diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index 06732f7..58909ff 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -109,7 +109,7 @@ To customize IKEv2 or client options, run this script without arguments.
    # 创建 VPN 连接
    powershell -command "Add-VpnConnection -Name 'My IKEv2 VPN' -ServerAddress '%server_addr%' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"
    # 设置 IPsec 参数
-   powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'My IKEv2 VPN' -AuthenticationTransformConstants GCMAES256 -CipherTransformConstants GCMAES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"
+   powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'My IKEv2 VPN' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"
    ```
 
    另外，你也可以手动创建 VPN 连接。详细步骤请看 <a href="https://wiki.strongswan.org/projects/strongswan/wiki/Win7Config" target="_blank">这里</a>。如果你在配置 IKEv2 时指定了服务器的域名（而不是 IP 地址），则必须在 **Internet地址** 字段中输入该域名。
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index 6fa936d..a481b74 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -109,7 +109,7 @@ To customize IKEv2 or client options, run this script without arguments.
    # Create VPN connection
    powershell -command "Add-VpnConnection -Name 'My IKEv2 VPN' -ServerAddress '%server_addr%' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru"
    # Set IPsec configuration
-   powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'My IKEv2 VPN' -AuthenticationTransformConstants GCMAES256 -CipherTransformConstants GCMAES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"
+   powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'My IKEv2 VPN' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force"
    ```
 
    Alternatively, you can manually create the VPN connection. Click <a href="https://wiki.strongswan.org/projects/strongswan/wiki/Win7Config" target="_blank">here</a> for instructions. If you specified the server's DNS name (instead of its IP address) during IKEv2 setup, you must enter the DNS name in the **Internet address** field.
diff --git a/extras/ikev2setup.sh b/extras/ikev2setup.sh
index bdb092c..f91bded 100755
--- a/extras/ikev2setup.sh
+++ b/extras/ikev2setup.sh
@@ -756,7 +756,7 @@ cat > "$mc_file" <<EOF
           <key>DiffieHellmanGroup</key>
           <integer>14</integer>
           <key>EncryptionAlgorithm</key>
-          <string>AES-256-GCM</string>
+          <string>AES-128-GCM</string>
           <key>LifeTimeInMinutes</key>
           <integer>1410</integer>
         </dict>
@@ -915,7 +915,7 @@ cat > "$sswan_file" <<EOF
     "rsa-pss": "true"
   },
   "ike-proposal": "aes256-sha256-modp2048",
-  "esp-proposal": "aes256gcm16"
+  "esp-proposal": "aes128gcm16"
 }
 EOF