setup-ipsec-vpn/docs/uninstall.md

[English](uninstall.md) | [中文](uninstall-zh.md)

# Uninstall the VPN

* [Uninstall using helper script](#uninstall-using-helper-script)
* [Manually uninstall the VPN](#manually-uninstall-the-vpn)

## Uninstall using helper script

To uninstall IPsec VPN, run the [helper script](../extras/vpnuninstall.sh):

**Warning:** This helper script will remove IPsec VPN from your server. All VPN configuration will be **permanently deleted**, and Libreswan and xl2tpd will be removed. This **cannot be undone**!

```bash
wget https://get.vpnsetup.net/unst -O unst.sh && sudo bash unst.sh
```

<details>
<summary>
Click here if you are unable to download.
</summary>

You may also use `curl` to download:

```bash
curl -fsSL https://get.vpnsetup.net/unst -o unst.sh && sudo bash unst.sh
```

Alternative script URLs:

```bash
https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/vpnuninstall.sh
https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras/vpnuninstall.sh
```
</details>

## Manually uninstall the VPN

Alternatively, you may manually uninstall IPsec VPN by following these steps. Commands must be run as `root`, or with `sudo`.

**Warning:** These steps will remove IPsec VPN from your server. All VPN configuration will be **permanently deleted**, and Libreswan and xl2tpd will be removed. This **cannot be undone**!

### Steps

* [First step](#first-step)
* [Second step](#second-step)
* [Third step](#third-step)
* [Fourth step](#fourth-step)
* [Optional](#optional)
* [When finished](#when-finished)

### First step

```bash
service ipsec stop
service xl2tpd stop
rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec /usr/local/share/doc/libreswan
rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service /etc/init.d/ipsec \
      /usr/lib/systemd/system/ipsec.service /etc/logrotate.d/libreswan \
      /usr/lib/tmpfiles.d/libreswan.conf
```

### Second step

#### Ubuntu & Debian

`apt-get purge xl2tpd`

#### CentOS/RHEL, Rocky Linux, AlmaLinux, Oracle Linux & Amazon Linux 2

`yum remove xl2tpd`

#### Alpine Linux

`apk del xl2tpd`

### Third step

#### Ubuntu, Debian & Alpine Linux

Edit `/etc/iptables.rules` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/iptables.rules.old-date-time`. In addition, edit `/etc/iptables/rules.v4` if the file exists.   

#### CentOS/RHEL, Rocky Linux, AlmaLinux, Oracle Linux & Amazon Linux 2

Edit `/etc/sysconfig/iptables` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/sysconfig/iptables.old-date-time`.

**Note:** If using Rocky Linux, AlmaLinux, Oracle Linux 8 or CentOS/RHEL 8 and firewalld was active during VPN setup, nftables may be configured. Edit `/etc/sysconfig/nftables.conf` and remove unneeded rules. Your original rules are backed up as `/etc/sysconfig/nftables.conf.old-date-time`.

### Fourth step

Edit `/etc/sysctl.conf` and remove the lines after `# Added by hwdsl2 VPN script`.   
Edit `/etc/rc.local` and remove the lines after `# Added by hwdsl2 VPN script`. DO NOT remove `exit 0` (if any).

### Optional

**Note:** This step is optional.

Remove these config files:

* /etc/ipsec.conf*
* /etc/ipsec.secrets*
* /etc/ppp/chap-secrets*
* /etc/ppp/options.xl2tpd*
* /etc/pam.d/pluto
* /etc/sysconfig/pluto
* /etc/default/pluto
* /etc/ipsec.d (directory)
* /etc/xl2tpd (directory)

Copy and paste for fast removal:

```bash
rm -f /etc/ipsec.conf* /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ppp/options.xl2tpd* \
      /etc/pam.d/pluto /etc/sysconfig/pluto /etc/default/pluto
rm -rf /etc/ipsec.d /etc/xl2tpd
```

Remove helper scripts:

```bash
rm -f /usr/bin/ikev2.sh /opt/src/ikev2.sh \
      /usr/bin/addvpnuser.sh /opt/src/addvpnuser.sh \
      /usr/bin/delvpnuser.sh /opt/src/delvpnuser.sh
```

Remove fail2ban:

**Note:** This is optional. Fail2ban can help protect SSH on your server. Removing it is NOT recommended.

```bash
service fail2ban stop
# Ubuntu & Debian
apt-get purge fail2ban
# CentOS/RHEL, Rocky Linux, AlmaLinux, Oracle Linux & Amazon Linux 2
yum remove fail2ban
# Alpine Linux
apk del fail2ban
```

### When finished

Reboot your server.

