From ad1c635ca3a1ca7140da4337bb4e17c2dd0d5dc7 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Sat, 6 Feb 2021 15:18:01 -0600
Subject: [PATCH] Update IKEv2 docs

- Android 6.0 and older devices require additional instructions
  for IKEv2. Ref: #930
---
 docs/ikev2-howto-zh.md | 8 ++++++++
 docs/ikev2-howto.md    | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index a616164..adefe37 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -219,6 +219,14 @@ To customize IKEv2 or client options, run this script without arguments.
 1. 单击 **导入**。
 1. 单击新的 VPN 配置文件以开始连接。
 
+<details>
+<summary>
+如果你的设备运行 Android 6.0 或更早版本，点这里查看额外的步骤。
+</summary>
+
+如果你的设备运行 Android 6.0 (Marshmallow) 或更早版本，要使用 strongSwan VPN 客户端连接，你必须更改 VPN 服务器上的以下设置：编辑服务器上的 `/etc/ipsec.d/ikev2.conf`。在 `conn ikev2-cp` 小节的末尾添加 `authby=rsa-sha1`，开头必须空两格。保存文件并运行 `service ipsec restart`。
+</details>
+
 （可选功能）你可以选择启用 Android 上的 "始终开启的 VPN" 功能。启动 **设置** 应用程序，进入 网络和互联网 -> 高级 -> VPN，单击 "strongSwan VPN 客户端" 右边的设置图标，然后启用 **始终开启的 VPN** 以及 **屏蔽未使用 VPN 的所有连接** 选项。
 
 <details>
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index eac1364..e377b43 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -219,6 +219,14 @@ If you get an error when trying to connect, see [Troubleshooting](#troubleshooti
 1. Tap **IMPORT**.
 1. Tap the new VPN profile to connect.
 
+<details>
+<summary>
+If your device runs Android 6.0 or older, click here for additional instructions.
+</summary>
+
+If your device runs Android 6.0 (Marshmallow) or older, in order to connect using the strongSwan VPN client, you must make the following change on the VPN server: Edit `/etc/ipsec.d/ikev2.conf` on the server. Append `authby=rsa-sha1` to the end of the `conn ikev2-cp` section, indented by two spaces. Save the file and run `service ipsec restart`.
+</details>
+
 (Optional feature) You can choose to enable the "Always-on VPN" feature on Android. Launch the **Settings** app, go to Network & internet -> Advanced -> VPN, click the gear icon on the right of "strongSwan VPN Client", then enable the **Always-on VPN** and **Block connections without VPN** options.
 
 <details>