From 78830d96aa827ebe66b071a1bcfd6e5232386a67 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com>
Date: Mon, 19 Mar 2018 19:05:30 +0300
Subject: [PATCH] Android: add the CA and set the ciphers explicitly (#837)

---
 roles/vpn/templates/sswan.j2 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/roles/vpn/templates/sswan.j2 b/roles/vpn/templates/sswan.j2
index 4fa4fb8..405d44a 100644
--- a/roles/vpn/templates/sswan.j2
+++ b/roles/vpn/templates/sswan.j2
@@ -3,10 +3,13 @@
     "name": "Algo {{ IP_subject_alt_name }}",
     "type": "ikev2-cert",
     "remote": {
-        "addr": "{{ IP_subject_alt_name }}"
+        "addr": "{{ IP_subject_alt_name }}",
+        "cert": "{{ PayloadContentCA }}"
     },
     "local": {
         "p12": "{{ item.1.stdout }}"
     },
+    "ike-proposal": "{{ ciphers.defaults.ike | replace('!', '') }}",
+    "esp-proposal": "{{ ciphers.defaults.esp | replace('!', '') }}",
     "mtu": 1280
 }