diff --git a/README.md b/README.md
index 9642dc8..0230a0c 100644
--- a/README.md
+++ b/README.md
@@ -1,34 +1,48 @@
# IPsec/L2TP VPN Server Auto Setup Scripts
-Note: This repository was created from and replaces these GitHub Gists:
-- gist.github.com/hwdsl2/9030462 *(224 Stars, 87 Forks as of 01/08/2016)*
-- gist.github.com/hwdsl2/e9a78a50e300d12ae195 *(9 Stars, 5 Forks)*
+Note: This repository was created from (and replaces) these GitHub Gists:
+- gist.github.com/hwdsl2/9030462 (224 Stars, 87 Forks as of 01/08/2016)
+- gist.github.com/hwdsl2/e9a78a50e300d12ae195 (9 Stars, 5 Forks)
-Scripts for automatic configuration of IPsec/L2TP VPN server on Ubuntu 14.04 & 12.04, Debian 8 and CentOS/RHEL 6 & 7. All you need to do is provide your own values for `IPSEC_PSK`, `VPN_USER` and `VPN_PASSWORD`, and they will handle the rest. These scripts can also be directly used as the Amazon EC2 "user-data" when creating a new instance.
+## Overview
+
+Scripts for automatic configuration of IPsec/L2TP VPN server on Ubuntu 14.04 & 12.04, Debian 8 and CentOS/RHEL 6 & 7. All you need to do is providing your own values for `IPSEC_PSK`, `VPN_USER` and `VPN_PASSWORD`, and they will handle the rest. These scripts can also be directly used as the Amazon EC2 "user-data" when creating a new instance.
We will use Libreswan as the IPsec server, and xl2tpd as the L2TP provider.
-### My VPN tutorial with detailed usage instructions
+#### Link to my VPN tutorial with detailed usage instructions
+
+## Features
+
+- Fully automated IPsec/L2TP VPN server setup, no user input needed
+- Encapsulates all VPN traffic in UDP - does not need the ESP protocol
+- Can be directly used as "user-data" for a new Amazon EC2 instance
+- Automatically determines public IP and private IP of server
+- Includes basic IPTables rules and `sysctl.conf` settings
+- Tested with Ubuntu 14.04 & 12.04, Debian 8 and CentOS/RHEL 6 & 7
+
## Requirements
A newly created Amazon EC2 instance, using these AMIs: (See the link above for usage instructions)
-- Ubuntu 14.04 (Trusty) or 12.04 (Precise)
+- Ubuntu 14.04 (Trusty) or 12.04 (Precise)
- Debian 8 (Jessie) EC2 Images
- CentOS 7 (x86_64) with Updates HVM
-- CentOS 6 (x86_64) with Updates HVM - Does NOT have cloud-init. Run script manually after creation.
+- CentOS 6 (x86_64) with Updates HVM - Does NOT have cloud-init. Run script manually via SSH.
-**OR**
+**-OR-**
A dedicated server or any KVM- or Xen-based Virtual Private Server (VPS), with **freshly installed**:
- Ubuntu 14.04 (Trusty) or 12.04 (Precise)
- Debian 8 (Jessie)
-- Debian 7 (Wheezy) - A workaround is required. See below.
+- Debian 7 (Wheezy) - Not recommended. A workaround is required, see below.
- CentOS / Red Hat Enterprise Linux (RHEL) 6 or 7
OpenVZ VPS users should instead use Nyr's OpenVPN script.
-##### Note: Do NOT run these scripts on your PC or Mac! They are meant to be run on a dedicated server or VPS!
+#### I want to run my own VPN but don't have a server for that
+
+##### Do NOT run these scripts on your PC or Mac! They are meant to be run on a dedicated server or VPS!
## Installation
@@ -60,7 +74,7 @@ nano -w vpnsetup_centos.sh
## Upgrading Libreswan
-You may use the scripts `vpnupgrade_Libreswan.sh` (for Ubuntu/Debian) and `vpnupgrade_Libreswan_centos.sh` (for CentOS/RHEL) to upgrade Libreswan to a newer version.
+You may use `vpnupgrade_Libreswan.sh` (for Ubuntu/Debian) and `vpnupgrade_Libreswan_centos.sh` (for CentOS/RHEL) to upgrade Libreswan to a newer version. Check and update the `SWAN_VER` variable on top of the scripts as necessary.
## Important Notes
@@ -68,11 +82,11 @@ Learn how to one-time registry change is required for connections to a VPN server behind NAT (e.g. Amazon EC2).
-If using Amazon EC2, these ports must be open in the security group of your VPN server: UDP ports 500 & 4500, and TCP port 22 (optional, for SSH).
+If using Amazon EC2, these ports must be open in the server's security group: **UDP ports 500 & 4500**, and **TCP port 22** (optional, for SSH).
If your server uses a custom SSH port (not 22), or if you wish to allow other services through IPTables, be sure to edit the IPTables rules in the scripts before using.
-The scripts will backup /etc/rc.local, /etc/sysctl.conf, /etc/iptables.rules and /etc/sysconfig/iptables before overwriting them. Backups can be found under the same folder with .old suffix.
+The scripts will backup files `/etc/rc.local`, `/etc/sysctl.conf`, `/etc/iptables.rules` and `/etc/sysconfig/iptables` before overwriting them. Backups can be found under the same folder with .old suffix.
## Copyright and license