From 46a3f9e0b1ddc64872a8c555e0622c646befddcc Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Thu, 14 Jan 2016 14:33:51 -0600
Subject: [PATCH] Added note for Android 6.0 users

Android 6.0 users must enable SHA2 in /etc/ipsec.conf.
Thanks @rodolfobandeira for the hint!
Ref: https://github.com/rodolfobandeira/setup-simple-ipsec-l2tp-vpn/commit/544a25ab777db2622b1565b208301d511d64b9c8
---
 README.md          | 2 ++
 vpnsetup.sh        | 5 +++++
 vpnsetup_centos.sh | 5 +++++
 3 files changed, 12 insertions(+)

diff --git a/README.md b/README.md
index fa57ee9..daad41b 100644
--- a/README.md
+++ b/README.md
@@ -84,6 +84,8 @@ You may use `vpnupgrade_Libreswan.sh` (for Ubuntu/Debian) and `vpnupgrade_Libres
 
 For **Windows users**, a <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required for connections to a VPN server behind NAT (e.g. Amazon EC2).
 
+**Android 6.0 users**: Edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to the end of both `ike=` and `phase2alg=`, then add a new line `sha2-truncbug=yes`. Start lines with two spaces. When finished, run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">Source</a>)
+
 To support multiple VPN users with different credentials, just <a href="https://gist.github.com/hwdsl2/123b886f29f4c689f531" target="_blank">edit a few lines</a> in the scripts.
 
 Clients are configured to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN connection is active. This setting is controlled by `ms-dns` in `/etc/ppp/options.xl2tpd`.
diff --git a/vpnsetup.sh b/vpnsetup.sh
index 17b9e35..4dd01e5 100644
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -44,6 +44,11 @@ VPN_PASSWORD=your_very_secure_password
 # to a VPN server behind NAT (e.g. Amazon EC2). Please see:
 # https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809
 
+# **Android 6.0 users**: Edit /etc/ipsec.conf and append ",aes256-sha2_256" to the end of both
+# "ike=" and "phase2alg=", then add a new line "sha2-truncbug=yes". Start lines with two spaces.
+# When finished, run "service ipsec restart". Source:
+# https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow
+
 # To support multiple VPN users with different credentials, see:
 # https://gist.github.com/hwdsl2/123b886f29f4c689f531
 
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 2ecf238..bc0d00a 100644
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -53,6 +53,11 @@ VPN_PASSWORD=your_very_secure_password
 # to a VPN server behind NAT (e.g. Amazon EC2). Please see:
 # https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809
 
+# **Android 6.0 users**: Edit /etc/ipsec.conf and append ",aes256-sha2_256" to the end of both
+# "ike=" and "phase2alg=", then add a new line "sha2-truncbug=yes". Start lines with two spaces.
+# When finished, run "service ipsec restart". Source:
+# https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow
+
 # To support multiple VPN users with different credentials, see:
 # https://gist.github.com/hwdsl2/123b886f29f4c689f531