diff --git a/roles/vpn/defaults/main.yml b/roles/vpn/defaults/main.yml
index 90cc7aa64..bc0b9a6e4 100644
--- a/roles/vpn/defaults/main.yml
+++ b/roles/vpn/defaults/main.yml
@@ -21,12 +21,9 @@ strongswan_enabled_plugins:
- x509
ciphers:
- old:
- ike: aes128gcm16-sha2_256-prfsha256-ecp256!
- esp: aes128gcm16-sha2_256-ecp256!
defaults:
- ike: aes192gcm16-prfsha512-ecp521!
- esp: aes192gcm16-ecp521!
+ ike: aes128gcm16-sha2_512-prfsha512-ecp256!
+ esp: aes128gcm16-sha2_512-ecp256!
windows:
- ike: aes128gcm16-sha2_256-prfsha256-ecp256,aes256-sha2_256-prfsha256-modp2048!
- esp: aes128gcm16-sha2_256-ecp256,aes256-sha2_256-modp2048!
+ ike: aes128gcm16-sha2_512-prfsha512-ecp256,aes128-sha2_256-prfsha256-modp2048!
+ esp: aes128gcm16-sha2_512-ecp256,aes128-sha2_256-modp2048!
diff --git a/roles/vpn/templates/mobileconfig.j2 b/roles/vpn/templates/mobileconfig.j2
index 823a94ccd..811e612f3 100644
--- a/roles/vpn/templates/mobileconfig.j2
+++ b/roles/vpn/templates/mobileconfig.j2
@@ -64,7 +64,7 @@
EncryptionAlgorithm
AES-128-GCM
IntegrityAlgorithm
- SHA2-256
+ SHA2-512
LifeTimeInMinutes
20
@@ -85,7 +85,7 @@
EncryptionAlgorithm
AES-128-GCM
IntegrityAlgorithm
- SHA2-256
+ SHA2-512
LifeTimeInMinutes
20