diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index d25b81a..b5c37a6 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -366,7 +366,7 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
 
 ### RouterOS
 
-**注：** 这些步骤由 [@Unix-User](https://github.com/Unix-User) 提供。
+**注：** 这些步骤由 [@Unix-User](https://github.com/Unix-User) 提供。建议通过 SSH 连接运行终端命令，例如通过 Putty。
 
 1. 将生成的 `.p12` 文件安全地传送到你的计算机。
 
@@ -388,6 +388,29 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
    ![routeros import certificate](images/routeros-import-cert.gif)
    </details>
 
+   或者，你也可以使用终端命令 (empty passphrase):
+
+   ```bash
+   [admin@MikroTik] > /certificate/import file-name=mikrotik.p12
+   passphrase:
+
+     certificates-imported: 2
+     private-keys-imported: 0
+            files-imported: 1
+       decryption-failures: 0
+     keys-with-no-certificate: 0
+
+   [admin@MikroTik] > /certificate/import file-name=mikrotik.p12
+   passphrase:
+
+        certificates-imported: 0
+        private-keys-imported: 1
+               files-imported: 1
+          decryption-failures: 0
+     keys-with-no-certificate: 0
+
+   ```
+
 3. 在 terminal 中运行以下命令。将以下内容替换为你自己的值。
 `YOUR_VPN_SERVER_IP_OR_DNS_NAME` 是你的 VPN 服务器 IP 或域名。
 `IMPORTED_CERTIFICATE` 是上面第 2 步中的证书名称，例如 `vpnclient.p12_0`
@@ -397,23 +420,15 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
 来指定整个网络，或者使用 `192.168.0.10` 来指定仅用于一个设备，依此类推。
 
    ```bash
-   /ip firewall address-list
-   add address=THESE_ADDRESSES_GO_THROUGH_VPN list=local
-   /ip ipsec mode-config
-   add name=ike2-rw responder=no src-address-list=local
-   /ip ipsec policy group
-   add name=ike2-rw
-   /ip ipsec profile
-   add name=ike2-rw
-   /ip ipsec peer
-   add address=YOUR_VPN_SERVER_IP_OR_DNS_NAME exchange-mode=ike2 name=ike2-rw-client profile=ike2-rw
-   /ip ipsec proposal
-   add name=ike2-rw pfs-group=none
-   /ip ipsec identity
-   add auth-method=digital-signature certificate=IMPORTED_CERTIFICATE generate-policy=port-strict mode-config=ike2-rw \
+   /ip firewall address-list add address=THESE_ADDRESSES_GO_THROUGH_VPN list=local
+   /ip ipsec mode-config add name=ike2-rw responder=no src-address-list=local
+   /ip ipsec policy group add name=ike2-rw
+   /ip ipsec profile add name=ike2-rw
+   /ip ipsec peer add address=YOUR_VPN_SERVER_IP_OR_DNS_NAME exchange-mode=ike2 name=ike2-rw-client profile=ike2-rw
+   /ip ipsec proposal add name=ike2-rw pfs-group=none
+   /ip ipsec identity add auth-method=digital-signature certificate=IMPORTED_CERTIFICATE generate-policy=port-strict mode-config=ike2-rw \
        peer=ike2-rw-client policy-template-group=ike2-rw
-   /ip ipsec policy
-   add group=ike2-rw proposal=ike2-rw template=yes
+   /ip ipsec policy add group=ike2-rw proposal=ike2-rw template=yes
    ```
 4. 更多信息请参见 [#1112](https://github.com/hwdsl2/setup-ipsec-vpn/issues/1112#issuecomment-1059628623)。
 
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index 4277776..6d7bb4d 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -368,9 +368,7 @@ If you get an error when trying to connect, see [Troubleshooting](#troubleshooti
 
 ### RouterOS
 
-**Note:** These steps were contributed by [@Unix-User](https://github.com/Unix-User).
-
-It is recommended to use terminal command via SSH connection, eg via Putty.
+**Note:** These steps were contributed by [@Unix-User](https://github.com/Unix-User). It is recommended to run terminal commands via an SSH connection, e.g. via Putty.
 
 1. Securely transfer the generated `.p12` file to your computer.
 
@@ -384,11 +382,20 @@ It is recommended to use terminal command via SSH connection, eg via Putty.
 
 2. In WinBox, go to System > certificates > import. Import the `.p12` certificate file twice (yes, import the same file two times!). Verify in your certificates panel. You will see 2 files, the one that is marked KT is the key.
 
+   <details>
+   <summary>
+   Click to see screencast.
+   </summary>
+
+   ![routeros import certificate](images/routeros-import-cert.gif)
+   </details>
+
    Or you can use terminal instead (empty passphrase):
+
    ```bash
    [admin@MikroTik] > /certificate/import file-name=mikrotik.p12
    passphrase:
-   
+
      certificates-imported: 2
      private-keys-imported: 0
             files-imported: 1
@@ -397,7 +404,7 @@ It is recommended to use terminal command via SSH connection, eg via Putty.
 
    [admin@MikroTik] > /certificate/import file-name=mikrotik.p12
    passphrase:
-   
+
         certificates-imported: 0
         private-keys-imported: 1
                files-imported: 1
@@ -405,15 +412,6 @@ It is recommended to use terminal command via SSH connection, eg via Putty.
      keys-with-no-certificate: 0
 
    ```
-   
-
-   <details>
-   <summary>
-   Click to see screencast.
-   </summary>
-
-   ![routeros import certificate](images/routeros-import-cert.gif)
-   </details>
 
 3. Run these commands in terminal. Replace the following with your own values.
 `YOUR_VPN_SERVER_IP_OR_DNS_NAME` is your VPN server IP or DNS name.