mirror of
https://github.com/hwdsl2/setup-ipsec-vpn.git
synced 2024-06-22 05:36:19 +02:00
Improve IPsec config
- IKEv2 mode uses retransmit-timeout instead of dpdtimeout. - Increase timeouts from 120s to 300s, so that the VPN server can keep the VPN connection open if the client's network is unstable.
This commit is contained in:
parent
ffdb388850
commit
d36c435c95
|
@ -823,7 +823,7 @@ To customize IKEv2 or client options, run this script without arguments.
|
||||||
rightrsasigkey=%cert
|
rightrsasigkey=%cert
|
||||||
narrowing=yes
|
narrowing=yes
|
||||||
dpddelay=30
|
dpddelay=30
|
||||||
dpdtimeout=120
|
retransmit-timeout=300s
|
||||||
dpdaction=clear
|
dpdaction=clear
|
||||||
auto=add
|
auto=add
|
||||||
ikev2=insist
|
ikev2=insist
|
||||||
|
|
|
@ -825,7 +825,7 @@ View example steps for manually configuring IKEv2 with Libreswan.
|
||||||
rightrsasigkey=%cert
|
rightrsasigkey=%cert
|
||||||
narrowing=yes
|
narrowing=yes
|
||||||
dpddelay=30
|
dpddelay=30
|
||||||
dpdtimeout=120
|
retransmit-timeout=300s
|
||||||
dpdaction=clear
|
dpdaction=clear
|
||||||
auto=add
|
auto=add
|
||||||
ikev2=insist
|
ikev2=insist
|
||||||
|
|
|
@ -1107,7 +1107,7 @@ conn ikev2-cp
|
||||||
rightrsasigkey=%cert
|
rightrsasigkey=%cert
|
||||||
narrowing=yes
|
narrowing=yes
|
||||||
dpddelay=30
|
dpddelay=30
|
||||||
dpdtimeout=120
|
retransmit-timeout=300s
|
||||||
dpdaction=clear
|
dpdaction=clear
|
||||||
auto=add
|
auto=add
|
||||||
ikev2=insist
|
ikev2=insist
|
||||||
|
|
|
@ -323,7 +323,7 @@ conn shared
|
||||||
rekey=no
|
rekey=no
|
||||||
keyingtries=5
|
keyingtries=5
|
||||||
dpddelay=30
|
dpddelay=30
|
||||||
dpdtimeout=120
|
dpdtimeout=300
|
||||||
dpdaction=clear
|
dpdaction=clear
|
||||||
ikev2=never
|
ikev2=never
|
||||||
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
|
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
|
||||||
|
|
|
@ -325,7 +325,7 @@ conn shared
|
||||||
rekey=no
|
rekey=no
|
||||||
keyingtries=5
|
keyingtries=5
|
||||||
dpddelay=30
|
dpddelay=30
|
||||||
dpdtimeout=120
|
dpdtimeout=300
|
||||||
dpdaction=clear
|
dpdaction=clear
|
||||||
ikev2=never
|
ikev2=never
|
||||||
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
|
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
|
||||||
|
|
|
@ -407,7 +407,7 @@ conn shared
|
||||||
rekey=no
|
rekey=no
|
||||||
keyingtries=5
|
keyingtries=5
|
||||||
dpddelay=30
|
dpddelay=30
|
||||||
dpdtimeout=120
|
dpdtimeout=300
|
||||||
dpdaction=clear
|
dpdaction=clear
|
||||||
ikev2=never
|
ikev2=never
|
||||||
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
|
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
|
||||||
|
|
|
@ -384,7 +384,7 @@ conn shared
|
||||||
rekey=no
|
rekey=no
|
||||||
keyingtries=5
|
keyingtries=5
|
||||||
dpddelay=30
|
dpddelay=30
|
||||||
dpdtimeout=120
|
dpdtimeout=300
|
||||||
dpdaction=clear
|
dpdaction=clear
|
||||||
ikev2=never
|
ikev2=never
|
||||||
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
|
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
|
||||||
|
|
Loading…
Reference in New Issue
Block a user