## License

Copyright (C) 2016-2024 [Lin Song](https://github.com/hwdsl2) [![View my profile on LinkedIn](https://static.licdn.com/scds/common/u/img/webpromo/btn_viewmy_160x25.png)](https://www.linkedin.com/in/linsongui)   

[![Creative Commons License](https://i.creativecommons.org/l/by-sa/3.0/88x31.png)](http://creativecommons.org/licenses/by-sa/3.0/)   
This work is licensed under the [Creative Commons Attribution-ShareAlike 3.0 Unported License](http://creativecommons.org/licenses/by-sa/3.0/)  
Attribution required: please include my name in any derivative and let me know how you have improved it!
Update docs 2022-07-29 06:55:47 +02:00			`[English](uninstall.md) \| [中文](uninstall-zh.md)`
add uninstall instructions 2016-06-24 01:10:25 +02:00
Update docs 2022-07-29 06:55:47 +02:00			`# Uninstall the VPN`
Improve docs - Add translation for uninstall.md - Various corrections to docs - [ci skip] 2016-06-25 00:54:24 +02:00
Update docs 2021-09-29 06:13:45 +02:00			`* [Uninstall using helper script](#uninstall-using-helper-script)`
			`* [Manually uninstall the VPN](#manually-uninstall-the-vpn)`

Update docs 2021-09-07 09:56:49 +02:00			`## Uninstall using helper script`
add uninstall instructions 2016-06-24 01:10:25 +02:00
Update docs 2022-05-15 16:50:49 +02:00			`To uninstall IPsec VPN, run the [helper script](../extras/vpnuninstall.sh):`
Update docs 2021-09-07 09:56:49 +02:00
Update docs 2022-05-21 02:07:55 +02:00			`Warning: This helper script will remove IPsec VPN from your server. All VPN configuration will be permanently deleted, and Libreswan and xl2tpd will be removed. This cannot be undone!`

Update docs 2021-09-07 09:56:49 +02:00			```bash
Update docs 2022-10-15 06:35:22 +02:00			`wget https://get.vpnsetup.net/unst -O unst.sh && sudo bash unst.sh`
Update docs 2021-09-07 09:56:49 +02:00			```

Update docs 2022-06-03 15:29:09 +02:00			`<details>`
			`<summary>`
Update docs 2022-10-20 08:02:29 +02:00			`Click here if you are unable to download.`
Update docs 2022-06-03 15:29:09 +02:00			`</summary>`

			You may also use `curl` to download:

