diff --git a/README.md b/README.md
index b4894c1..12332e3 100644
--- a/README.md
+++ b/README.md
@@ -113,7 +113,7 @@ Get your computer or device to use the VPN. Please refer to:
Configure IPsec/L2TP VPN Clients
Configure IPsec/XAuth ("Cisco IPsec") VPN Clients
-How To: IKEv2 VPN for Windows 7 and newer
+How-To: IKEv2 VPN for Windows 7 and newer
If you get an error when trying to connect, see Troubleshooting.
diff --git a/docs/clients.md b/docs/clients.md
index 23fd067..549d7c5 100644
--- a/docs/clients.md
+++ b/docs/clients.md
@@ -206,7 +206,7 @@ If your system provides the `strongswan` package, refer to the two sections abov
To fix this error, a one-time registry change is required because the VPN server and/or client is behind NAT (e.g. home router). Refer to the linked web page, or run the following from an elevated command prompt. When finished, reboot your PC.
-- For Windows Vista, 7, 8 and 10
+- For Windows Vista, 7, 8.x and 10
```console
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
```
diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index 7adf40a..ec0f572 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -8,9 +8,16 @@
---
-Windows 7 和更新版本 (包括 Windows Phone 8.1 及以上) 支持 IKEv2 和 MOBIKE 标准,通过 Microsoft 的 Agile VPN 功能来实现。因特网密钥交换 (英语:Internet Key Exchange,简称 IKE 或 IKEv2)是一种网络协议,归属于 IPsec 协议族之下,用以创建安全关联 (Security Association, SA)。与 IKE 版本 1 相比较,IKEv2 带来许多功能改进,比如通过 MOBIKE 实现 Standard Mobility 支持,以及更高的可靠性。
+Windows 7 和更新版本支持 IKEv2 协议标准,通过 Microsoft 的 Agile VPN 功能来实现。因特网密钥交换 (英语:Internet Key Exchange,简称 IKE 或 IKEv2)是一种网络协议,归属于 IPsec 协议族之下,用以创建安全关联 (Security Association, SA)。与 IKE 版本 1 相比较,IKEv2 带来许多功能改进,比如通过 MOBIKE 实现 Standard Mobility 支持,以及更高的可靠性。
-Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来对 IKEv2 客户端进行身份验证。该方法无需 IPsec PSK, 用户名或密码。除了 Windows 之外,它也可用于 strongSwan Android VPN 客户端。下面举例说明如何配置 IKEv2。
+Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来对 IKEv2 客户端进行身份验证。该方法无需 IPsec PSK, 用户名或密码。它可以用于以下系统:
+
+- Windows 7, 8.x 和 10
+- Windows Phone 8.1 及以上
+- strongSwan Android VPN 客户端
+- iOS (iPhone/iPad) 和 OS X (macOS) <-- 请参见
+
+下面举例说明如何在 Libreswan 上配置 IKEv2。
首先,请确保你已经成功地搭建了自己的 VPN 服务器。以下命令必须用 `root` 账户运行。
@@ -191,24 +198,31 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
$ service ipsec restart
```
-1. 文件 `vpnclient.p12` 应该被安全的传送到 Windows 客户端计算机,并且导入到 Computer 证书存储。在导入 CA 证书后,它必须被放入(或移动到) "Trusted Root Certification Authorities" 目录的 "Certificates" 子目录中。
+1. 文件 `vpnclient.p12` 应该被安全地传送到 VPN 客户端设备。下一步:
- 详细的操作步骤:
+ #### Windows 7, 8.x 和 10
+
+ 将 `.p12` 文件导入到 Computer 证书存储。在导入 CA 证书后,它必须被放入 "Trusted Root Certification Authorities" 目录的 "Certificates" 子目录中。
+
+ 详细的操作步骤:
https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs
- Windows Phone 8.1 及以上版本用户: 首先导入 `.p12` 文件,然后参照 这些说明 配置一个基于证书的 IKEv2 VPN。
-
- Android 4+ 用户请参见:
- https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVpnClient
-
-1. 在 Windows 计算机上添加一个新的 IKEv2 VPN 连接。
+ 在 Windows 计算机上添加一个新的 IKEv2 VPN 连接:
https://wiki.strongswan.org/projects/strongswan/wiki/Win7Config
-1. 启用新的 IKEv2 VPN 连接,并且开始使用自己的专属 VPN!
