From 5f1ca683500840a7202c17fc9cc19da689bd46d0 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Thu, 31 Dec 2020 23:10:10 -0600
Subject: [PATCH] Update docs

---
 README-zh.md             | 2 +-
 README.md                | 2 +-
 docs/clients-xauth-zh.md | 2 +-
 docs/clients-xauth.md    | 2 +-
 docs/clients-zh.md       | 2 +-
 docs/clients.md          | 2 +-
 docs/ikev2-howto-zh.md   | 4 ++--
 docs/ikev2-howto.md      | 4 ++--
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/README-zh.md b/README-zh.md
index 2cb7524..8ba8e62 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -265,7 +265,7 @@ sh vpnsetup.sh
 
 **Android 用户** 如果遇到连接问题，请尝试 <a href="docs/clients-zh.md#android-mtumss-问题" target="_blank">这些步骤</a>。
 
-同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性，如果需要同时连接在同一个 NAT（比如家用路由器）后面的多个设备到 VPN 服务器，你必须仅使用 <a href="docs/clients-xauth-zh.md" target="_blank">IPsec/XAuth 模式</a>，或者配置 <a href="docs/ikev2-howto-zh.md" target="_blank">IKEv2</a>。
+同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性，如果需要同时连接在同一个 NAT（比如家用路由器）后面的多个设备到 VPN 服务器，你必须仅使用 <a href="docs/clients-xauth-zh.md" target="_blank">IPsec/XAuth 模式</a>，或者 <a href="docs/ikev2-howto-zh.md" target="_blank">配置 IKEv2</a>。
 
 如果需要查看或更改 VPN 用户账户，请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a>。该文档包含辅助脚本，以方便管理 VPN 用户。
 
diff --git a/README.md b/README.md
index d53bc44..179ddc8 100644
--- a/README.md
+++ b/README.md
@@ -265,7 +265,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
 
 **Android users**: If you encounter connection issues, try <a href="docs/clients.md#android-mtumss-issues" target="_blank">these steps</a>.
 
-The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use only <a href="docs/clients-xauth.md" target="_blank">IPsec/XAuth mode</a>, or set up <a href="docs/ikev2-howto.md" target="_blank">IKEv2</a>.
+The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use only <a href="docs/clients-xauth.md" target="_blank">IPsec/XAuth mode</a>, or <a href="docs/ikev2-howto.md" target="_blank">set up IKEv2</a>.
 
 If you wish to view or update VPN user accounts, see <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>. Helper scripts are included for convenience.
 
diff --git a/docs/clients-xauth-zh.md b/docs/clients-xauth-zh.md
index 352601b..cda7353 100644
--- a/docs/clients-xauth-zh.md
+++ b/docs/clients-xauth-zh.md
@@ -2,7 +2,7 @@
 
 *其他语言版本: [English](clients-xauth.md), [简体中文](clients-xauth-zh.md).*
 
-**注： 你也可以使用 [IPsec/L2TP 模式](clients-zh.md) 连接，或者配置 [IKEv2](ikev2-howto-zh.md)。**
+**注：你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐），或者使用 [IPsec/L2TP 模式](clients-zh.md) 连接。**
 
 在成功 <a href="../README-zh.md" target="_blank">搭建自己的 VPN 服务器</a> 之后，按照下面的步骤来配置你的设备。IPsec/XAuth ("Cisco IPsec") 在 Android, iOS 和 OS X 上均受支持，无需安装额外的软件。Windows 用户可以使用免费的 <a href="https://www.shrew.net/download/vpn" target="_blank">Shrew Soft 客户端</a>。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。
 
diff --git a/docs/clients-xauth.md b/docs/clients-xauth.md
index d7c9803..d6b7b5f 100644
--- a/docs/clients-xauth.md
+++ b/docs/clients-xauth.md
@@ -2,7 +2,7 @@
 
 *Read this in other languages: [English](clients-xauth.md), [简体中文](clients-xauth-zh.md).*
 
-**Note: You may also connect using [IPsec/L2TP mode](clients.md), or set up [IKEv2](ikev2-howto.md).**
+**Note: You may also [set up IKEv2](ikev2-howto.md) (recommended), or connect using [IPsec/L2TP mode](clients.md).**
 
