diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index 352d92d..cdf92b9 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -57,7 +57,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
      rekey=no
      fragmentation=yes
      ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
-     phase2alg=aes_gcm256-null,aes_gcm128-null,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1
+     phase2alg=aes_gcm-null,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1
    EOF
    ```
 
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index fa3244a..2e5261e 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -57,7 +57,7 @@ Before continuing, make sure you have successfully <a href="https://github.com/h
      rekey=no
      fragmentation=yes
      ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
-     phase2alg=aes_gcm256-null,aes_gcm128-null,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1
+     phase2alg=aes_gcm-null,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1
    EOF
    ```
 
diff --git a/extras/vpnupgrade.sh b/extras/vpnupgrade.sh
index 683fa8d..077ce10 100644
--- a/extras/vpnupgrade.sh
+++ b/extras/vpnupgrade.sh
@@ -214,10 +214,10 @@ fi
 
 # Update ipsec.conf
 IKE_NEW="  ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024"
-PHASE2_NEW="  phase2alg=aes_gcm256-null,aes_gcm128-null,aes256-sha2_512,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1"
+PHASE2_NEW="  phase2alg=aes_gcm-null,aes256-sha2_512,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1"
 
 if uname -m | grep -qi '^arm'; then
-  PHASE2_NEW="  phase2alg=aes_gcm256-null,aes_gcm128-null,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1"
+  PHASE2_NEW="  phase2alg=aes_gcm-null,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1"
 fi
 
 sed -i".old-$(date +%F-%T)" \
diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh
index b0cffdb..e371a11 100644
--- a/extras/vpnupgrade_centos.sh
+++ b/extras/vpnupgrade_centos.sh
@@ -216,7 +216,7 @@ restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
 
 # Update ipsec.conf
 IKE_NEW="  ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024"
-PHASE2_NEW="  phase2alg=aes_gcm256-null,aes_gcm128-null,aes256-sha2_512,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1"
+PHASE2_NEW="  phase2alg=aes_gcm-null,aes256-sha2_512,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1"
 
 sed -i".old-$(date +%F-%T)" \
     -e "s/^[[:space:]]\+auth=esp\$/  phase2=esp/g" \
diff --git a/vpnsetup.sh b/vpnsetup.sh
index 586e115..2069e58 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -259,7 +259,7 @@ conn shared
   dpdtimeout=120
   dpdaction=clear
   ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
-  phase2alg=aes_gcm256-null,aes_gcm128-null,aes256-sha2_512,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1
+  phase2alg=aes_gcm-null,aes256-sha2_512,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1
   sha2-truncbug=yes
 
 conn l2tp-psk
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index c9bd855..1646aa4 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -246,7 +246,7 @@ conn shared
   dpdtimeout=120
   dpdaction=clear
   ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
-  phase2alg=aes_gcm256-null,aes_gcm128-null,aes256-sha2_512,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1
+  phase2alg=aes_gcm-null,aes256-sha2_512,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1
   sha2-truncbug=yes
 
 conn l2tp-psk