From 06c5e27080d6f32e088e217658bac216a5c39a74 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Wed, 23 Feb 2022 00:07:33 -0600
Subject: [PATCH] Fix for GCP MTU size

- This fix is specifically for Google Cloud Platform (GCP) VMs.
  The default MTU size on GCP, 1460 bytes, could cause network issues
  such as "cannot open websites" with IKEv2 VPN clients.
  This issue was brought up multiple times in this repo, e.g. #1000.
- The fix changes the MTU to 1500 (the default that is widely used),
  and updates dhclient.conf so that it is not reverted to 1460 by DHCP.
- Refs: https://cloud.google.com/vpc/docs/vpc#mtu
        https://cloud.google.com/compute/docs/instances/detect-compute-engine
        https://linuxhint.com/how-to-change-mtu-size-in-linux/
        https://git.io/ikev2#cannot-open-websites-after-connecting-to-ikev2
---
 vpnsetup_centos.sh | 16 ++++++++++++++++
 vpnsetup_ubuntu.sh | 16 ++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 865caf4..4dc7ef9 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -535,6 +535,21 @@ update_iptables() {
   fi
 }
 
+apply_gcp_mtu_fix() {
+  if dmidecode -s system-product-name 2>/dev/null | grep -q "Google Compute Engine" \
+    && ifconfig 2>/dev/null | grep "$NET_IFACE" | head -n 1 | grep -q "mtu 1460"; then
+    bigecho "Applying fix for MTU size..."
+    ifconfig "$NET_IFACE" mtu 1500
+    dh_file="/etc/dhcp/dhclient.conf"
+    if grep -qs "send host-name" "$dh_file" \
+      && ! grep -qs "interface-mtu 1500" "$dh_file"; then
+      sed -i".old-$SYS_DT" \
+        "/send host-name/a \interface \"$NET_IFACE\" {\ndefault interface-mtu 1500;\nsupersede interface-mtu 1500;\n}" \
+        "$dh_file"
+    fi
+  fi
+}
+
 enable_on_boot() {
   bigecho "Enabling services on boot..."
   systemctl --now mask firewalld 2>/dev/null
@@ -638,6 +653,7 @@ vpnsetup() {
   create_f2b_config
   update_sysctl
   update_iptables
+  apply_gcp_mtu_fix
   enable_on_boot
   start_services
   show_vpn_info
diff --git a/vpnsetup_ubuntu.sh b/vpnsetup_ubuntu.sh
index 345b7ed..89aa739 100755
--- a/vpnsetup_ubuntu.sh
+++ b/vpnsetup_ubuntu.sh
@@ -491,6 +491,21 @@ update_iptables() {
   fi
 }
 
+apply_gcp_mtu_fix() {
+  if dmidecode -s system-product-name 2>/dev/null | grep -q "Google Compute Engine" \
+    && ifconfig 2>/dev/null | grep "$NET_IFACE" | head -n 1 | grep -q "mtu 1460"; then
+    bigecho "Applying fix for MTU size..."
+    ifconfig "$NET_IFACE" mtu 1500
+    dh_file="/etc/dhcp/dhclient.conf"
+    if grep -qs "send host-name" "$dh_file" \
+      && ! grep -qs "interface-mtu 1500" "$dh_file"; then
+      sed -i".old-$SYS_DT" \
+        "/send host-name/a \interface \"$NET_IFACE\" {\ndefault interface-mtu 1500;\nsupersede interface-mtu 1500;\n}" \
+        "$dh_file"
+    fi
+  fi
+}
+
 enable_on_boot() {
   bigecho "Enabling services on boot..."
   IPT_PST=/etc/init.d/iptables-persistent
@@ -625,6 +640,7 @@ vpnsetup() {
   create_vpn_config
   update_sysctl
   update_iptables
+  apply_gcp_mtu_fix
   enable_on_boot
   start_services
   show_vpn_info