diff --git a/README-zh.md b/README-zh.md
index 9527ae0..adf1c64 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -213,6 +213,43 @@ sudo ikev2.sh
**注:** 如果服务器上已经配置了 IKEv2,则 `VPN_SKIP_IKEV2` 变量无效。在这种情况下,如需自定义 IKEv2 选项,你可以首先 [移除 IKEv2](docs/ikev2-howto-zh.md#移除-ikev2),然后运行 `sudo ikev2.sh` 重新配置。
+
+
+供参考:IKEv1 和 IKEv2 参数列表。
+
+
+| IKEv1 参数\* |默认值 |自定义(环境变量)\*\* |
+| ------------ | ---- | ----------------- |
+|服务器地址(DNS域名)| - |不能,但你可以使用 DNS 域名进行连接 |
+|服务器地址(公网IP)|自动检测 | VPN_PUBLIC_IP |
+| IPsec 预共享密钥 |自动生成 | VPN_IPSEC_PSK |
+| VPN 用户名 | vpnuser | VPN_USER |
+| VPN 密码 |自动生成 | VPN_PASSWORD |
+|客户端的 DNS 服务器 |Google Public DNS | VPN_DNS_SRV1, VPN_DNS_SRV2 |
+|跳过 IKEv2 安装 |否 | VPN_SKIP_IKEV2=yes |
+
+\* 这些 IKEv1 参数适用于 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式。
+\*\* 在运行 vpn(setup).sh 时将这些定义为环境变量。
+
+| IKEv2 参数\* |默认值 |自定义(环境变量)\*\* |自定义(安装时)\*\*\* |
+| ----------- | ---- | ------------------ | ----------------- |
+|服务器地址(DNS域名)| - | VPN_DNS_NAME | ✅ |
+|服务器地址(公网IP)|自动检测 | VPN_PUBLIC_IP | ✅ |
+|第一个客户端的名称 | vpnclient | VPN_CLIENT_NAME | ✅ |
+|客户端的 DNS 服务器 |Google Public DNS | VPN_DNS_SRV1, VPN_DNS_SRV2 | ✅ |
+|保护客户端配置文件 |否 | VPN_PROTECT_CONFIG=yes | ✅ |
+|启用/禁用 MOBIKE |如果系统支持则启用 | ❌ | ✅ |
+|客户端证书有效期 | 10 年(120 个月)| ❌ | ✅ |
+| CA 和服务器证书有效期 | 10 年(120 个月)| ❌ | ❌ |
+| CA 证书名称 | IKEv2 VPN CA | ❌ | ❌ |
+|证书密钥长度 | 3072 bits | ❌ | ❌ |
+
+\* 这些 IKEv2 参数适用于 IKEv2 模式。
+\*\* 在运行 vpn(setup).sh 时,或者在自动模式下配置 IKEv2 时 (`sudo ikev2.sh --auto`) 将这些定义为环境变量。
+\*\*\* 可以在交互式配置 IKEv2 期间自定义 (`sudo ikev2.sh`)。参见上面的选项 2。
+
+除了这些参数,高级用户还可以在安装时 [自定义 VPN 子网](docs/advanced-usage-zh.md#自定义-vpn-子网)。
+
## 下一步
diff --git a/README.md b/README.md
index 5736f2e..309d84a 100644
--- a/README.md
+++ b/README.md
@@ -213,6 +213,43 @@ sudo ikev2.sh
**Note:** The `VPN_SKIP_IKEV2` variable has no effect if IKEv2 is already set up on the server. In that case, to customize IKEv2 options, you can first [remove IKEv2](docs/ikev2-howto.md#remove-ikev2), then set it up again using `sudo ikev2.sh`.
+
+
+For reference: List of IKEv1 and IKEv2 parameters.
+
+
+| IKEv1 parameter\* | Default value | Customize (env variable)\*\* |
+| --------------------------- | --------------------- | ---------------------------------------- |
+| Server address (DNS name) | - | No, but you can connect using a DNS name |
+| Server address (public IP) | Auto detect | VPN_PUBLIC_IP |
+| IPsec pre-shared key | Auto generate | VPN_IPSEC_PSK |
+| VPN username | vpnuser | VPN_USER |
+| VPN password | Auto generate | VPN_PASSWORD |
+| DNS servers for clients | Google Public DNS | VPN_DNS_SRV1, VPN_DNS_SRV2 |
+| Skip IKEv2 setup | No | VPN_SKIP_IKEV2=yes |
+
+\* These IKEv1 parameters are for IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
+\*\* Define these as environment variables when running vpn(setup).sh.
+
+| IKEv2 parameter\* | Default value | Customize (env variable)\*\* | Customize (setup)\*\*\* |
+| --------------------------- | --------------------- | ---------------------------- | ----------------------- |
+| Server address (DNS name) | - | VPN_DNS_NAME | ✅ |
+| Server address (public IP) | Auto detect | VPN_PUBLIC_IP | ✅ |
+| Name of first client | vpnclient | VPN_CLIENT_NAME | ✅ |
+| DNS servers for clients | Google Public DNS | VPN_DNS_SRV1, VPN_DNS_SRV2 | ✅ |
+| Protect client config files | No | VPN_PROTECT_CONFIG=yes | ✅ |
+| Enable/Disable MOBIKE | Enable if supported | ❌ | ✅ |
+| Client cert validity | 10 years (120 months) | ❌ | ✅ |
+| CA & server cert validity | 10 years (120 months) | ❌ | ❌ |
+| CA certificate name | IKEv2 VPN CA | ❌ | ❌ |
+| Certificate key size | 3072 bits | ❌ | ❌ |
+
+\* These IKEv2 parameters are for IKEv2 mode.
+\*\* Define these as environment variables when running vpn(setup).sh, or when setting up IKEv2 in auto mode (`sudo ikev2.sh --auto`).
+\*\*\* Can be customized during interactive IKEv2 setup (`sudo ikev2.sh`). Refer to option 2 above.
+
+In addition to these parameters, advanced users can also [customize VPN subnets](docs/advanced-usage.md#customize-vpn-subnets) during VPN setup.
+
## Next steps