4.6 KiB
Uninstall the VPN
Uninstall using helper script
To uninstall IPsec VPN, run the helper script:
Warning: This helper script will remove IPsec VPN from your server. All VPN configuration will be permanently deleted, and Libreswan and xl2tpd will be removed. This cannot be undone!
wget https://get.vpnsetup.net/unst -O vpnunst.sh && sudo bash vpnunst.sh
Alternative commands.
You may also use curl to download:
curl -fsSL https://get.vpnsetup.net/unst -o vpnunst.sh && sudo bash vpnunst.sh
Alternative script URLs:
https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/vpnuninstall.sh
https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras/vpnuninstall.sh
Manually uninstall the VPN
Alternatively, you may manually uninstall IPsec VPN by following these steps. Commands must be run as root, or with sudo.
Warning: These steps will remove IPsec VPN from your server. All VPN configuration will be permanently deleted, and Libreswan and xl2tpd will be removed. This cannot be undone!
Steps
First step
service ipsec stop
service xl2tpd stop
rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec /usr/local/share/doc/libreswan
rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service /etc/init.d/ipsec \
/usr/lib/systemd/system/ipsec.service /etc/logrotate.d/libreswan \
/usr/lib/tmpfiles.d/libreswan.conf
Second step
Ubuntu & Debian
apt-get purge xl2tpd
CentOS/RHEL, Rocky Linux, AlmaLinux, Oracle Linux & Amazon Linux 2
yum remove xl2tpd
Alpine Linux
apk del xl2tpd
Third step
Ubuntu, Debian & Alpine Linux
Edit /etc/iptables.rules and remove unneeded rules. Your original rules (if any) are backed up as /etc/iptables.rules.old-date-time. In addition, edit /etc/iptables/rules.v4 if the file exists.
CentOS/RHEL, Rocky Linux, AlmaLinux, Oracle Linux & Amazon Linux 2
Edit /etc/sysconfig/iptables and remove unneeded rules. Your original rules (if any) are backed up as /etc/sysconfig/iptables.old-date-time.
Note: If using Rocky Linux, AlmaLinux, Oracle Linux 8 or CentOS/RHEL 8 and firewalld was active during VPN setup, nftables may be configured. Edit /etc/sysconfig/nftables.conf and remove unneeded rules. Your original rules are backed up as /etc/sysconfig/nftables.conf.old-date-time.
Fourth step
Edit /etc/sysctl.conf and remove the lines after # Added by hwdsl2 VPN script.
Edit /etc/rc.local and remove the lines after # Added by hwdsl2 VPN script. DO NOT remove exit 0 (if any).
Optional
Note: This step is optional.
Remove these config files:
- /etc/ipsec.conf*
- /etc/ipsec.secrets*
- /etc/ppp/chap-secrets*
- /etc/ppp/options.xl2tpd*
- /etc/pam.d/pluto
- /etc/sysconfig/pluto
- /etc/default/pluto
- /etc/ipsec.d (directory)
- /etc/xl2tpd (directory)
Copy and paste for fast removal:
rm -f /etc/ipsec.conf* /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ppp/options.xl2tpd* \
/etc/pam.d/pluto /etc/sysconfig/pluto /etc/default/pluto
rm -rf /etc/ipsec.d /etc/xl2tpd
Remove helper scripts:
rm -f /usr/bin/ikev2.sh /opt/src/ikev2.sh \
/usr/bin/addvpnuser.sh /opt/src/addvpnuser.sh \
/usr/bin/delvpnuser.sh /opt/src/delvpnuser.sh
Remove fail2ban:
Note: This is optional. Fail2ban can help protect SSH on your server. Removing it is NOT recommended.
service fail2ban stop
# Ubuntu & Debian
apt-get purge fail2ban
# CentOS/RHEL, Rocky Linux, AlmaLinux, Oracle Linux & Amazon Linux 2
yum remove fail2ban
# Alpine Linux
apk del fail2ban
When finished
Reboot your server.
License
Copyright (C) 2016-2022 Lin Song 
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License
Attribution required: please include my name in any derivative and let me know how you have improved it!