Marown/wireguard-install
1
0
Fork 0
mirror of https://github.com/hwdsl2/wireguard-install.git synced 2024-09-22 00:00:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimize sysctl settings

Browse Source 
- Improve VPN performance by optimizing sysctl settings, such as tuning
  TCP buffer sizes and enabling the TCP BBR congestion control algorithm
  on supported systems (kernel versions 4.20 and newer).
- References:
  https://cloud.google.com/blog/products/networking/tcp-bbr-congestion-control-comes-to-gcp-your-internet-just-got-faster
  https://github.com/google/bbr/blob/master/Documentation/bbr-quick-start.md
  https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/bbr.md
This commit is contained in:
hwdsl2 2022-09-08 23:34:53 -05:00
parent 899b772354
commit b3053b048d
1 changed files with 31 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
wireguard-install.sh
View File

@ -116,6 +116,35 @@ get_export_dir () {
fi fi
} }
update_sysctl () {
# Enable net.ipv4.ip_forward for the system
echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/99-wireguard-forward.conf
if [[ -n "$ip6" ]]; then
# Enable net.ipv6.conf.all.forwarding for the system
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.d/99-wireguard-forward.conf
fi
# Optimize sysctl settings such as TCP buffer sizes
cat > /etc/sysctl.d/99-wireguard-optimize.conf <<'EOF'
kernel.msgmnb = 65536
kernel.msgmax = 65536
net.core.wmem_max = 16777216
net.core.rmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 87380 16777216
EOF
# Enable TCP BBR congestion control if kernel version >= 4.20
if modprobe -q tcp_bbr \
&& printf '%s\n%s' "4.20" "$(uname -r)" | sort -C -V; then
cat >> /etc/sysctl.d/99-wireguard-optimize.conf <<'EOF'
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
EOF
fi
# Apply sysctl settings
sysctl -e -q -p /etc/sysctl.d/99-wireguard-forward.conf
sysctl -e -q -p /etc/sysctl.d/99-wireguard-optimize.conf
}
new_client_dns () { new_client_dns () {
echo "Select a DNS server for the client:" echo "Select a DNS server for the client:"
echo " 1) Current system resolvers" echo " 1) Current system resolvers"
@ -402,16 +431,7 @@ ListenPort = $port
EOF EOF
chmod 600 /etc/wireguard/wg0.conf chmod 600 /etc/wireguard/wg0.conf
# Enable net.ipv4.ip_forward for the system update_sysctl
echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/99-wireguard-forward.conf
# Enable without waiting for a reboot or service restart
echo 1 > /proc/sys/net/ipv4/ip_forward
if [[ -n "$ip6" ]]; then
# Enable net.ipv6.conf.all.forwarding for the system
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.d/99-wireguard-forward.conf
# Enable without waiting for a reboot or service restart
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
fi
if systemctl is-active --quiet firewalld.service; then if systemctl is-active --quiet firewalld.service; then
# Using both permanent and not permanent rules to avoid a firewalld # Using both permanent and not permanent rules to avoid a firewalld
# reload. # reload.
@ -607,7 +627,7 @@ else
rm -f /etc/systemd/system/wg-iptables.service rm -f /etc/systemd/system/wg-iptables.service
fi fi
systemctl disable --now wg-quick@wg0.service systemctl disable --now wg-quick@wg0.service
rm -f /etc/sysctl.d/99-wireguard-forward.conf rm -f /etc/sysctl.d/99-wireguard-forward.conf /etc/sysctl.d/99-wireguard-optimize.conf
if [[ "$os" == "ubuntu" ]]; then if [[ "$os" == "ubuntu" ]]; then
# Ubuntu # Ubuntu
( (