diff --git a/vpnsetup.sh b/vpnsetup.sh
index 8b7ce7b..76981dc 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -141,7 +141,6 @@ fi
 
 bigecho "VPN setup in progress... Please be patient."
 
-# Create and change to working dir
 mkdir -p /opt/src
 cd /opt/src || exit 1
 
@@ -195,6 +194,14 @@ bigecho "Installing Fail2Ban to protect SSH..."
   apt-get -yqq install fail2ban >/dev/null
 ) || exiterr2
 
+bigecho "Downloading IKEv2 script..."
+
+ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
+(
+  set -x
+  wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
+) || /bin/rm -f ikev2.sh
+
 bigecho "Downloading Libreswan..."
 
 SWAN_VER=4.3
@@ -424,9 +431,6 @@ if [ "$ipt_flag" = "1" ]; then
   iptables -I FORWARD 4 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j ACCEPT
   iptables -I FORWARD 5 -i "$NET_IFACE" -d "$XAUTH_NET" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
   iptables -I FORWARD 6 -s "$XAUTH_NET" -o "$NET_IFACE" -j ACCEPT
-  # Uncomment to disallow traffic between VPN clients
-  # iptables -I FORWARD 2 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j DROP
-  # iptables -I FORWARD 3 -s "$XAUTH_NET" -d "$XAUTH_NET" -j DROP
   iptables -A FORWARD -j DROP
   iptables -t nat -I POSTROUTING -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE
   iptables -t nat -I POSTROUTING -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE
diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh
index 79bf1ab..b309f7e 100755
--- a/vpnsetup_amzn.sh
+++ b/vpnsetup_amzn.sh
@@ -110,7 +110,6 @@ fi
 
 bigecho "VPN setup in progress... Please be patient."
 
-# Create and change to working dir
 mkdir -p /opt/src
 cd /opt/src || exit 1
 
@@ -159,6 +158,14 @@ bigecho "Installing Fail2Ban to protect SSH..."
   yum --enablerepo=epel -y -q install fail2ban >/dev/null
 ) || exiterr2
 
+bigecho "Downloading IKEv2 script..."
+
+ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
+(
+  set -x
+  wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
+) || /bin/rm -f ikev2.sh
+
 bigecho "Downloading Libreswan..."
 
 SWAN_VER=4.3
@@ -385,9 +392,6 @@ if [ "$ipt_flag" = "1" ]; then
   iptables -I FORWARD 4 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j ACCEPT
   iptables -I FORWARD 5 -i "$NET_IFACE" -d "$XAUTH_NET" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
   iptables -I FORWARD 6 -s "$XAUTH_NET" -o "$NET_IFACE" -j ACCEPT
-  # Uncomment to disallow traffic between VPN clients
-  # iptables -I FORWARD 2 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j DROP
-  # iptables -I FORWARD 3 -s "$XAUTH_NET" -d "$XAUTH_NET" -j DROP
   iptables -t nat -I POSTROUTING -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE
   iptables -t nat -I POSTROUTING -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE
   echo "# Modified by hwdsl2 VPN script" > "$IPT_FILE"
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 65aa451..b885089 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -123,7 +123,6 @@ fi
 
 bigecho "VPN setup in progress... Please be patient."
 
-# Create and change to working dir
 mkdir -p /opt/src
 cd /opt/src || exit 1
 
@@ -207,6 +206,14 @@ bigecho "Installing Fail2Ban to protect SSH..."
   yum "$REPO1" -y -q install fail2ban >/dev/null
 ) || exiterr2
 
+bigecho "Downloading IKEv2 script..."
+
+ikev2_url="https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ikev2setup.sh"
+(
+  set -x
+  wget -t 3 -T 30 -q -O ikev2.sh "$ikev2_url"
+) || /bin/rm -f ikev2.sh
+
 bigecho "Downloading Libreswan..."
 
 SWAN_VER=4.3
@@ -449,9 +456,6 @@ if [ "$ipt_flag" = "1" ]; then
   iptables -I FORWARD 4 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j ACCEPT
   iptables -I FORWARD 5 -i "$NET_IFACE" -d "$XAUTH_NET" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
   iptables -I FORWARD 6 -s "$XAUTH_NET" -o "$NET_IFACE" -j ACCEPT
-  # Uncomment to disallow traffic between VPN clients
-  # iptables -I FORWARD 2 -i ppp+ -o ppp+ -s "$L2TP_NET" -d "$L2TP_NET" -j DROP
-  # iptables -I FORWARD 3 -s "$XAUTH_NET" -d "$XAUTH_NET" -j DROP
   iptables -t nat -I POSTROUTING -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE
   iptables -t nat -I POSTROUTING -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE
   echo "# Modified by hwdsl2 VPN script" > "$IPT_FILE"