diff --git a/README.md b/README.md
index 5c35612..0537be0 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
 
 ## Author
 
-- Lin Song - Final year Ph.D. candidate seeking opportunities in Software or Systems Engineering.   
+- Lin Song - Final year U.S. PhD candidate seeking opportunities in Software or Systems Engineering.   
 View my profile on LinkedIn at <a href="https://www.linkedin.com/in/linsongui" target="_blank">www.linkedin.com/in/linsongui</a>.
 - Based on the work of Thomas Sarlandie (<a href="https://github.com/sarfata/voodooprivacy" target="_blank">sarfata/voodooprivacy</a>).
 
@@ -82,7 +82,7 @@ nano -w vpnsetup_centos.sh
 /bin/sh vpnsetup_centos.sh
 ```
 
-If unable to download via `wget`, you may alternatively open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (or <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl+A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
+If unable to download via `wget`, you may alternatively open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a> (or <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a>) and click the **`Raw`** button. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
 
 ## Next Steps
 
@@ -102,9 +102,9 @@ If you wish to create multiple VPN users with different credentials, just <a hre
 
 Clients are configured to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. To change, set `ms-dns` in `options.xl2tpd`.
 
-For Amazon EC2 instances only: In the <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">security group</a>, open **UDP ports 500 & 4500** and **TCP port 22** (optional, for SSH).
+For Amazon EC2 instances only: In the <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">security group</a>, open UDP ports 500 & 4500 and TCP port 22 (optional, for SSH).
 
-If you configured a custom SSH port (not 22) or wish to allow other services, edit <a href="vpnsetup.sh#L285" target="_blank">IPTables rules</a> before using the scripts.
+If you configured a custom SSH port (not 22) or wish to allow other services, edit <a href="vpnsetup.sh#L278" target="_blank">IPTables rules</a> before using the scripts.
 
 The scripts will backup your existing config files before making changes, to the same folder with `.old-date-time` suffix.
 
diff --git a/vpnsetup.sh b/vpnsetup.sh
index 55f5ea2..efebe6c 100644
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -26,14 +26,14 @@ IPSEC_PSK='your_ipsec_pre_shared_key'
 VPN_USER='your_vpn_username'
 VPN_PASSWORD='your_very_secure_password'
 
-# Be sure to read *important notes* at the URL below:
+# Be sure to read IMPORTANT NOTES at the URL below:
 # https://github.com/hwdsl2/setup-ipsec-vpn#important-notes
 
 # ------------------------------------------------------------
 
 if [ "$(uname)" = "Darwin" ]; then
   echo 'DO NOT run this script on your Mac! It should only be run on a dedicated server / VPS'
-  echo 'or a newly-created EC2 instance, after you have modified it to set the variables above.'
+  echo 'or a newly-created EC2 instance, after you have edited the variables above.'
   exit 1
 fi
 
@@ -96,11 +96,11 @@ PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/la
 # Check IPs for correct format
 IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
 if ! printf %s "$PUBLIC_IP" | grep -Eq "$IP_REGEX"; then
-  echo "Cannot find valid public IP, please edit the script and manually enter."
+  echo "Cannot find valid public IP. Edit the script and manually enter."
   exit 1
 fi
 if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then
-  echo "Cannot find valid private IP, please edit the script and manually enter."
+  echo "Cannot find valid private IP. Edit the script and manually enter."
   exit 1
 fi
 
@@ -142,16 +142,12 @@ cat > /etc/ipsec.conf <<EOF
 version 2.0
 
 config setup
-  dumpdir=/var/run/pluto/
-  nat_traversal=yes
   virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24
-  oe=off
   protostack=netkey
   nhelpers=0
   interfaces=%defaultroute
 
 conn vpnpsk
-  connaddrfamily=ipv4
   auto=add
   left=$PRIVATE_IP
   leftid=$PUBLIC_IP
@@ -187,11 +183,6 @@ cat > /etc/xl2tpd/xl2tpd.conf <<EOF
 [global]
 port = 1701
 
-;debug avp = yes
-;debug network = yes
-;debug state = yes
-;debug tunnel = yes
-
 [lns default]
 ip range = 192.168.42.10-192.168.42.250
 local ip = 192.168.42.1
@@ -199,7 +190,6 @@ require chap = yes
 refuse pap = yes
 require authentication = yes
 name = l2tpd