			```bash
Update docs 2022-10-15 06:35:22 +02:00			`curl -fsSL https://get.vpnsetup.net/unst -o unst.sh && sudo bash unst.sh`
Update docs 2022-06-03 15:29:09 +02:00			```

			`Alternative script URLs:`

			```bash
			`https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/vpnuninstall.sh`
			`https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/extras/vpnuninstall.sh`
			```
			`</details>`

Update docs 2021-09-07 09:56:49 +02:00			`## Manually uninstall the VPN`

Update docs 2022-05-15 22:07:23 +02:00			Alternatively, you may manually uninstall IPsec VPN by following these steps. Commands must be run as `root`, or with `sudo`.
Update docs 2021-09-07 09:56:49 +02:00
Update docs 2021-10-10 06:44:25 +02:00			`Warning: These steps will remove IPsec VPN from your server. All VPN configuration will be permanently deleted, and Libreswan and xl2tpd will be removed. This cannot be undone!`

Update docs 2021-09-07 09:56:49 +02:00			`### Steps`
add table of content 2016-06-24 01:16:01 +02:00
			`* [First step](#first-step)`
			`* [Second step](#second-step)`
			`* [Third step](#third-step)`
			`* [Fourth step](#fourth-step)`
			`* [Optional](#optional)`
			`* [When finished](#when-finished)`

Update docs 2021-09-07 09:56:49 +02:00			`### First step`
Improve docs - Add translation for uninstall.md - Various corrections to docs - [ci skip] 2016-06-25 00:54:24 +02:00
Update docs - Improve IKEv2 docs. The strongSwan Android VPN client requires an "IP address" in the VPN server certificate's subjectAltName field in addition to "DNS name", when connecting using the server's IP. The certutil commands have been updated to add this field. - Other improvements to docs 2017-02-05 21:48:11 +01:00			```bash
add uninstall instructions 2016-06-24 01:10:25 +02:00			`service ipsec stop`
			`service xl2tpd stop`
Update docs 2021-09-09 07:22:34 +02:00			`rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec /usr/local/share/doc/libreswan`
			`rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service /etc/init.d/ipsec \`
			`/usr/lib/systemd/system/ipsec.service /etc/logrotate.d/libreswan \`
			`/usr/lib/tmpfiles.d/libreswan.conf`
add uninstall instructions 2016-06-24 01:10:25 +02:00			```

Update docs 2021-09-07 09:56:49 +02:00			`### Second step`
add uninstall instructions 2016-06-24 01:10:25 +02:00
Update docs 2021-09-07 09:56:49 +02:00			`#### Ubuntu & Debian`
add uninstall instructions 2016-06-24 01:10:25 +02:00
Update docs [ci skip] 2016-06-29 21:35:28 +02:00			`apt-get purge xl2tpd`
add uninstall instructions 2016-06-24 01:10:25 +02:00
Update docs 2022-03-21 05:10:40 +01:00			`#### CentOS/RHEL, Rocky Linux, AlmaLinux, Oracle Linux & Amazon Linux 2`
add uninstall instructions 2016-06-24 01:10:25 +02:00
			`yum remove xl2tpd`

Update docs 2021-09-11 22:34:15 +02:00			`#### Alpine Linux`

			`apk del xl2tpd`

Update docs 2021-09-07 09:56:49 +02:00			`### Third step`
add uninstall instructions 2016-06-24 01:10:25 +02:00
Update docs 2021-09-11 22:34:15 +02:00			`#### Ubuntu, Debian & Alpine Linux`
add uninstall instructions 2016-06-24 01:10:25 +02:00
Update docs 2020-05-25 21:20:32 +02:00			Edit `/etc/iptables.rules` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/iptables.rules.old-date-time`. In addition, edit `/etc/iptables/rules.v4` if the file exists.
add uninstall instructions 2016-06-24 01:10:25 +02:00
Update docs 2022-03-21 05:10:40 +01:00			`#### CentOS/RHEL, Rocky Linux, AlmaLinux, Oracle Linux & Amazon Linux 2`
add uninstall instructions 2016-06-24 01:10:25 +02:00
Update docs 2020-05-25 21:20:32 +02:00			Edit `/etc/sysconfig/iptables` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/sysconfig/iptables.old-date-time`.

Update docs 2022-03-21 05:10:40 +01:00			Note: If using Rocky Linux, AlmaLinux, Oracle Linux 8 or CentOS/RHEL 8 and firewalld was active during VPN setup, nftables may be configured. Edit `/etc/sysconfig/nftables.conf` and remove unneeded rules. Your original rules are backed up as `/etc/sysconfig/nftables.conf.old-date-time`.
add uninstall instructions 2016-06-24 01:10:25 +02:00
