diff --git a/extras/vpnupgrade.sh b/extras/vpnupgrade.sh
index 57fb8f4..930a84e 100644
--- a/extras/vpnupgrade.sh
+++ b/extras/vpnupgrade.sh
@@ -116,33 +116,10 @@ Version to install: Libreswan $SWAN_VER
 EOF
 
 cat <<'EOF'
-NOTE: Libreswan versions 3.19 and newer require some configuration changes.
-    This script will make the following updates to your /etc/ipsec.conf:
+NOTE: This script will make the following changes to your IPsec config:
 
-    - Replace obsolete ipsec.conf options
+    - Fix obsolete ipsec.conf and/or ikev2.conf options
     - Optimize VPN ciphers for "ike=" and "phase2alg="
-EOF
-
-if [ "$dns_state" = "1" ] || [ "$dns_state" = "2" ]; then
-cat <<'EOF'
-    - Replace "modecfgdns1" and "modecfgdns2" with "modecfgdns"
-EOF
-fi
-
-if [ "$dns_state" = "3" ] || [ "$dns_state" = "4" ]; then
-cat <<'EOF'
-    - Replace "modecfgdns" with "modecfgdns1" and "modecfgdns2"
-EOF
-fi
-
-if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ] \
-  || [ "$SWAN_VER" = "3.32" ] || [ "$SWAN_VER" = "4.1" ]; then
-cat <<'EOF'
-    - Move "ikev2=never" to section "conn shared"
-EOF
-fi
-
-cat <<'EOF'
 
     Your other VPN configuration files will not be modified.
 
@@ -250,7 +227,7 @@ if ! /usr/local/sbin/ipsec --version 2>/dev/null | grep -qF "$SWAN_VER"; then
   exiterr "Libreswan $SWAN_VER failed to build."
 fi
 
-# Update ipsec.conf
+# Update IPsec config
 IKE_NEW="  ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024"
 PHASE2_NEW="  phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2"
 
@@ -286,6 +263,10 @@ if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ] \
   sed -i "/conn shared/a \  ikev2=never" /etc/ipsec.conf
 fi
 
+if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
+  sed -i 's/^[[:space:]]\+ike-frag=/  fragmentation=/' /etc/ipsec.d/ikev2.conf
+fi
+
 # Restart IPsec service
 mkdir -p /run/pluto
 service ipsec restart
diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh
index f39417e..d2f5719 100644
--- a/extras/vpnupgrade_centos.sh
+++ b/extras/vpnupgrade_centos.sh
@@ -107,33 +107,10 @@ Version to install: Libreswan $SWAN_VER
 EOF
 
 cat <<'EOF'
-NOTE: Libreswan versions 3.19 and newer require some configuration changes.
-    This script will make the following updates to your /etc/ipsec.conf:
+NOTE: This script will make the following changes to your IPsec config:
 
-    - Replace obsolete ipsec.conf options
+    - Fix obsolete ipsec.conf and/or ikev2.conf options
     - Optimize VPN ciphers for "ike=" and "phase2alg="
-EOF
-
-if [ "$dns_state" = "1" ] || [ "$dns_state" = "2" ]; then
-cat <<'EOF'
-    - Replace "modecfgdns1" and "modecfgdns2" with "modecfgdns"
-EOF
-fi
-
-if [ "$dns_state" = "3" ] || [ "$dns_state" = "4" ]; then
-cat <<'EOF'
-    - Replace "modecfgdns" with "modecfgdns1" and "modecfgdns2"
-EOF
-fi
-
-if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ] \
-  || [ "$SWAN_VER" = "3.32" ] || [ "$SWAN_VER" = "4.1" ]; then
-cat <<'EOF'
-    - Move "ikev2=never" to section "conn shared"
-EOF
-fi
-
-cat <<'EOF'
 
     Your other VPN configuration files will not be modified.
 
@@ -259,7 +236,7 @@ restorecon /etc/ipsec.d/*db 2>/dev/null
 restorecon /usr/local/sbin -Rv 2>/dev/null
 restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
 
-# Update ipsec.conf
+# Update IPsec config
 IKE_NEW="  ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024"
 PHASE2_NEW="  phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2"
 
@@ -289,6 +266,10 @@ if [ "$SWAN_VER" = "3.29" ] || [ "$SWAN_VER" = "3.31" ] \
   sed -i "/conn shared/a \  ikev2=never" /etc/ipsec.conf
 fi
 
+if grep -qs ike-frag /etc/ipsec.d/ikev2.conf; then
+  sed -i 's/^[[:space:]]\+ike-frag=/  fragmentation=/' /etc/ipsec.d/ikev2.conf
+fi
+
 # Restart IPsec service
 mkdir -p /run/pluto
 service ipsec restart