From d36c435c95ed12df474d823960de840cfd452d4c Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Wed, 15 Jun 2022 00:28:21 -0500
Subject: [PATCH] Improve IPsec config

- IKEv2 mode uses retransmit-timeout instead of dpdtimeout.
- Increase timeouts from 120s to 300s, so that the VPN server can
  keep the VPN connection open if the client's network is unstable.
---
 docs/ikev2-howto-zh.md | 2 +-
 docs/ikev2-howto.md    | 2 +-
 extras/ikev2setup.sh   | 2 +-
 vpnsetup_alpine.sh     | 2 +-
 vpnsetup_amzn.sh       | 2 +-
 vpnsetup_centos.sh     | 2 +-
 vpnsetup_ubuntu.sh     | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index d048fb4..95b7fe6 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -823,7 +823,7 @@ To customize IKEv2 or client options, run this script without arguments.
      rightrsasigkey=%cert
      narrowing=yes
      dpddelay=30
-     dpdtimeout=120
+     retransmit-timeout=300s
      dpdaction=clear
      auto=add
      ikev2=insist
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index 95e1c19..62cb5d0 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -825,7 +825,7 @@ View example steps for manually configuring IKEv2 with Libreswan.
      rightrsasigkey=%cert
      narrowing=yes
      dpddelay=30
-     dpdtimeout=120
+     retransmit-timeout=300s
      dpdaction=clear
      auto=add
      ikev2=insist
diff --git a/extras/ikev2setup.sh b/extras/ikev2setup.sh
index 5f88572..38b4fa4 100755
--- a/extras/ikev2setup.sh
+++ b/extras/ikev2setup.sh
@@ -1107,7 +1107,7 @@ conn ikev2-cp
   rightrsasigkey=%cert
   narrowing=yes
   dpddelay=30
-  dpdtimeout=120
+  retransmit-timeout=300s
   dpdaction=clear
   auto=add
   ikev2=insist
diff --git a/vpnsetup_alpine.sh b/vpnsetup_alpine.sh
index 5baec76..3e1717e 100755
--- a/vpnsetup_alpine.sh
+++ b/vpnsetup_alpine.sh
@@ -323,7 +323,7 @@ conn shared
   rekey=no
   keyingtries=5
   dpddelay=30
-  dpdtimeout=120
+  dpdtimeout=300
   dpdaction=clear
   ikev2=never
   ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh
index 159b696..dc7dadc 100755
--- a/vpnsetup_amzn.sh
+++ b/vpnsetup_amzn.sh
@@ -325,7 +325,7 @@ conn shared
   rekey=no
   keyingtries=5
   dpddelay=30
-  dpdtimeout=120
+  dpdtimeout=300
   dpdaction=clear
   ikev2=never
   ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 0d5f459..ec86ba1 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -407,7 +407,7 @@ conn shared
   rekey=no
   keyingtries=5
   dpddelay=30
-  dpdtimeout=120
+  dpdtimeout=300
   dpdaction=clear
   ikev2=never
   ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
diff --git a/vpnsetup_ubuntu.sh b/vpnsetup_ubuntu.sh
index e1e4484..235d858 100755
--- a/vpnsetup_ubuntu.sh
+++ b/vpnsetup_ubuntu.sh
@@ -384,7 +384,7 @@ conn shared
   rekey=no
   keyingtries=5
   dpddelay=30
-  dpdtimeout=120
+  dpdtimeout=300
   dpdaction=clear
   ikev2=never
   ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024