Post script added

.github/vpn/config.ovpn

@@ -0,0 +1,46 @@
+dev tun
+tls-client
+
+remote AUTO_REPLACED_HOST AUTO_REPLACED_PORT
+
+# The "float" tells OpenVPN to accept authenticated packets from any address,
+# not only the address which was specified in the --remote option.
+# This is useful when you are connecting to a peer which holds a dynamic address
+# such as a dial-in user or DHCP client.
+# (Please refer to the manual of OpenVPN for more information.)
+
+#float
+
+# If redirect-gateway is enabled, the client will redirect it's
+# default network gateway through the VPN.
+# It means the VPN connection will firstly connect to the VPN Server
+# and then to the internet.
+# (Please refer to the manual of OpenVPN for more information.)
+
+#redirect-gateway def1
+
+# dhcp-option DNS: To set primary domain name server address.
+# Repeat this option to set secondary DNS server addresses.
+
+#dhcp-option DNS DNS_IP_ADDRESS
+
+pull
+
+# If you want to connect by Server's IPv6 address, you should use
+# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
+proto tcp-client
+
+script-security 2
+
+
+comp-lzo
+
+reneg-sec 0
+
+cipher AES-256-CBC
+
+auth SHA512
+
+auth-user-pass
+
+ca ca.crt

.github/workflows/test-action.yml

@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
 
 env:
-  VPN_DNS_SERVER: 10.33.33.1
+  VPN_DNS_SERVER: 192.168.1.1
 
 jobs:
   test:
@@ -22,30 +22,17 @@ jobs:
           host: ${{ secrets.VPN_HOST }}
           username: ${{ secrets.VPN_USERNAME }}
           password: ${{ secrets.VPN_PASSWORD }}
-          otp-hex: ${{ secrets.VPN_OTP }}
-          otp-timezone: 'Europe/Zurich'
+#          otp-hex: ${{ secrets.VPN_OTP }}
+#          otp-timezone: 'Europe/Zurich'
           dns-server: ${{ env.VPN_DNS_SERVER }}
           ca: ${{ secrets.VPN_CA_CRT }}
-          cert: ${{ secrets.VPN_CERT_CRT }}
-          cert-key: ${{ secrets.VPN_CERT_KEY }}
+#          cert: ${{ secrets.VPN_CERT_CRT }}
+#          cert-key: ${{ secrets.VPN_CERT_KEY }}
+          test-ping-ip-host: ${{ env.VPN_DNS_SERVER }}
+#          test-dns-host: google.ch
 
       - name: Test Ping
-        run: ping ${{ env.VPN_DNS_HOST }} -c5
+        run: ping ${{ env.VPN_DNS_SERVER }} -c5
 
       - name: Test DNS
-        run: dig dreikom.local
-
-      - name: Publish VPN log
-        if: always()
-        run: sudo chmod 777 vpn.log
-
-      - name: Upload VPN logs
-        uses: actions/upload-artifact@v3
-        if: always()
-        with:
-          name: VPN logs
-          path: vpn.log
-
-      - name: Kill VPN connection
-        if: always()
-        run: sudo killall openvpn
+        run: dig google.ch

action.yml

@@ -2,9 +2,6 @@ name: 'Connect OpenVPN'
 description: 'A GitHub Action for connecting to an OpenVPN SSL server '
 author: 'Raphael Büchi aka swissbuechi'
 inputs:
-  dns-server:
-    description: 'DNS server to use over the VPN'
-    required: true
   host:
     description: 'DNS or IP of OpenVPN server'
     required: true
@@ -14,16 +11,19 @@ inputs:
   password:
     description: 'VPN password'
     required: true
+  dns-server:
+    description: 'DNS server to use over the VPN'
+    required: false
   ovpn-config:
     description: 'Path to .ovpn config'
-    require: false
+    required: false
     default: '.github/vpn/config.ovpn'
-  # test-ping-ip-host:
-  #   description: 'Host IP to ping for VPN connection test, DNS names not supported, use test-dns-host instead'
-  #   required: false
-  # test-dns-host:
-  #   description: 'Internal hostname to resolve for VPN connection test'
-  #   required: false
+  test-ping-ip-host:
+    description: 'Host IP to ping for VPN connection test, DNS names not supported, use test-dns-host instead'
+    required: false
+  test-dns-host:
+    description: 'Hostname to resolve via VPN DNS server for VPN connection test'
+    required: false
   port:
     description: 'Port of OpenVPN server'
     required: false
@@ -84,13 +84,37 @@ runs:
       run: sudo openvpn --config ${{ inputs.ovpn-config }} --auth-user-pass secret.txt --log "vpn.log" --daemon
       shell: bash
 
-    - name: Update resolvconf
+    - name: Update DNS server
+      if: (inputs.dns-server != null)
       run: |
         sudo chmod 777 /etc/resolvconf/resolv.conf.d/head
         sudo echo "nameserver ${{ inputs.dns-server }}" >> /etc/resolvconf/resolv.conf.d/head
         sudo resolvconf -u
       shell: bash
 
-    - name: Wait for a VPN connection
-      run: timeout 60 until dig @${{ inputs.dns-server }} ${{ inputs.dns-server }} A +time=1; do sleep 2; done || exit 1
-      shell: bash
+    - name: Wait for a VPN connection with default DNS test
+      if: (inputs.dns-server != null) && (inputs.test-ping-ip-host == null) && (inputs.test-dns-host == null)
+      run: ./test-dns.sh ${{ inputs.dns-server }} ${{ inputs.dns-server }}
+      shell: bash
+
+    - name: Wait for a VPN connection with custom DNS test
+      if: (inputs.dns-server != null) && (inputs.test-dns-host != null)
+      run: ./test-dns.sh ${{ inputs.test-dns-host }} ${{ inputs.dns-server }}
+      shell: bash
+
+    - name: Wait for a VPN connection with default test ping ip host
+      if: inputs.test-ping-ip-host != null
+      run: ./test-ping.sh ${{ inputs.test-ping-ip-host }}
+      shell: bash
+
+    - name: Show VPN log
+      uses: webiny/[email protected]
+      if: always()
+      with:
+        run: sudo cat vpn.log
+
+    - name: Kill VPN connection
+      uses: webiny/[email protected]
+      if: always()
+      with:
+        run: sudo killall openvpn

test-dns.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+DOMAIN_NAME=$1
+DNS_SERVER=$2
+MAX=10
+INTERVAL=1
+COUNTER=0
+while [ $COUNTER -lt $MAX ]; do
+  # shellcheck disable=SC2034
+  output=$(dig @"$DNS_SERVER" +short "$DOMAIN_NAME")
+  # shellcheck disable=SC2181
+  if [ $? -eq 0 ]; then
+    echo "DNS resolution was successful."
+    exit 0
+  else
+    echo "DNS resolution failed."
+    COUNTER=$((COUNTER+INTERVAL))
+    sleep $INTERVAL
+  fi
+done
+echo "DNS resolution timed out"
+exit 1

test-ping.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+IP_ADDRESS=$1
+MAX=10
+INTERVAL=1
+COUNTER=0
+while [ $COUNTER -lt $MAX ]; do
+  # shellcheck disable=SC2034
+  output=$(ping -c 1 -W 1 "$IP_ADDRESS")
+  # shellcheck disable=SC2181
+  if [ $? -eq 0 ]; then
+    echo "Ping was successful."
+    exit 0
+  else
+    echo "Ping to $IP_ADDRESS failed."
+    COUNTER=$((COUNTER+INTERVAL))
+    sleep $INTERVAL
+  fi
+done
+echo "Ping timed out"
+exit 1