? "/etc/xl2tpd/xl2tpd.conf" + : "xl2tpd.conf"; +let optionsL2tpdClient = process.env.GITHUB_ACTIONS + ? "/etc/ppp/options.l2tpd.client" + : "options.l2tpd.client"; + +async function vpn() { + const ipsecConfContent = ` +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + authby=secret + ike=aes128-sha1-modp1024,3des-sha1-modp1024! + esp=aes128-sha1-modp1024,3des-sha1-modp1024! + +conn L2TP-PSK + keyexchange=ikev1 + left=%defaultroute + auto=add + authby=secret + type=transport + leftprotoport=17/1701 + rightprotoport=17/1701 + right=${server} +`; + + await writeFile(ipsecConf, ipsecConfContent.trim(), (err) => { + if (err) throw err; + }); + + await writeFile(ipsecSecrets, psk, (err) => { + if (err) throw err; + }); + + const xl2tpdConfigContent = ` +[lac myVPN] +lns = ${server} +ppp debug = yes +pppoptfile = /etc/ppp/options.l2tpd.client +length bit = yes +`; + + await writeFile(xl2tpdConf, xl2tpdConfigContent.trim(), (err) => { + if (err) throw err; + }); + + const optionsL2tpdClientContent = ` +ipcp-accept-local +ipcp-accept-remote +refuse-eap +require-mschap-v2 +noccp +noauth +logfile /var/log/xl2tpd.log +idle 1800 +mtu 1410 +mru 1410 +defaultroute +usepeerdns +debug +connect-delay 5000 +name ${username} +password ${password} +`; + + await writeFile( + optionsL2tpdClient, + optionsL2tpdClientContent.trim(), + (err) => { + if (err) throw err; + }, + ); +} + +spawn("sudo", ["id", "-a"], { stdio: "inherit" }); +await vpn(); + +spawn("./run.sh", [], { stdio: "inherit" }); + +// sudo mkdir -p /var/run/xl2tpd +// sudo touch /var/run/xl2tpd/l2tp-control +// sudo service strongswan restart +// sudo service xl2tpd restart +// sudo service ipsec restart +// sleep 8 +// sudo ipsec up L2TP-PSK +// sleep 8 +// sudo bash -c 'echo "c myVPN" > /var/run/xl2tpd/l2tp-control' +// sleep 8 +// ifconfig