diff --git a/README-zh.md b/README-zh.md
index 1b304b0..307db3f 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -139,7 +139,7 @@ VPN_PASSWORD='你的VPN密码' sh vpnsetup.sh
**Windows 用户** 在首次连接之前需要修改一次注册表,以解决 VPN 服务器 和/或 客户端与 NAT (比如家用路由器)的兼容问题。
-同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要同时连接在同一个 NAT (比如家用路由器)后面的多个设备到 VPN 服务器,你必须仅使用 IPsec/XAuth 模式。另外,你的服务器必须运行 [Libreswan 3.19](#升级libreswan) 或更新版本。
+同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要同时连接在同一个 NAT (比如家用路由器)后面的多个设备到 VPN 服务器,你必须仅使用 IPsec/XAuth 模式。另外,你的服务器必须运行 [Libreswan 3.19](#升级libreswan) 或以上版本。
对于有外部防火墙的服务器(比如 EC2/GCE),请为 VPN 打开 UDP 端口 500 和 4500。
diff --git a/README.md b/README.md
index 441841e..83dadcc 100644
--- a/README.md
+++ b/README.md
@@ -139,7 +139,7 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
For **Windows users**, this one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router).
-The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use only IPsec/XAuth mode. Also, your server must run [Libreswan 3.19](#upgrade-libreswan) or newer versions.
+The same VPN account can be used by your multiple devices. However, due to an IPsec/L2TP limitation, if you wish to connect multiple devices simultaneously from behind the same NAT (e.g. home router), you must use only IPsec/XAuth mode. Also, your server must be running [Libreswan 3.19](#upgrade-libreswan) or above.
For servers with an external firewall (e.g. EC2/GCE), open UDP ports 500 and 4500 for the VPN.
diff --git a/docs/clients-zh.md b/docs/clients-zh.md
index 4de4b6f..2aa7dfc 100644
--- a/docs/clients-zh.md
+++ b/docs/clients-zh.md
@@ -395,9 +395,9 @@ strongswan down myvpn
如果你无法使用 Android 6 (Marshmallow) 或者 7 (Nougat) 连接:
1. 单击 VPN 连接旁边的设置按钮,选择 "Show advanced options" 并且滚动到底部。如果选项 "Backward compatible mode" 存在,请启用它并重试连接。如果不存在,请尝试下一步。
-1. **注:** 最新版本的 VPN 脚本已经包含这些更改。
- 1. (适用于 Android 7.1.2 及以上版本)编辑 VPN 服务器上的 `/etc/ipsec.conf`。在 `ike=` 和 `phase2alg=` 两行的末尾添加 `,aes256-sha2_512` 字样。保存修改并运行 `service ipsec restart`。(参见)
- 1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `phase2alg=...` 并在它下面紧接着添加一行 `sha2-truncbug=yes`,开头必须空两格。保存修改并运行 `service ipsec restart`。(参见)
+1. **注:** 最新版本的 VPN 脚本已经包含这个更改。
+ (适用于 Android 7.1.2 及以上版本) 编辑 VPN 服务器上的 `/etc/ipsec.conf`。在 `ike=` 和 `phase2alg=` 两行的末尾添加 `,aes256-sha2_512` 字样。保存修改并运行 `service ipsec restart`。(参见)
+1. 编辑 VPN 服务器上的 `/etc/ipsec.conf`。找到 `sha2-truncbug=yes` 并将它替换为 `sha2-truncbug=no`,开头必须空两格。保存修改并运行 `service ipsec restart`。(参见)
diff --git a/docs/clients.md b/docs/clients.md
index 4b0ae33..be7091c 100644
--- a/docs/clients.md
+++ b/docs/clients.md
@@ -394,9 +394,9 @@ To fix this error, please follow these steps:
If you are unable to connect using Android 6 (Marshmallow) or 7 (Nougat):
1. Tap the "Settings" icon next to your VPN profile. Select "Show advanced options" and scroll down to the bottom. If the option "Backward compatible mode" exists, enable it and reconnect the VPN. If not, try the next step.
-1. **Note:** The latest versions of VPN scripts already include these changes.
- 1. (For Android 7.1.2 and above) Edit `/etc/ipsec.conf` on the VPN server. Append `,aes256-sha2_512` to the end of both `ike=` and `phase2alg=` lines. Save the file and run `service ipsec restart`. (Ref)
- 1. Edit `/etc/ipsec.conf` on the VPN server. Find `phase2alg=...` and add a new line `sha2-truncbug=yes` immediately below it, indented with two spaces. Save the file and run `service ipsec restart`. (Ref)
+1. **Note:** The latest version of VPN scripts already includes this change.
+ (For Android 7.1.2 and newer) Edit `/etc/ipsec.conf` on the VPN server. Append `,aes256-sha2_512` to the end of both `ike=` and `phase2alg=` lines. Save the file and run `service ipsec restart`. (Ref)
+1. Edit `/etc/ipsec.conf` on the VPN server. Find `sha2-truncbug=yes` and replace it with `sha2-truncbug=no`, indented with two spaces. Save the file and run `service ipsec restart`. (Ref)
