From 96a071ebc5147dde83523ee6e298c6a31e85b60c Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Fri, 26 Aug 2016 00:21:10 -0500
Subject: [PATCH] Improve VPN ciphers

- Add stronger cipher options
- Fix for Android 6.0 VPN clients
---
 vpnsetup.sh        | 5 +++--
 vpnsetup_centos.sh | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/vpnsetup.sh b/vpnsetup.sh
index 2f8ed07..f962f47 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -198,8 +198,9 @@ conn shared
   dpddelay=30
   dpdtimeout=120
   dpdaction=clear
-  ike=3des-sha1,aes-sha1
-  phase2alg=3des-sha1,aes-sha1
+  ike=3des-sha1,aes-sha1,aes256-sha2_512,aes256-sha2_256
+  phase2alg=3des-sha1,aes-sha1,aes256-sha2_512,aes256-sha2_256
+  sha2-truncbug=yes
 
 conn l2tp-psk
   auto=add
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 08c421d..ddea15a 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -192,8 +192,9 @@ conn shared
   dpddelay=30
   dpdtimeout=120
   dpdaction=clear
-  ike=3des-sha1,aes-sha1
-  phase2alg=3des-sha1,aes-sha1
+  ike=3des-sha1,aes-sha1,aes256-sha2_512,aes256-sha2_256
+  phase2alg=3des-sha1,aes-sha1,aes256-sha2_512,aes256-sha2_256
+  sha2-truncbug=yes
 
 conn l2tp-psk
   auto=add