From 9db710090d4f36b9821de55fcfab47b319a83836 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Thu, 25 Oct 2018 01:25:35 -0500
Subject: [PATCH] Improve VPN ciphers

- Add AES-GCM cipher for Chromebook compatibility and performance
---
 extras/vpnupgrade.sh        | 4 ++--
 extras/vpnupgrade_centos.sh | 2 +-
 vpnsetup.sh                 | 2 +-
 vpnsetup_centos.sh          | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/extras/vpnupgrade.sh b/extras/vpnupgrade.sh
index 93bb86e..55a94f5 100644
--- a/extras/vpnupgrade.sh
+++ b/extras/vpnupgrade.sh
@@ -216,10 +216,10 @@ fi
 
 # Update ipsec.conf
 IKE_NEW="  ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024"
-PHASE2_NEW="  phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512"
+PHASE2_NEW="  phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes_gcm-null,aes256-sha2_512"
 
 if uname -m | grep -qi '^arm'; then
-  PHASE2_NEW="  phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2"
+  PHASE2_NEW="  phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes_gcm-null"
 fi
 
 sed -i".old-$(date +%F-%T)" \
diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh
index 2a73a44..230b4f0 100644
--- a/extras/vpnupgrade_centos.sh
+++ b/extras/vpnupgrade_centos.sh
@@ -218,7 +218,7 @@ restorecon /usr/local/libexec/ipsec -Rv 2>/dev/null
 
 # Update ipsec.conf
 IKE_NEW="  ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024"
-PHASE2_NEW="  phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512"
+PHASE2_NEW="  phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes_gcm-null,aes256-sha2_512"
 
 sed -i".old-$(date +%F-%T)" \
     -e "s/^[[:space:]]\+auth=esp\$/  phase2=esp/g" \
diff --git a/vpnsetup.sh b/vpnsetup.sh
index 1e0b446..885f588 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -259,7 +259,7 @@ conn shared
   dpdtimeout=120
   dpdaction=clear
   ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024
-  phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512
+  phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes_gcm-null,aes256-sha2_512
   sha2-truncbug=yes
 
 conn l2tp-psk
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 938cc89..783e137 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -246,7 +246,7 @@ conn shared
   dpdtimeout=120
   dpdaction=clear
   ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024
-  phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512
+  phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes_gcm-null,aes256-sha2_512
   sha2-truncbug=yes
 
 conn l2tp-psk