 After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/XAuth ("Cisco IPsec") is natively supported by Android, iOS and OS X. There is no additional software to install. Windows users can use the free <a href="https://www.shrew.net/download/vpn" target="_blank">Shrew Soft client</a>. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.
 
diff --git a/docs/clients-zh.md b/docs/clients-zh.md
index 259ef03..251e9e9 100644
--- a/docs/clients-zh.md
+++ b/docs/clients-zh.md
@@ -2,7 +2,7 @@
 
 *其他语言版本: [English](clients.md), [简体中文](clients-zh.md).*
 
-**注： 你也可以使用更高效的 [IPsec/XAuth 模式](clients-xauth-zh.md) 连接，或者配置 [IKEv2](ikev2-howto-zh.md)。**
+**注：你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐），或者使用更高效的 [IPsec/XAuth 模式](clients-xauth-zh.md) 连接。**
 
 在成功 <a href="../README-zh.md" target="_blank">搭建自己的 VPN 服务器</a> 之后，按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持，无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。
 
diff --git a/docs/clients.md b/docs/clients.md
index 8168b22..5d76230 100644
--- a/docs/clients.md
+++ b/docs/clients.md
@@ -2,7 +2,7 @@
 
 *Read this in other languages: [English](clients.md), [简体中文](clients-zh.md).*
 
-**Note: You may also connect using the faster [IPsec/XAuth mode](clients-xauth.md), or set up [IKEv2](ikev2-howto.md).**
+**Note: You may also [set up IKEv2](ikev2-howto.md) (recommended), or connect using the faster [IPsec/XAuth mode](clients-xauth.md).**
 
 After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows. There is no additional software to install. Setup should only take a few minutes. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.
 
diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index f1258ba..85d5800 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -452,7 +452,7 @@ wget https://bit.ly/ikev2setup -O ikev2.sh && sudo bash ikev2.sh
 
 ## 移除 IKEv2
 
-如果你想要从 VPN 服务器移除 IKEv2，但是保留 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式，按照以下步骤操作。这些命令必须用 `root` 账户运行。请注意，这将删除所有的 IKEv2 配置，并且不可撤销！
+如果你想要从 VPN 服务器移除 IKEv2，但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式，按照以下步骤操作。这些命令必须用 `root` 账户运行。请注意，这将删除所有的 IKEv2 配置，并且**不可撤销**！
 
 1. 重命名（或者删除）IKEv2 配置文件：
 
@@ -483,7 +483,7 @@ wget https://bit.ly/ikev2setup -O ikev2.sh && sudo bash ikev2.sh
    vpnclient                                          u,u,u
    ```
 
-1. 删除证书。将下面的 "Nickname" 替换为每个证书的昵称。为每个证书重复此命令。
+1. 删除证书。将下面的 "Nickname" 替换为每个证书的昵称。为每个证书重复此命令。在完成后，再次列出 IPsec 证书数据库中的证书，并确认列表为空。
 
    ```bash
    certutil -D -d sql:/etc/ipsec.d -n "Nickname"
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index 2b87e66..95efab9 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -452,7 +452,7 @@ Before continuing, you **must** restart the IPsec service. The IKEv2 setup on th
 
 ## Remove IKEv2
 
-If you want to remove IKEv2 from the VPN server, but keep the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes, follow these steps. Commands must be run as `root`. Note that this will delete all IKEv2 configuration and cannot be undone!
+If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, follow these steps. Commands must be run as `root`. Note that this will delete all IKEv2 configuration and **cannot be undone**!
 
 1. Rename (or delete) the IKEv2 config file:
 
@@ -483,7 +483,7 @@ If you want to remove IKEv2 from the VPN server, but keep the IPsec/L2TP and IPs
    vpnclient                                          u,u,u
    ```
 
-1. Delete certificates. Replace "Nickname" below with each certificate's nickname. Repeat for each certificate.
+1. Delete certificates. Replace "Nickname" below with each certificate's nickname. Repeat for each certificate. When finished, list certificates in the IPsec database again, and confirm that the list is empty.
 
    ```bash
    certutil -D -d sql:/etc/ipsec.d -n "Nickname"