diff --git a/extras/vpnupgrade_alpine.sh b/extras/vpnupgrade_alpine.sh index 05bf56b..66a1ffd 100755 --- a/extras/vpnupgrade_alpine.sh +++ b/extras/vpnupgrade_alpine.sh @@ -209,7 +209,7 @@ update_ikev2_script() { update_config() { bigecho "Updating VPN configuration..." - IKE_NEW=" ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024" + IKE_NEW=" ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1" PHASE2_NEW=" phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2" if uname -m | grep -qi '^arm'; then if ! modprobe -q sha512; then diff --git a/extras/vpnupgrade_amzn.sh b/extras/vpnupgrade_amzn.sh index 19f1d7a..a2ddebd 100755 --- a/extras/vpnupgrade_amzn.sh +++ b/extras/vpnupgrade_amzn.sh @@ -203,7 +203,7 @@ update_ikev2_script() { update_config() { bigecho "Updating VPN configuration..." - IKE_NEW=" ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024" + IKE_NEW=" ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1" PHASE2_NEW=" phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2" dns_state=0 DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2) diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh index e511b75..ed1a74f 100755 --- a/extras/vpnupgrade_centos.sh +++ b/extras/vpnupgrade_centos.sh @@ -255,7 +255,7 @@ update_ikev2_script() { update_config() { bigecho "Updating VPN configuration..." - IKE_NEW=" ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024" + IKE_NEW=" ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1" PHASE2_NEW=" phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2" dns_state=0 DNS_SRV1=$(grep "modecfgdns1=" /etc/ipsec.conf | head -n 1 | cut -d '=' -f 2) diff --git a/extras/vpnupgrade_ubuntu.sh b/extras/vpnupgrade_ubuntu.sh index 97a87d8..77d380e 100755 --- a/extras/vpnupgrade_ubuntu.sh +++ b/extras/vpnupgrade_ubuntu.sh @@ -239,7 +239,7 @@ update_ikev2_script() { update_config() { bigecho "Updating VPN configuration..." - IKE_NEW=" ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024" + IKE_NEW=" ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1" PHASE2_NEW=" phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2" if uname -m | grep -qi '^arm'; then if ! modprobe -q sha512; then diff --git a/vpnsetup_alpine.sh b/vpnsetup_alpine.sh index 2030e2f..198fb34 100755 --- a/vpnsetup_alpine.sh +++ b/vpnsetup_alpine.sh @@ -337,7 +337,7 @@ conn shared dpdtimeout=300 dpdaction=clear ikev2=never - ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024 + ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1 phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2 ikelifetime=24h salifetime=24h diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh index 81d71bb..a6de477 100755 --- a/vpnsetup_amzn.sh +++ b/vpnsetup_amzn.sh @@ -353,7 +353,7 @@ conn shared dpdtimeout=300 dpdaction=clear ikev2=never - ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024 + ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1 phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2 ikelifetime=24h salifetime=24h diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh index cfe1e4d..af8b34d 100755 --- a/vpnsetup_centos.sh +++ b/vpnsetup_centos.sh @@ -453,7 +453,7 @@ conn shared dpdtimeout=300 dpdaction=clear ikev2=never - ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024 + ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1 phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2 ikelifetime=24h salifetime=24h diff --git a/vpnsetup_ubuntu.sh b/vpnsetup_ubuntu.sh index 8d07010..cc42589 100755 --- a/vpnsetup_ubuntu.sh +++ b/vpnsetup_ubuntu.sh @@ -398,7 +398,7 @@ conn shared dpdtimeout=300 dpdaction=clear ikev2=never - ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024 + ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1 phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2 ikelifetime=24h salifetime=24h