Remove SHA2 workaround

- Libreswan 3.18 and higher prefers sha2_512 over sha2_256
- The 'sha2-truncbug=yes' workaround is no longer needed
- Ref: https://libreswan.org/wiki/FAQ#Configuration_Matters

docs/clients-zh.md

@@ -20,7 +20,7 @@
 * [故障排除](#故障排除)
   * [Windows 错误 809](#windows-错误-809)
   * [Windows 错误 628](#windows-错误-628)
-  * [Android 6.0 and 7.0](#android-60-and-70)
+  * [Android 6 and 7](#android-6-and-7)
   * [其它错误](#其它错误)
 
 ## Windows
@@ -374,12 +374,12 @@ strongswan down myvpn
 
 ![Select CHAP in VPN connection properties](images/vpn-properties-zh.png)
 
-### Android 6.0 and 7.0
+### Android 6 and 7
 
-如果你无法使用 Android 6.0 (Marshmallow) 或者 7.0 (Nougat) 连接，请尝试以下解决方案：
+如果你无法使用 Android 6 (Marshmallow) 或者 7 (Nougat) 连接：
 
-1. 单击 VPN 连接旁边的设置按钮，选择 "显示高级选项" 并且滚动到底部。如果选项 "兼容模式" 存在，请启用它并重试连接。如果不存在，请看下一步。
+1. 单击 VPN 连接旁边的设置按钮，选择 "显示高级选项" 并且滚动到底部。如果选项 "兼容模式" 存在，请启用它并重试连接。如果不存在，请尝试下一步。
-1. （注： 最新版本的 VPN 脚本已经包含这些更改） 编辑 VPN 服务器上的 `/etc/ipsec.conf`，并在 `ike=` 和 `phase2alg=` 两行结尾添加 `,aes256-sha2_256` 字样。然后在它们下面添加一行 `sha2-truncbug=yes`。每行开头必须空两格。保存修改并运行 `service ipsec restart`。(<a href="https://libreswan.org/wiki/FAQ#Configuration_Matters" target="_blank">参见</a>)
+1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到这一行 `phase2alg=...`，然后在它下面添加一行 `sha2-truncbug=yes`，开头必须空两格。保存修改并运行 `service ipsec restart`。(<a href="https://libreswan.org/wiki/FAQ#Configuration_Matters" target="_blank">参见</a>)
 
 ### 其它错误
 

docs/clients.md

@@ -20,7 +20,7 @@ An alternative <a href="https://usefulpcguide.com/17318/create-your-own-vpn/" ta
 * [Troubleshooting](#troubleshooting)
   * [Windows Error 809](#windows-error-809)
   * [Windows Error 628](#windows-error-628)
-  * [Android 6.0 and 7.0](#android-60-and-70)
+  * [Android 6 and 7](#android-6-and-7)
   * [Other Errors](#other-errors)
 
 ## Windows
@@ -373,12 +373,12 @@ To fix this error, please follow these steps:
 
 ![Select CHAP in VPN connection properties](images/vpn-properties.png)
 
-### Android 6.0 and 7.0
+### Android 6 and 7
 
-If you are unable to connect using Android 6.0 (Marshmallow) or 7.0 (Nougat), try these workarounds:
+If you are unable to connect using Android 6 (Marshmallow) or 7 (Nougat):
 
-1. Tap the "Settings" icon next to your VPN profile. Select "Show Advanced Options" and scroll down to the bottom. If the option "Backwards-compatible mode" exists, enable it and reconnect the VPN. If not, see the next step.
+1. Tap the "Settings" icon next to your VPN profile. Select "Show Advanced Options" and scroll down to the bottom. If the option "Backwards-compatible mode" exists, enable it and reconnect the VPN. If not, try the next step.
-1. (Note: The latest version of VPN scripts already includes these changes) Edit `/etc/ipsec.conf` on the VPN server and append `,aes256-sha2_256` to both `ike=` and `phase2alg=` lines. Then add a new line `sha2-truncbug=yes` immediately after those. Indent lines with two spaces. Save the file and run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Configuration_Matters" target="_blank">Ref</a>)
+1. Edit `/etc/ipsec.conf` on the VPN server. Find the line `phase2alg=...`, and add a new line `sha2-truncbug=yes` immediately below it, indented with two spaces. Save the file and run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Configuration_Matters" target="_blank">Ref</a>)
 
 ### Other Errors
 

vpnsetup.sh

@@ -212,7 +212,6 @@ conn shared
   dpdaction=clear
   ike=3des-sha1,aes-sha1,aes256-sha2_512,aes256-sha2_256
   phase2alg=3des-sha1,aes-sha1,aes256-sha2_512,aes256-sha2_256
-  sha2-truncbug=yes
 
 conn l2tp-psk
   auto=add

vpnsetup_centos.sh

@@ -202,7 +202,6 @@ conn shared
   dpdaction=clear
   ike=3des-sha1,aes-sha1,aes256-sha2_512,aes256-sha2_256
   phase2alg=3des-sha1,aes-sha1,aes256-sha2_512,aes256-sha2_256
-  sha2-truncbug=yes
 
 conn l2tp-psk
   auto=add