-;ppp debug = yes
 pppoptfile = /etc/ppp/options.xl2tpd
 length bit = yes
 EOF
@@ -279,12 +269,11 @@ cat > /etc/iptables.rules <<EOF
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
-:ICMPALL - [0:0]
 -A INPUT -m conntrack --ctstate INVALID -j DROP
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -d 127.0.0.0/8 -j REJECT
--A INPUT -p icmp --icmp-type 255 -j ICMPALL
+-A INPUT -p icmp -j ACCEPT
 -A INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT
 -A INPUT -p tcp --dport 22 -j ACCEPT
 -A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
@@ -297,13 +286,6 @@ cat > /etc/iptables.rules <<EOF
 # If you wish to allow traffic between VPN clients themselves, uncomment this line:
 # -A FORWARD -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j ACCEPT
 -A FORWARD -j DROP
--A ICMPALL -p icmp -f -j DROP
--A ICMPALL -p icmp --icmp-type 0 -j ACCEPT
--A ICMPALL -p icmp --icmp-type 3 -j ACCEPT
--A ICMPALL -p icmp --icmp-type 4 -j ACCEPT
--A ICMPALL -p icmp --icmp-type 8 -j ACCEPT
--A ICMPALL -p icmp --icmp-type 11 -j ACCEPT
--A ICMPALL -p icmp -j DROP
 COMMIT
 *nat
 :PREROUTING ACCEPT [0:0]
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 1112bba..bed9655 100644
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -26,14 +26,14 @@ IPSEC_PSK='your_ipsec_pre_shared_key'
 VPN_USER='your_vpn_username'
 VPN_PASSWORD='your_very_secure_password'
 
-# Be sure to read *important notes* at the URL below:
+# Be sure to read IMPORTANT NOTES at the URL below:
 # https://github.com/hwdsl2/setup-ipsec-vpn#important-notes
 
 # ------------------------------------------------------------
 
 if [ "$(uname)" = "Darwin" ]; then
   echo 'DO NOT run this script on your Mac! It should only be run on a dedicated server / VPS'
-  echo 'or a newly-created EC2 instance, after you have modified it to set the variables above.'
+  echo 'or a newly-created EC2 instance, after you have edited the variables above.'
   exit 1
 fi
 
@@ -107,11 +107,11 @@ PRIVATE_IP=$(wget --retry-connrefused -t 3 -T 15 -qO- 'http://169.254.169.254/la
 # Check IPs for correct format
 IP_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
 if ! printf %s "$PUBLIC_IP" | grep -Eq "$IP_REGEX"; then
-  echo "Cannot find valid public IP, please edit the script and manually enter."
+  echo "Cannot find valid public IP. Edit the script and manually enter."
   exit 1
 fi
 if ! printf %s "$PRIVATE_IP" | grep -Eq "$IP_REGEX"; then
-  echo "Cannot find valid private IP, please edit the script and manually enter."
+  echo "Cannot find valid private IP. Edit the script and manually enter."
   exit 1
 fi
 
@@ -182,16 +182,12 @@ cat > /etc/ipsec.conf <<EOF
 version 2.0
 
 config setup
-  dumpdir=/var/run/pluto/
-  nat_traversal=yes
   virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24
-  oe=off
   protostack=netkey
   nhelpers=0
   interfaces=%defaultroute
 
 conn vpnpsk
-  connaddrfamily=ipv4
   auto=add
   left=$PRIVATE_IP
   leftid=$PUBLIC_IP
@@ -227,11 +223,6 @@ cat > /etc/xl2tpd/xl2tpd.conf <<EOF
 [global]
 port = 1701
 
-;debug avp = yes
-;debug network = yes
-;debug state = yes
-;debug tunnel = yes
-
 [lns default]
 ip range = 192.168.42.10-192.168.42.250
 local ip = 192.168.42.1
@@ -239,7 +230,6 @@ require chap = yes
 refuse pap = yes
 require authentication = yes
 name = l2tpd
-;ppp debug = yes
 pppoptfile = /etc/ppp/options.xl2tpd
 length bit = yes
 EOF
@@ -319,12 +309,11 @@ cat > /etc/sysconfig/iptables <<EOF
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
-:ICMPALL - [0:0]
 -A INPUT -m conntrack --ctstate INVALID -j DROP
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -d 127.0.0.0/8 -j REJECT
--A INPUT -p icmp --icmp-type 255 -j ICMPALL
+-A INPUT -p icmp -j ACCEPT
 -A INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT
 -A INPUT -p tcp --dport 22 -j ACCEPT
 -A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
@@ -337,13 +326,6 @@ cat > /etc/sysconfig/iptables <<EOF
 # If you wish to allow traffic between VPN clients themselves, uncomment this line:
 # -A FORWARD -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j ACCEPT
 -A FORWARD -j DROP
--A ICMPALL -p icmp -f -j DROP
--A ICMPALL -p icmp --icmp-type 0 -j ACCEPT
--A ICMPALL -p icmp --icmp-type 3 -j ACCEPT
--A ICMPALL -p icmp --icmp-type 4 -j ACCEPT
--A ICMPALL -p icmp --icmp-type 8 -j ACCEPT
--A ICMPALL -p icmp --icmp-type 11 -j ACCEPT
--A ICMPALL -p icmp -j DROP
 COMMIT
 *nat
 :PREROUTING ACCEPT [0:0]