diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md index 38efcc5..078c53c 100644 --- a/docs/ikev2-howto-zh.md +++ b/docs/ikev2-howto-zh.md @@ -342,6 +342,8 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto fragmentation=yes ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024 phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2 + ikelifetime=24h + salifetime=24h EOF ``` diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md index 307127f..5ef16f3 100644 --- a/docs/ikev2-howto.md +++ b/docs/ikev2-howto.md @@ -342,6 +342,8 @@ As an alternative to using the [helper script](#using-helper-scripts), advanced fragmentation=yes ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024 phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2 + ikelifetime=24h + salifetime=24h EOF ``` diff --git a/extras/ikev2setup.sh b/extras/ikev2setup.sh index 47a093e..e6d21e4 100644 --- a/extras/ikev2setup.sh +++ b/extras/ikev2setup.sh @@ -595,7 +595,7 @@ cat > "$mc_file" <EncryptionAlgorithm AES-256-GCM LifeTimeInMinutes - 1440 + 1410 DeadPeerDetectionRate Medium @@ -614,7 +614,7 @@ cat > "$mc_file" <IntegrityAlgorithm SHA2-256 LifeTimeInMinutes - 1440 + 1410 LocalIdentifier $client_name @@ -796,6 +796,8 @@ conn ikev2-cp fragmentation=yes ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024 phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2 + ikelifetime=24h + salifetime=24h encapsulation=yes EOF