Fix for GCP MTU size

- This fix is specifically for Google Cloud Platform (GCP) VMs. The default MTU size on GCP, 1460 bytes, could cause network issues such as "cannot open websites" with IKEv2 VPN clients. This issue was brought up multiple times in this repo, e.g. #1000. - The fix changes the MTU to 1500 (the default that is widely used), and updates dhclient.conf so that it is not reverted to 1460 by DHCP. - Refs: https://cloud.google.com/vpc/docs/vpc#mtu https://cloud.google.com/compute/docs/instances/detect-compute-engine https://linuxhint.com/how-to-change-mtu-size-in-linux/ https://git.io/ikev2#cannot-open-websites-after-connecting-to-ikev2
2024-11-24 22:06:07 +03:00 · 2022-02-23 00:07:33 -06:00 · 2022-02-23 00:07:33 -06:00 · 06c5e27080
commit 06c5e27080
parent 4020e0d8e1
2 changed files with 32 additions and 0 deletions
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@ -535,6 +535,21 @@ update_iptables() {
  fi
 }

+apply_gcp_mtu_fix() {
+  if dmidecode -s system-product-name 2>/dev/null | grep -q "Google Compute Engine" \
+    && ifconfig 2>/dev/null | grep "$NET_IFACE" | head -n 1 | grep -q "mtu 1460"; then
+    bigecho "Applying fix for MTU size..."
+    ifconfig "$NET_IFACE" mtu 1500
+    dh_file="/etc/dhcp/dhclient.conf"
+    if grep -qs "send host-name" "$dh_file" \
+      && ! grep -qs "interface-mtu 1500" "$dh_file"; then
+      sed -i".old-$SYS_DT" \
+        "/send host-name/a \interface \"$NET_IFACE\" {\ndefault interface-mtu 1500;\nsupersede interface-mtu 1500;\n}" \
+        "$dh_file"
+    fi
+  fi
+}
+
 enable_on_boot() {
  bigecho "Enabling services on boot..."
  systemctl --now mask firewalld 2>/dev/null
@ -638,6 +653,7 @@ vpnsetup() {
  create_f2b_config
  update_sysctl
  update_iptables
+  apply_gcp_mtu_fix
  enable_on_boot
  start_services
  show_vpn_info
--- a/vpnsetup_ubuntu.sh
+++ b/vpnsetup_ubuntu.sh
@ -491,6 +491,21 @@ update_iptables() {
  fi
 }

+apply_gcp_mtu_fix() {
+  if dmidecode -s system-product-name 2>/dev/null | grep -q "Google Compute Engine" \
+    && ifconfig 2>/dev/null | grep "$NET_IFACE" | head -n 1 | grep -q "mtu 1460"; then
+    bigecho "Applying fix for MTU size..."
+    ifconfig "$NET_IFACE" mtu 1500
+    dh_file="/etc/dhcp/dhclient.conf"
+    if grep -qs "send host-name" "$dh_file" \
+      && ! grep -qs "interface-mtu 1500" "$dh_file"; then
+      sed -i".old-$SYS_DT" \
+        "/send host-name/a \interface \"$NET_IFACE\" {\ndefault interface-mtu 1500;\nsupersede interface-mtu 1500;\n}" \
+        "$dh_file"
+    fi
+  fi
+}
+
 enable_on_boot() {
  bigecho "Enabling services on boot..."
  IPT_PST=/etc/init.d/iptables-persistent
@ -625,6 +640,7 @@ vpnsetup() {
  create_vpn_config
  update_sysctl
  update_iptables
+  apply_gcp_mtu_fix
  enable_on_boot
  start_services
  show_vpn_info