Improve IPsec config

- IKEv2 mode uses retransmit-timeout instead of dpdtimeout.
- Increase timeouts from 120s to 300s, so that the VPN server can
  keep the VPN connection open if the client's network is unstable.
This commit is contained in:
hwdsl2 2022-06-15 00:28:21 -05:00
parent ffdb388850
commit d36c435c95
7 changed files with 7 additions and 7 deletions

View File

@ -823,7 +823,7 @@ To customize IKEv2 or client options, run this script without arguments.
rightrsasigkey=%cert
narrowing=yes
dpddelay=30
dpdtimeout=120
retransmit-timeout=300s
dpdaction=clear
auto=add
ikev2=insist

View File

@ -825,7 +825,7 @@ View example steps for manually configuring IKEv2 with Libreswan.
rightrsasigkey=%cert
narrowing=yes
dpddelay=30
dpdtimeout=120
retransmit-timeout=300s
dpdaction=clear
auto=add
ikev2=insist

View File

@ -1107,7 +1107,7 @@ conn ikev2-cp
rightrsasigkey=%cert
narrowing=yes
dpddelay=30
dpdtimeout=120
retransmit-timeout=300s
dpdaction=clear
auto=add
ikev2=insist

View File

@ -323,7 +323,7 @@ conn shared
rekey=no
keyingtries=5
dpddelay=30
dpdtimeout=120
dpdtimeout=300
dpdaction=clear
ikev2=never
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024

View File

@ -325,7 +325,7 @@ conn shared
rekey=no
keyingtries=5
dpddelay=30
dpdtimeout=120
dpdtimeout=300
dpdaction=clear
ikev2=never
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024

View File

@ -407,7 +407,7 @@ conn shared
rekey=no
keyingtries=5
dpddelay=30
dpdtimeout=120
dpdtimeout=300
dpdaction=clear
ikev2=never
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024

View File

@ -384,7 +384,7 @@ conn shared
rekey=no
keyingtries=5
dpddelay=30
dpdtimeout=120
dpdtimeout=300
dpdaction=clear
ikev2=never
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024