Update docs 2021-09-07 09:56:49 +02:00			`### Fourth step`
add uninstall instructions 2016-06-24 01:10:25 +02:00
Improve docs - Add translation for uninstall.md - Various corrections to docs - [ci skip] 2016-06-25 00:54:24 +02:00			Edit `/etc/sysctl.conf` and remove the lines after `# Added by hwdsl2 VPN script`.
Minor corrections to docs [ci skip] 2016-06-25 03:42:57 +02:00			Edit `/etc/rc.local` and remove the lines after `# Added by hwdsl2 VPN script`. DO NOT remove `exit 0` (if any).
add uninstall instructions 2016-06-24 01:10:25 +02:00
Update docs 2021-09-07 09:56:49 +02:00			`### Optional`
add uninstall instructions 2016-06-24 01:10:25 +02:00
Update docs 2020-05-25 21:20:32 +02:00			`Note: This step is optional.`
Minor corrections to docs [ci skip] 2016-06-25 03:42:57 +02:00
add uninstall instructions 2016-06-24 01:10:25 +02:00			`Remove these config files:`
Improve docs - Add translation for uninstall.md - Various corrections to docs - [ci skip] 2016-06-25 00:54:24 +02:00
Update docs [ci skip] 2016-06-29 21:35:28 +02:00			`* /etc/ipsec.conf*`
			`* /etc/ipsec.secrets*`
			`* /etc/ppp/chap-secrets*`
			`* /etc/ppp/options.xl2tpd*`
add uninstall instructions 2016-06-24 01:10:25 +02:00			`* /etc/pam.d/pluto`
			`* /etc/sysconfig/pluto`
Update docs [ci skip] 2016-06-29 21:35:28 +02:00			`* /etc/default/pluto`
Minor corrections to docs [ci skip] 2016-06-25 03:42:57 +02:00			`* /etc/ipsec.d (directory)`
Update docs [ci skip] 2016-06-29 21:35:28 +02:00			`* /etc/xl2tpd (directory)`
add uninstall instructions 2016-06-24 01:10:25 +02:00
Improve docs - Add translation for uninstall.md - Various corrections to docs - [ci skip] 2016-06-25 00:54:24 +02:00			`Copy and paste for fast removal:`

Update docs - Improve IKEv2 docs. The strongSwan Android VPN client requires an "IP address" in the VPN server certificate's subjectAltName field in addition to "DNS name", when connecting using the server's IP. The certutil commands have been updated to add this field. - Other improvements to docs 2017-02-05 21:48:11 +01:00			```bash
Update docs [ci skip] 2016-06-29 21:35:28 +02:00			`rm -f /etc/ipsec.conf* /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ppp/options.xl2tpd* \`
			`/etc/pam.d/pluto /etc/sysconfig/pluto /etc/default/pluto`
			`rm -rf /etc/ipsec.d /etc/xl2tpd`
Minor corrections to docs [ci skip] 2016-06-25 03:42:57 +02:00			```
add uninstall instructions 2016-06-24 01:10:25 +02:00
Update docs 2022-09-10 06:53:53 +02:00			`Remove helper scripts:`
Update docs 2021-09-25 15:35:55 +02:00
			```bash
Update docs 2022-09-10 06:53:53 +02:00			`rm -f /usr/bin/ikev2.sh /opt/src/ikev2.sh \`
			`/usr/bin/addvpnuser.sh /opt/src/addvpnuser.sh \`
			`/usr/bin/delvpnuser.sh /opt/src/delvpnuser.sh`
			```

			`Remove fail2ban:`

			`Note: This is optional. Fail2ban can help protect SSH on your server. Removing it is NOT recommended.`

			```bash
			`service fail2ban stop`
			`# Ubuntu & Debian`
			`apt-get purge fail2ban`
			`# CentOS/RHEL, Rocky Linux, AlmaLinux, Oracle Linux & Amazon Linux 2`
			`yum remove fail2ban`
			`# Alpine Linux`
			`apk del fail2ban`
Update docs 2021-09-25 15:35:55 +02:00			```

Update docs 2021-09-07 09:56:49 +02:00			`### When finished`
add uninstall instructions 2016-06-24 01:10:25 +02:00
			`Reboot your server.`
Update docs 2021-03-29 22:05:45 +02:00
			`## License`

Update year 2024-02-03 22:31:58 +01:00			`Copyright (C) 2016-2024 [Lin Song](https://github.com/hwdsl2) [![View my profile on LinkedIn](https://static.licdn.com/scds/common/u/img/webpromo/btn_viewmy_160x25.png)](https://www.linkedin.com/in/linsongui)`
Update docs 2021-03-29 22:05:45 +02:00
Update docs 2021-06-05 00:27:21 +02:00			`[![Creative Commons License](https://i.creativecommons.org/l/by-sa/3.0/88x31.png)](http://creativecommons.org/licenses/by-sa/3.0/)`
			`This work is licensed under the [Creative Commons Attribution-ShareAlike 3.0 Unported License](http://creativecommons.org/licenses/by-sa/3.0/)`
Update docs 2021-03-29 22:05:45 +02:00			`Attribution required: please include my name in any derivative and let me know how you have improved it!`