Improve IKEv2 setup

- Use default key size (2048 bits) when generating key pairs using
  certutil. This significantly reduces IKEv2 setup time on servers
  with less powerful CPUs, such as Raspberry Pis, while still providing
  sufficient security.
- Update docs

docs/ikev2-howto-zh.md

@@ -493,7 +493,7 @@ To customize IKEv2 or client options, run this script without arguments.
    certutil -z <(head -c 1024 /dev/urandom) \
      -S -x -n "IKEv2 VPN CA" \
      -s "O=IKEv2 VPN,CN=IKEv2 VPN CA" \
-     -k rsa -g 4096 -v 120 \
+     -k rsa -v 120 \
      -d sql:/etc/ipsec.d -t "CT,," -2
    ```
 
@@ -515,7 +515,7 @@ To customize IKEv2 or client options, run this script without arguments.
    certutil -z <(head -c 1024 /dev/urandom) \
      -S -c "IKEv2 VPN CA" -n "$PUBLIC_IP" \
      -s "O=IKEv2 VPN,CN=$PUBLIC_IP" \
-     -k rsa -g 4096 -v 120 \
+     -k rsa -v 120 \
      -d sql:/etc/ipsec.d -t ",," \
      --keyUsage digitalSignature,keyEncipherment \
      --extKeyUsage serverAuth \
@@ -536,7 +536,7 @@ To customize IKEv2 or client options, run this script without arguments.
    certutil -z <(head -c 1024 /dev/urandom) \
      -S -c "IKEv2 VPN CA" -n "vpnclient" \
      -s "O=IKEv2 VPN,CN=vpnclient" \
-     -k rsa -g 4096 -v 120 \
+     -k rsa -v 120 \
      -d sql:/etc/ipsec.d -t ",," \
      --keyUsage digitalSignature,keyEncipherment \
      --extKeyUsage serverAuth,clientAuth -8 "vpnclient"

docs/ikev2-howto.md

@@ -493,7 +493,7 @@ As an alternative to using the [helper script](#using-helper-scripts), advanced
    certutil -z <(head -c 1024 /dev/urandom) \
      -S -x -n "IKEv2 VPN CA" \
      -s "O=IKEv2 VPN,CN=IKEv2 VPN CA" \
-     -k rsa -g 4096 -v 120 \
+     -k rsa -v 120 \
      -d sql:/etc/ipsec.d -t "CT,," -2
    ```
 
@@ -515,7 +515,7 @@ As an alternative to using the [helper script](#using-helper-scripts), advanced
    certutil -z <(head -c 1024 /dev/urandom) \
      -S -c "IKEv2 VPN CA" -n "$PUBLIC_IP" \
      -s "O=IKEv2 VPN,CN=$PUBLIC_IP" \
-     -k rsa -g 4096 -v 120 \
+     -k rsa -v 120 \
      -d sql:/etc/ipsec.d -t ",," \
      --keyUsage digitalSignature,keyEncipherment \
      --extKeyUsage serverAuth \
@@ -536,7 +536,7 @@ As an alternative to using the [helper script](#using-helper-scripts), advanced
    certutil -z <(head -c 1024 /dev/urandom) \
      -S -c "IKEv2 VPN CA" -n "vpnclient" \
      -s "O=IKEv2 VPN,CN=vpnclient" \
-     -k rsa -g 4096 -v 120 \
+     -k rsa -v 120 \
      -d sql:/etc/ipsec.d -t ",," \
      --keyUsage digitalSignature,keyEncipherment \
      --extKeyUsage serverAuth,clientAuth -8 "vpnclient"

extras/ikev2setup.sh

@@ -653,7 +653,7 @@ create_client_cert() {
   certutil -z <(head -c 1024 /dev/urandom) \
     -S -c "IKEv2 VPN CA" -n "$client_name" \
     -s "O=IKEv2 VPN,CN=$client_name" \
-    -k rsa -g 4096 -v "$client_validity" \
+    -k rsa -v "$client_validity" \
     -d sql:/etc/ipsec.d -t ",," \
     --keyUsage digitalSignature,keyEncipherment \
     --extKeyUsage serverAuth,clientAuth -8 "$client_name" >/dev/null 2>&1 || exiterr "Failed to create client certificate."
@@ -931,7 +931,7 @@ create_ca_server_certs() {
   certutil -z <(head -c 1024 /dev/urandom) \
     -S -x -n "IKEv2 VPN CA" \
     -s "O=IKEv2 VPN,CN=IKEv2 VPN CA" \
-    -k rsa -g 4096 -v 120 \
+    -k rsa -v 120 \
     -d sql:/etc/ipsec.d -t "CT,," -2 >/dev/null 2>&1 <<ANSWERS || exiterr "Failed to create CA certificate."
 y
 
@@ -944,7 +944,7 @@ ANSWERS
     certutil -z <(head -c 1024 /dev/urandom) \
       -S -c "IKEv2 VPN CA" -n "$server_addr" \
       -s "O=IKEv2 VPN,CN=$server_addr" \
-      -k rsa -g 4096 -v 120 \
+      -k rsa -v 120 \
       -d sql:/etc/ipsec.d -t ",," \
       --keyUsage digitalSignature,keyEncipherment \
       --extKeyUsage serverAuth \
@@ -953,7 +953,7 @@ ANSWERS
     certutil -z <(head -c 1024 /dev/urandom) \
       -S -c "IKEv2 VPN CA" -n "$server_addr" \
       -s "O=IKEv2 VPN,CN=$server_addr" \
-      -k rsa -g 4096 -v 120 \
+      -k rsa -v 120 \
       -d sql:/etc/ipsec.d -t ",," \
       --keyUsage digitalSignature,keyEncipherment \
       --extKeyUsage serverAuth \