diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index 9f2c93a..9f53b3c 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -55,8 +55,8 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
      ikev2=insist
      rekey=no
      fragmentation=yes
-     ike=3des-sha1,3des-sha1;modp1024,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512
-     phase2alg=3des-sha1,aes-sha1,aes-sha2,aes256-sha2_512
+     ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512
+     phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512
    EOF
    ```
 
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index 17ca30a..7c93dc6 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -55,8 +55,8 @@ Before continuing, make sure you have successfully <a href="https://github.com/h
      ikev2=insist
      rekey=no
      fragmentation=yes
-     ike=3des-sha1,3des-sha1;modp1024,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512
-     phase2alg=3des-sha1,aes-sha1,aes-sha2,aes256-sha2_512
+     ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512
+     phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512
    EOF
    ```
 
diff --git a/extras/vpnupgrade.sh b/extras/vpnupgrade.sh
index 37337b5..de6cc24 100644
--- a/extras/vpnupgrade.sh
+++ b/extras/vpnupgrade.sh
@@ -159,8 +159,8 @@ if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$swan_ver"; then
 fi
 
 # Update ipsec.conf for Libreswan 3.19 and newer
-IKE_NEW="  ike=3des-sha1,3des-sha1;modp1024,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512"
-PHASE2_NEW="  phase2alg=3des-sha1,aes-sha1,aes-sha2,aes256-sha2_512"
+IKE_NEW="  ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512"
+PHASE2_NEW="  phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512"
 sed -i".old-$(date +%Y-%m-%d-%H:%M:%S)" \
     -e "s/^[[:space:]]\+auth=esp\$/  phase2=esp/" \
     -e "s/^[[:space:]]\+forceencaps=yes\$/  encapsulation=yes/" \
diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh
index 5f33485..14f8be9 100644
--- a/extras/vpnupgrade_centos.sh
+++ b/extras/vpnupgrade_centos.sh
@@ -155,8 +155,8 @@ restorecon /usr/local/sbin -Rv 2>/dev/null
 restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
 
 # Update ipsec.conf for Libreswan 3.19 and newer
-IKE_NEW="  ike=3des-sha1,3des-sha1;modp1024,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512"
-PHASE2_NEW="  phase2alg=3des-sha1,aes-sha1,aes-sha2,aes256-sha2_512"
+IKE_NEW="  ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512"
+PHASE2_NEW="  phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512"
 sed -i".old-$(date +%Y-%m-%d-%H:%M:%S)" \
     -e "s/^[[:space:]]\+auth=esp\$/  phase2=esp/" \
     -e "s/^[[:space:]]\+forceencaps=yes\$/  encapsulation=yes/" \
diff --git a/vpnsetup.sh b/vpnsetup.sh
index fd57a1b..cdc0f8a 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -244,8 +244,8 @@ conn shared
   dpddelay=30
   dpdtimeout=120
   dpdaction=clear
-  ike=3des-sha1,3des-sha1;modp1024,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512,3des-sha2
-  phase2alg=3des-sha1,aes-sha1,aes-sha2,aes256-sha2_512,3des-sha2
+  ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512
+  phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512
   sha2-truncbug=yes
 
 conn l2tp-psk
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index cee3ce3..4c307df 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -230,8 +230,8 @@ conn shared
   dpddelay=30
   dpdtimeout=120
   dpdaction=clear
-  ike=3des-sha1,3des-sha1;modp1024,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512,3des-sha2
-  phase2alg=3des-sha1,aes-sha1,aes-sha2,aes256-sha2_512,3des-sha2
+  ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512
+  phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512
   sha2-truncbug=yes
 
 conn l2tp-psk