mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-24 22:06:07 +03:00
Code Issues Projects Releases Wiki Activity

Fix for GCP MTU size

Browse Source 
- This fix is specifically for Google Cloud Platform (GCP) VMs.
  The default MTU size on GCP, 1460 bytes, could cause network issues
  such as "cannot open websites" with IKEv2 VPN clients.
  This issue was brought up multiple times in this repo, e.g. #1000.
- The fix changes the MTU to 1500 (the default that is widely used),
  and updates dhclient.conf so that it is not reverted to 1460 by DHCP.
- Refs: https://cloud.google.com/vpc/docs/vpc#mtu
        https://cloud.google.com/compute/docs/instances/detect-compute-engine
        https://linuxhint.com/how-to-change-mtu-size-in-linux/
        https://git.io/ikev2#cannot-open-websites-after-connecting-to-ikev2
This commit is contained in:
hwdsl2 2022-02-23 00:07:33 -06:00
parent 4020e0d8e1
commit 06c5e27080
2 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
vpnsetup_centos.sh
View File

@ -535,6 +535,21 @@ update_iptables() {
fi fi
} }
apply_gcp_mtu_fix() {
if dmidecode -s system-product-name 2>/dev/null | grep -q "Google Compute Engine" \
&& ifconfig 2>/dev/null | grep "$NET_IFACE" | head -n 1 | grep -q "mtu 1460"; then
bigecho "Applying fix for MTU size..."
ifconfig "$NET_IFACE" mtu 1500
dh_file="/etc/dhcp/dhclient.conf"
if grep -qs "send host-name" "$dh_file" \
&& ! grep -qs "interface-mtu 1500" "$dh_file"; then
sed -i".old-$SYS_DT" \
"/send host-name/a \interface \"$NET_IFACE\" {\ndefault interface-mtu 1500;\nsupersede interface-mtu 1500;\n}" \
"$dh_file"
fi
fi
}
enable_on_boot() { enable_on_boot() {
bigecho "Enabling services on boot..." bigecho "Enabling services on boot..."
systemctl --now mask firewalld 2>/dev/null systemctl --now mask firewalld 2>/dev/null
@ -638,6 +653,7 @@ vpnsetup() {
create_f2b_config create_f2b_config
update_sysctl update_sysctl
update_iptables update_iptables
apply_gcp_mtu_fix
enable_on_boot enable_on_boot
start_services start_services
show_vpn_info show_vpn_info

16
vpnsetup_ubuntu.sh
View File

@ -491,6 +491,21 @@ update_iptables() {
fi fi
} }
apply_gcp_mtu_fix() {
if dmidecode -s system-product-name 2>/dev/null | grep -q "Google Compute Engine" \
&& ifconfig 2>/dev/null | grep "$NET_IFACE" | head -n 1 | grep -q "mtu 1460"; then
bigecho "Applying fix for MTU size..."
ifconfig "$NET_IFACE" mtu 1500
dh_file="/etc/dhcp/dhclient.conf"
if grep -qs "send host-name" "$dh_file" \
&& ! grep -qs "interface-mtu 1500" "$dh_file"; then
sed -i".old-$SYS_DT" \
"/send host-name/a \interface \"$NET_IFACE\" {\ndefault interface-mtu 1500;\nsupersede interface-mtu 1500;\n}" \
"$dh_file"
fi
fi
}
enable_on_boot() { enable_on_boot() {
bigecho "Enabling services on boot..." bigecho "Enabling services on boot..."
IPT_PST=/etc/init.d/iptables-persistent IPT_PST=/etc/init.d/iptables-persistent
@ -625,6 +640,7 @@ vpnsetup() {
create_vpn_config create_vpn_config
update_sysctl update_sysctl
update_iptables update_iptables
apply_gcp_mtu_fix
enable_on_boot enable_on_boot
start_services start_services
show_vpn_info show_vpn_info