+ 启用新的 IKEv2 VPN 连接,并且开始使用自己的专属 VPN!
https://wiki.strongswan.org/projects/strongswan/wiki/Win7Connect
+ #### Windows Phone 8.1 及以上
+
+ 首先导入 `.p12` 文件,然后参照 这些说明 配置一个基于证书的 IKEv2 VPN。
+
+ #### Android 4.x 和更新版本
+
+ 请参见: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVpnClient
+
连接成功后,你可以到 这里 检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
## 已知问题
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index 69ecbaf..498e0f9 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -1,16 +1,23 @@
-# How To: IKEv2 VPN for Windows 7 and newer
+# How-To: IKEv2 VPN for Windows 7 and newer
*Read this in other languages: [English](ikev2-howto.md), [简体中文](ikev2-howto-zh.md).*
---
-**IMPORTANT:** This guide is for **advanced users** ONLY. Other users please use IPsec/L2TP or IPsec/XAuth.
+**IMPORTANT:** This guide is for **Advanced Users** ONLY. Other users please use IPsec/L2TP or IPsec/XAuth.
---
-Windows 7 and newer releases (including Windows Phone 8.1 and newer) support the IKEv2 and MOBIKE standards through Microsoft's Agile VPN functionality. Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a Security Association (SA) in the IPsec protocol suite. Compared to IKE version 1, IKEv2 has many improvements such as Standard Mobility support through MOBIKE, and improved reliability.
+Windows 7 and newer releases support the IKEv2 standard through Microsoft's Agile VPN functionality. Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a Security Association (SA) in the IPsec protocol suite. Compared to IKE version 1, IKEv2 has multiple improvements such as Standard Mobility support through MOBIKE, and improved reliability.
-Libreswan can authenticate IKEv2 clients on the basis of X.509 Machine Certificates using RSA signatures. This method does not require an IPsec PSK, username or password. Besides Windows, it can also be used with strongSwan Android VPN client. The following examples show how to configure IKEv2.
+Libreswan can authenticate IKEv2 clients on the basis of X.509 Machine Certificates using RSA signatures. This method does not require an IPsec PSK, username or password. It can be used with:
+
+- Windows 7, 8.x and 10
+- Windows Phone 8.1 and above
+- strongSwan Android VPN client
+- iOS (iPhone/iPad) and OS X (macOS) <-- See link
+
+The following example shows how to configure IKEv2 with Libreswan.
First, make sure you have successfully set up your VPN server. Commands below must be run as `root`.
@@ -191,29 +198,36 @@ First, make sure you have successfully these instructions to configure a certificate-based IKEv2 VPN.
-
- Android 4+ users please refer to:
- https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVpnClient
-
-1. On the Windows computer, add a new IKEv2 VPN connection.
+ On the Windows computer, add a new IKEv2 VPN connection:
https://wiki.strongswan.org/projects/strongswan/wiki/Win7Config
-1. Start the new IKEv2 VPN connection, and enjoy your own VPN!
+ Start the new IKEv2 VPN connection, and enjoy your own VPN!
https://wiki.strongswan.org/projects/strongswan/wiki/Win7Connect
+ #### Windows Phone 8.1 and above
+
+ First import the `.p12` file, then follow these instructions to configure a certificate-based IKEv2 VPN.
+
+ #### Android 4.x and newer
+
+ Please refer to: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVpnClient
+
Once successfully connected, you can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is `Your VPN Server IP`".
## Known Issues
-The built-in VPN client in Windows 7 and newer does not support IKEv2 fragmentation. On some networks, this can cause the connection to fail with "Error 809", or you may be unable to open any website after connecting. If this happens, first try this workaround. If it doesn't work, please connect using IPsec/L2TP or IPsec/XAuth instead.
+The built-in VPN client in Windows 7 and newer does not support IKEv2 fragmentation. On some networks, this can cause the connection to fail with "Error 809", or you may be unable to open any website after connecting. If this happens, first try this workaround. If it doesn't work, please connect using IPsec/L2TP or IPsec/XAuth mode instead.
## References