Update docs

[ci skip]

README.md

@@ -113,7 +113,7 @@ Get your computer or device to use the VPN. Please refer to:
 <a href="docs/clients.md" target="_blank">Configure IPsec/L2TP VPN Clients</a>   
 <a href="docs/clients-xauth.md" target="_blank">Configure IPsec/XAuth ("Cisco IPsec") VPN Clients</a>
 
-<a href="docs/ikev2-howto.md" target="_blank">How To: IKEv2 VPN for Windows 7 and newer</a>
+<a href="docs/ikev2-howto.md" target="_blank">How-To: IKEv2 VPN for Windows 7 and newer</a>
 
 If you get an error when trying to connect, see <a href="docs/clients.md#troubleshooting" target="_blank">Troubleshooting</a>.
 

docs/clients.md

@@ -206,7 +206,7 @@ If your system provides the `strongswan` package, refer to the two sections abov
 
 To fix this error, a <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required because the VPN server and/or client is behind NAT (e.g. home router). Refer to the linked web page, or run the following from an <a href="http://www.winhelponline.com/blog/open-elevated-command-prompt-windows/" target="_blank">elevated command prompt</a>. When finished, reboot your PC.
 
-- For Windows Vista, 7, 8 and 10
+- For Windows Vista, 7, 8.x and 10
   ```console
   REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
   ```

docs/ikev2-howto-zh.md

@@ -8,9 +8,16 @@
 
 ---
 
-Windows 7 和更新版本 （包括 Windows Phone 8.1 及以上） 支持 IKEv2 和 MOBIKE 标准，通过 Microsoft 的 Agile VPN 功能来实现。因特网密钥交换 （英语：Internet Key Exchange，简称 IKE 或 IKEv2）是一种网络协议，归属于 IPsec 协议族之下，用以创建安全关联 (Security Association, SA)。与 IKE 版本 1 相比较，IKEv2 带来许多<a href="https://en.wikipedia.org/wiki/Internet_Key_Exchange#Improvements_with_IKEv2" target="_blank">功能改进</a>，比如通过 MOBIKE 实现 Standard Mobility 支持，以及更高的可靠性。
+Windows 7 和更新版本支持 IKEv2 协议标准，通过 Microsoft 的 Agile VPN 功能来实现。因特网密钥交换 （英语：Internet Key Exchange，简称 IKE 或 IKEv2）是一种网络协议，归属于 IPsec 协议族之下，用以创建安全关联 (Security Association, SA)。与 IKE 版本 1 相比较，IKEv2 带来许多<a href="https://en.wikipedia.org/wiki/Internet_Key_Exchange#Improvements_with_IKEv2" target="_blank">功能改进</a>，比如通过 MOBIKE 实现 Standard Mobility 支持，以及更高的可靠性。
 
-Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来对 IKEv2 客户端进行身份验证。该方法无需 IPsec PSK, 用户名或密码。除了 Windows 之外，它也可用于 <a href="https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVpnClient" target="_blank">strongSwan Android VPN 客户端</a>。下面举例说明如何配置 IKEv2。
+Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来对 IKEv2 客户端进行身份验证。该方法无需 IPsec PSK, 用户名或密码。它可以用于以下系统：
+
+- Windows 7, 8.x 和 10
+- Windows Phone 8.1 及以上
+- strongSwan Android VPN 客户端
+- <a href="https://github.com/gaomd/docker-ikev2-vpn-server">iOS (iPhone/iPad) 和 OS X (macOS)</a> <-- 请参见
+
+下面举例说明如何在 Libreswan 上配置 IKEv2。
 
 首先，请确保你已经成功地<a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">搭建了自己的 VPN 服务器</a>。以下命令必须用 `root` 账户运行。
 
@@ -191,24 +198,31 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
    $ service ipsec restart
    ```
 
-1. 文件 `vpnclient.p12` 应该被安全的传送到 Windows 客户端计算机，并且导入到 Computer 证书存储。在导入 CA 证书后，它必须被放入（或移动到） "Trusted Root Certification Authorities" 目录的 "Certificates" 子目录中。
+1. 文件 `vpnclient.p12` 应该被安全地传送到 VPN 客户端设备。下一步：
 
-   详细的操作步骤：   
+   #### Windows 7, 8.x 和 10
+
+   将 `.p12` 文件导入到 Computer 证书存储。在导入 CA 证书后，它必须被放入 "Trusted Root Certification Authorities" 目录的 "Certificates" 子目录中。
+
+   详细的操作步骤：  
    https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs
 
-   Windows Phone 8.1 及以上版本用户： 首先导入 `.p12` 文件，然后参照 <a href="https://technet.microsoft.com/en-us/windows/dn673608.aspx" target="_blank">这些说明</a> 配置一个基于证书的 IKEv2 VPN。
-
-   Android 4+ 用户请参见：   
-   https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVpnClient
-
-1. 在 Windows 计算机上添加一个新的 IKEv2 VPN 连接。
+   在 Windows 计算机上添加一个新的 IKEv2 VPN 连接：
 
    https://wiki.strongswan.org/projects/strongswan/wiki/Win7Config
 
-1. 启用新的 IKEv2 VPN 连接，并且开始使用自己的专属 VPN！
+   启用新的 IKEv2 VPN 连接，并且开始使用自己的专属 VPN！
 
    https://wiki.strongswan.org/projects/strongswan/wiki/Win7Connect
 
+   #### Windows Phone 8.1 及以上
+
+   首先导入 `.p12` 文件，然后参照 <a href="https://technet.microsoft.com/en-us/windows/dn673608.aspx" target="_blank">这些说明</a> 配置一个基于证书的 IKEv2 VPN。
+
+   #### Android 4.x 和更新版本
+
+   请参见： https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVpnClient
+
    连接成功后，你可以到 <a href="https://www.ipchicken.com" target="_blank">这里</a> 检测你的 IP 地址，应该显示为`你的 VPN 服务器 IP`。
 
