diff --git a/.github/workflows/integration-tests.yaml b/.github/workflows/integration-tests.yaml
index 4dd0054..86ba80f 100644
--- a/.github/workflows/integration-tests.yaml
+++ b/.github/workflows/integration-tests.yaml
@@ -43,12 +43,12 @@ jobs:
           table ip aproxy {
                   chain prerouting {
                           type nat hook prerouting priority dstnat; policy accept;
-                          ip daddr != \$private-ips tcp dport { 80, 443, 11371, 4242 } counter dnat to \$default-ip:\$aproxy-port
+                          ct state new ip daddr != \$private-ips tcp dport { 80, 443, 11371, 4242, 22 } counter dnat to \$default-ip:\$aproxy-port
                   }
 
                   chain output {
                           type nat hook output priority -100; policy accept;
-                          ip daddr != \$private-ips tcp dport { 80, 443, 11371, 4242 } counter dnat to \$default-ip:\$aproxy-port
+                          ct state new ip daddr != \$private-ips tcp dport { 80, 443, 11371, 4242, 22 } counter dnat to \$default-ip:\$aproxy-port
                   }
           }
           EOF
@@ -70,6 +70,10 @@ jobs:
         run: |
           timeout 60 gpg -vvv --keyserver hkp://keyserver.ubuntu.com --recv-keys E1DE584A8CCA52DC29550F18ABAC58F075A17EFA
 
+      - name: Test SSH
+        run: |
+          printf "" | timeout 60 nc github.com 22 | head -n 1 | grep SSH
+      
       - name: Test TCP4
         run: |
           sudo apt install -y socat
@@ -80,10 +84,11 @@ jobs:
           sudo snap logs aproxy.aproxy | grep -Fq "example.com:80"
           sudo snap logs aproxy.aproxy | grep -Fq "example.com:443"
           sudo snap logs aproxy.aproxy | grep -Fq "keyserver.ubuntu.com:11371"
+          sudo snap logs aproxy.aproxy | grep -Fq "[0-9.]+:22"
           sudo snap logs aproxy.aproxy | grep -Eq "[0-9.]+:4242"
 
       - name: Show Access Logs
-        if: failure()
+        if: always()
         run: |
           sudo snap logs aproxy.aproxy -n=all
 
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index c59b4d7..ce5da43 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -1,27 +1,45 @@
-name: Tests
+# Copyright 2025 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+name: Run End-to-End test
 
 on:
   pull_request:
   workflow_call:
 
 jobs:
-  test:
-    name: Run Tests
-    runs-on: ubuntu-latest
-
+  e2e-test:
+    name: End-to-End Test Run
+    runs-on: self-hosted-linux-amd64-jammy-large
     steps:
-      - uses: actions/checkout@v2
+      - name: Test certification.canonical.com
+        run: |
+          curl -vvv -x http://egress.ps7.internal:3128 https://certification.canonical.com
+  
+      - name: Test repo-compliance
+        run: |
+          curl -vvv --noproxy '*' --connect-timeout 60 https://repo-policy-compliance.canonical.com/health
+
+      - name: Test HTTP
+        run: |
+          timeout 60 curl --noproxy "*" http://example.com -svS -o /dev/null
 
-      - name: Set up Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: 1.21
+      - name: Test HTTPS
+        run: |
+          timeout 60 curl --noproxy "*" https://example.com -svS -o /dev/null
 
-      - name: Ensure No Formatting Changes
+      - name: Test HKP
         run: |
-          go fmt ./...
-          git diff --exit-code
+          timeout 60 gpg -vvv --keyserver hkp://keyserver.ubuntu.com --recv-keys E1DE584A8CCA52DC29550F18ABAC58F075A17EFA
+
+      - name: Test SSH
+        run: |
+          printf "" | timeout 60 nc github.com 22 | head -n 1 | grep SSH
+
+      - name: Test SSH (Launchpad)
+        run: printf "" | timeout 60 nc git.launchpad.net 22 | head -n 1 | grep SSH
 
-      - name: Build and Test
+      - name: Show Access Logs
+        if: always()
         run: |
-          go test -race ./...
+          sudo snap logs aproxy.aproxy -n=all