diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md index 49a6fe8..0ec54e2 100644 --- a/docs/ikev2-howto-zh.md +++ b/docs/ikev2-howto-zh.md @@ -44,7 +44,7 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto *其他语言版本: [English](ikev2-howto.md#configure-ikev2-vpn-clients), [简体中文](ikev2-howto-zh.md#配置-ikev2-vpn-客户端).* -**注:** 如果你在配置 IKEv2 时指定了服务器的域名(而不是 IP 地址),则必须在 **服务器地址** 和 **远程 ID** 字段中输入该域名(如果适用)。如果要为更多的客户端生成证书,只需重新运行[辅助脚本](#使用辅助脚本)。或者你可以看 [这一小节](#手动在-vpn-服务器上配置-ikev2) 的第 4 步。 +**注:** 如果你在配置 IKEv2 时指定了服务器的域名(而不是 IP 地址),则必须在 **服务器地址** 和 **远程 ID** 字段中输入该域名(如果适用)。如果要为更多的客户端生成证书,或者为一个已有的客户端导出配置,只需重新运行[辅助脚本](#使用辅助脚本)。 * [Windows 7, 8.x 和 10](#windows-7-8x-和-10) * [OS X (macOS)](#os-x-macos) @@ -199,11 +199,11 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto ### 添加一个客户端证书 -如果要为更多的客户端生成证书,只需重新运行 [辅助脚本](#使用辅助脚本)。或者你可以看 [这一小节](#手动在-vpn-服务器上配置-ikev2) 的第 4 步。 +如果要为更多的 IKEv2 VPN 客户端生成证书,只需重新运行 [辅助脚本](#使用辅助脚本)。或者你可以看 [这一小节](#手动在-vpn-服务器上配置-ikev2) 的第 4 步。 -### 导出一个客户端证书 +### 导出一个已有的客户端的配置 -在默认情况下,[IKEv2 辅助脚本](#使用辅助脚本) 在运行后会导出客户端证书。如果你想要手动导出一个客户端证书,首先检查证书数据库:`certutil -L -d sql:/etc/ipsec.d`,然后参见 [这一小节](#手动在-vpn-服务器上配置-ikev2) 第 4 步中的 "导出 `.p12` 文件"。 +在默认情况下,[IKEv2 辅助脚本](#使用辅助脚本) 在运行后会导出客户端配置。如果之后你想要为一个已有的客户端导出配置,重新运行辅助脚本并选择适当的选项。 ### 吊销一个客户端证书 diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md index b8d154c..f4ef092 100644 --- a/docs/ikev2-howto.md +++ b/docs/ikev2-howto.md @@ -44,7 +44,7 @@ The script must be run usi *Read this in other languages: [English](ikev2-howto.md#configure-ikev2-vpn-clients), [简体中文](ikev2-howto-zh.md#配置-ikev2-vpn-客户端).* -**Note:** If you specified the server's DNS name (instead of its IP address) during IKEv2 setup, you must enter the DNS name in the **Server** and **Remote ID** fields (if applicable). If you want to generate certificates for additional VPN clients, just run the [helper script](#using-helper-scripts) again. Or you may refer to step 4 in [this section](#manually-set-up-ikev2-on-the-vpn-server). +**Note:** If you specified the server's DNS name (instead of its IP address) during IKEv2 setup, you must enter the DNS name in the **Server** and **Remote ID** fields (if applicable). If you want to generate certificates for additional VPN clients, or export configuration for an existing client, just run the [helper script](#using-helper-scripts) again. * [Windows 7, 8.x and 10](#windows-7-8x-and-10) * [OS X (macOS)](#os-x-macos) @@ -199,11 +199,11 @@ Once successfully connected, you can verify that your traffic is being routed pr ### Add a client certificate -If you want to generate certificates for additional VPN clients, just run the [helper script](#using-helper-scripts) again. Or you may refer to step 4 in [this section](#manually-set-up-ikev2-on-the-vpn-server). +If you want to generate certificates for additional IKEv2 VPN clients, just run the [helper script](#using-helper-scripts) again. Or you may refer to step 4 in [this section](#manually-set-up-ikev2-on-the-vpn-server). -### Export a client certificate +### Export configuration for an existing client -By default, the [IKEv2 helper script](#using-helper-scripts) exports client certificates after running. If you want to manually export a client certificate, first check the database with `certutil -L -d sql:/etc/ipsec.d`, then refer to "export `.p12` file" in step 4 of [this section](#manually-set-up-ikev2-on-the-vpn-server). +By default, the [IKEv2 helper script](#using-helper-scripts) exports client configuration after running. If later you want to export configuration for an existing client, run the helper script again and select the appropriate option. ### Revoke a client certificate