diff --git a/README-zh.md b/README-zh.md
index 716472f..272ad47 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -102,6 +102,8 @@ nano -w vpnsetup.sh
 sudo sh vpnsetup.sh
 ```
 
+**注：** 不要在值中使用这些字符： `\ " '`。一个安全的 IPsec PSK 应该至少包含 20 个随机字符。
+
 **选项 3:** 将你自己的 VPN 登录凭证定义为环境变量：
 
 ```bash
diff --git a/README.md b/README.md
index 57fcb61..9f187ab 100644
--- a/README.md
+++ b/README.md
@@ -102,6 +102,8 @@ nano -w vpnsetup.sh
 sudo sh vpnsetup.sh
 ```
 
+**Note:** DO NOT use these special characters within values: `\ " '`. A secure IPsec PSK should consist of at least 20 random characters.
+
 **Option 3:** Define your VPN credentials as environment variables:
 
 ```bash
diff --git a/vpnsetup.sh b/vpnsetup.sh
index eea63b8..20a2753 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -103,7 +103,7 @@ fi
 
 if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
   bigecho "VPN credentials not set by user. Generating random PSK and password..."
-  VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)"
+  VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 20)"
   VPN_USER=vpnuser
   VPN_PASSWORD="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)"
 fi
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 964b17d..2ad6fa0 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -92,7 +92,7 @@ fi
 
 if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
   bigecho "VPN credentials not set by user. Generating random PSK and password..."
-  VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)"
+  VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 20)"
   VPN_USER=vpnuser
   VPN_PASSWORD="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)"
 fi