 ## 已知问题

docs/ikev2-howto.md

@@ -1,16 +1,23 @@
-# How To: IKEv2 VPN for Windows 7 and newer
+# How-To: IKEv2 VPN for Windows 7 and newer
 
 *Read this in other languages: [English](ikev2-howto.md), [简体中文](ikev2-howto-zh.md).*
 
 ---
 
-**IMPORTANT:** This guide is for **advanced users** ONLY. Other users please use <a href="clients.md" target="_blank">IPsec/L2TP</a> or <a href="clients-xauth.md" target="_blank">IPsec/XAuth</a>.
+**IMPORTANT:** This guide is for **Advanced Users** ONLY. Other users please use <a href="clients.md" target="_blank">IPsec/L2TP</a> or <a href="clients-xauth.md" target="_blank">IPsec/XAuth</a>.
 
 ---
 
-Windows 7 and newer releases (including Windows Phone 8.1 and newer) support the IKEv2 and MOBIKE standards through Microsoft's Agile VPN functionality. Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a Security Association (SA) in the IPsec protocol suite. Compared to IKE version 1, IKEv2 has <a href="https://en.wikipedia.org/wiki/Internet_Key_Exchange#Improvements_with_IKEv2" target="_blank">many improvements</a> such as Standard Mobility support through MOBIKE, and improved reliability.
+Windows 7 and newer releases support the IKEv2 standard through Microsoft's Agile VPN functionality. Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a Security Association (SA) in the IPsec protocol suite. Compared to IKE version 1, IKEv2 has <a href="https://en.wikipedia.org/wiki/Internet_Key_Exchange#Improvements_with_IKEv2" target="_blank">multiple improvements</a> such as Standard Mobility support through MOBIKE, and improved reliability.
 
-Libreswan can authenticate IKEv2 clients on the basis of X.509 Machine Certificates using RSA signatures. This method does not require an IPsec PSK, username or password. Besides Windows, it can also be used with <a href="https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVpnClient" target="_blank">strongSwan Android VPN client</a>. The following examples show how to configure IKEv2.
+Libreswan can authenticate IKEv2 clients on the basis of X.509 Machine Certificates using RSA signatures. This method does not require an IPsec PSK, username or password. It can be used with:
+
+- Windows 7, 8.x and 10
+- Windows Phone 8.1 and above
+- strongSwan Android VPN client
+- <a href="https://github.com/gaomd/docker-ikev2-vpn-server">iOS (iPhone/iPad) and OS X (macOS)</a> <-- See link
+
+The following example shows how to configure IKEv2 with Libreswan.
 
 First, make sure you have successfully <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">set up your VPN server</a>. Commands below must be run as `root`.
 
@@ -191,29 +198,36 @@ First, make sure you have successfully <a href="https://github.com/hwdsl2/setup-
    $ service ipsec restart
    ```
 
-1. The `vpnclient.p12` file should then be securely transferred to the Windows client computer and imported to the Computer certificate store. The CA cert once imported must be placed (or moved) into the "Certificates" sub-folder under "Trusted Root Certification Authorities".
+1. The `vpnclient.p12` file should then be securely transferred to the VPN client device. Next steps:
+
+   #### Windows 7, 8.x and 10
+
+   Import the `.p12` file to the Computer certificate store. The CA cert once imported must be placed into the "Certificates" sub-folder under "Trusted Root Certification Authorities".
 
    Detailed instructions:   
    https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs
 
-   Users with Windows Phone 8.1 and above: First import the `.p12` file, then follow <a href="https://technet.microsoft.com/en-us/windows/dn673608.aspx" target="_blank">these instructions</a> to configure a certificate-based IKEv2 VPN.
-
-   Android 4+ users please refer to:   
-   https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVpnClient
-
-1. On the Windows computer, add a new IKEv2 VPN connection.
+   On the Windows computer, add a new IKEv2 VPN connection：
 
    https://wiki.strongswan.org/projects/strongswan/wiki/Win7Config
 
-1. Start the new IKEv2 VPN connection, and enjoy your own VPN!
+   Start the new IKEv2 VPN connection, and enjoy your own VPN!
 
    https://wiki.strongswan.org/projects/strongswan/wiki/Win7Connect
 
+   #### Windows Phone 8.1 and above
+
+   First import the `.p12` file, then follow <a href="https://technet.microsoft.com/en-us/windows/dn673608.aspx" target="_blank">these instructions</a> to configure a certificate-based IKEv2 VPN.
+
+   #### Android 4.x and newer
+
+   Please refer to: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVpnClient
+
    Once successfully connected, you can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
 
 ## Known Issues
 
-The built-in VPN client in Windows 7 and newer does not support IKEv2 fragmentation. On some networks, this can cause the connection to fail with "Error 809", or you may be unable to open any website after connecting. If this happens, first try <a href="clients.md#troubleshooting" target="_blank">this workaround</a>. If it doesn't work, please connect using <a href="clients.md" target="_blank">IPsec/L2TP</a> or <a href="clients-xauth.md" target="_blank">IPsec/XAuth</a> instead.
+The built-in VPN client in Windows 7 and newer does not support IKEv2 fragmentation. On some networks, this can cause the connection to fail with "Error 809", or you may be unable to open any website after connecting. If this happens, first try <a href="clients.md#troubleshooting" target="_blank">this workaround</a>. If it doesn't work, please connect using <a href="clients.md" target="_blank">IPsec/L2TP</a> or <a href="clients-xauth.md" target="_blank">IPsec/XAuth</a> mode instead.
 
 ## References