add TCP_NODELAY option

Signed-off-by: Mohammad Shehar Yaar Tausif <sheharyaar48@gmail.com>
2025-07-06 06:24:22 +02:00 · 2022-11-18 23:26:15 +05:30 · 2022-11-18 23:26:15 +05:30 · 759d8f08f2
commit 759d8f08f2
parent 4553dd9c21
1 changed files with 1201 additions and 1192 deletions
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@ -117,7 +117,7 @@ access-control: 10.8.0.1/24 allow
 hide-identity: yes
 hide-version: yes
 use-caps-for-id: yes
-prefetch: yes' >>/etc/unbound/unbound.conf
+            prefetch: yes' >>/etc/unbound/unbound.conf
            
            elif [[ $OS =~ (centos|amzn|oracle) ]]; then
            yum install -y unbound
@ -171,7 +171,7 @@ prefetch: yes' >>/etc/unbound/unbound.conf
        # IPv6 DNS for all OS
        if [[ $IPV6_SUPPORT == 'y' ]]; then
            echo 'interface: fd42:42:42:42::1
-access-control: fd42:42:42:42::/112 allow' >>/etc/unbound/unbound.conf
+            access-control: fd42:42:42:42::/112 allow' >>/etc/unbound/unbound.conf
        fi
        
        if [[ ! $OS =~ (fedora|centos|amzn|oracle) ]]; then
@ -184,7 +184,7 @@ private-address: 169.254.0.0/16
 private-address: fd00::/8
 private-address: fe80::/10
 private-address: 127.0.0.0/8
-private-address: ::ffff:0:0/96" >>/etc/unbound/unbound.conf
+            private-address: ::ffff:0:0/96" >>/etc/unbound/unbound.conf
        fi
    else # Unbound is already installed
        echo 'include: /etc/unbound/openvpn.conf' >>/etc/unbound/unbound.conf
@ -205,10 +205,10 @@ private-address: 169.254.0.0/16
 private-address: fd00::/8
 private-address: fe80::/10
 private-address: 127.0.0.0/8
-private-address: ::ffff:0:0/96' >/etc/unbound/openvpn.conf
+        private-address: ::ffff:0:0/96' >/etc/unbound/openvpn.conf
        if [[ $IPV6_SUPPORT == 'y' ]]; then
            echo 'interface: fd42:42:42:42::1
-access-control: fd42:42:42:42::/112 allow' >>/etc/unbound/openvpn.conf
+            access-control: fd42:42:42:42::/112 allow' >>/etc/unbound/openvpn.conf
        fi
    fi
    
@ -308,6 +308,14 @@ function installQuestions() {
        ;;
        2)
            PROTOCOL="tcp"
+            until [[ $TCP_NODELAY =~ (y|n) ]]; do
+                read -rp "Do you want to enable TCP_NODELAY (improves latency)? [y/n]: " -e TCP_NODELAY
+            done
+            if [[ $TCP_NODELAY == "y" ]]; then
+                TCP_NODELAY="tcp-nodelay"
+            else
+                TCP_NODELAY=""
+            fi
        ;;
    esac
    echo ""
@ -781,7 +789,7 @@ persist-tun
 keepalive 10 120
 topology subnet
 server 10.8.0.0 255.255.255.0
-ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf
+    ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf
    
    # DNS resolvers
    case $DNS in
@ -862,7 +870,7 @@ ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf
 tun-ipv6
 push tun-ipv6
 push "route-ipv6 2000::/3"
-push "redirect-gateway ipv6"' >>/etc/openvpn/server.conf
+        push "redirect-gateway ipv6"' >>/etc/openvpn/server.conf
    fi
    
    if [[ $COMPRESSION_ENABLED == "y" ]]; then
@ -897,7 +905,8 @@ tls-version-min 1.2
 tls-cipher $CC_CIPHER
 client-config-dir /etc/openvpn/ccd
 status /var/log/openvpn/status.log
-verb 3" >>/etc/openvpn/server.conf
+verb 3
+    $TCP_NODELAY" >>/etc/openvpn/server.conf
    
    # Create client-config-dir dir
    mkdir -p /etc/openvpn/ccd
@ -966,14 +975,14 @@ iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o $NIC -j MASQUERADE
 iptables -I INPUT 1 -i tun0 -j ACCEPT
 iptables -I FORWARD 1 -i $NIC -o tun0 -j ACCEPT
 iptables -I FORWARD 1 -i tun0 -o $NIC -j ACCEPT
-iptables -I INPUT 1 -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >/etc/iptables/add-openvpn-rules.sh
+    iptables -I INPUT 1 -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >/etc/iptables/add-openvpn-rules.sh
    
    if [[ $IPV6_SUPPORT == 'y' ]]; then
        echo "ip6tables -t nat -I POSTROUTING 1 -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE
 ip6tables -I INPUT 1 -i tun0 -j ACCEPT
 ip6tables -I FORWARD 1 -i $NIC -o tun0 -j ACCEPT
 ip6tables -I FORWARD 1 -i tun0 -o $NIC -j ACCEPT
-ip6tables -I INPUT 1 -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >>/etc/iptables/add-openvpn-rules.sh
+        ip6tables -I INPUT 1 -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >>/etc/iptables/add-openvpn-rules.sh
    fi
    
    # Script to remove rules
@ -982,14 +991,14 @@ iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o $NIC -j MASQUERADE
 iptables -D INPUT -i tun0 -j ACCEPT
 iptables -D FORWARD -i $NIC -o tun0 -j ACCEPT
 iptables -D FORWARD -i tun0 -o $NIC -j ACCEPT
-iptables -D INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >/etc/iptables/rm-openvpn-rules.sh
+    iptables -D INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >/etc/iptables/rm-openvpn-rules.sh
    
    if [[ $IPV6_SUPPORT == 'y' ]]; then
        echo "ip6tables -t nat -D POSTROUTING -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE
 ip6tables -D INPUT -i tun0 -j ACCEPT
 ip6tables -D FORWARD -i $NIC -o tun0 -j ACCEPT
 ip6tables -D FORWARD -i tun0 -o $NIC -j ACCEPT
-ip6tables -D INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >>/etc/iptables/rm-openvpn-rules.sh
+        ip6tables -D INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >>/etc/iptables/rm-openvpn-rules.sh
    fi
    
    chmod +x /etc/iptables/add-openvpn-rules.sh
@ -1008,7 +1017,7 @@ ExecStop=/etc/iptables/rm-openvpn-rules.sh
 RemainAfterExit=yes

 [Install]
-WantedBy=multi-user.target" >/etc/systemd/system/iptables-openvpn.service
+    WantedBy=multi-user.target" >/etc/systemd/system/iptables-openvpn.service
    
    # Enable service and apply rules
    systemctl daemon-reload
@ -1044,7 +1053,7 @@ tls-version-min 1.2
 tls-cipher $CC_CIPHER
 ignore-unknown-option block-outside-dns
 setenv opt block-outside-dns # Prevent Windows 10 DNS leak
-verb 3" >>/etc/openvpn/client-template.txt
+    verb 3" >>/etc/openvpn/client-template.txt
    
    if [[ $COMPRESSION_ENABLED == "y" ]]; then
        echo "compress $COMPRESSION_ALG" >>/etc/openvpn/client-template.txt