diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index dde93b2..06c0b83 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -8,7 +8,7 @@
---
-Windows 7 和更新版本支持 IKEv2 协议标准,通过 Microsoft 的 Agile VPN 功能来实现。因特网密钥交换 (英语:Internet Key Exchange,简称 IKE 或 IKEv2)是一种网络协议,归属于 IPsec 协议族之下,用以创建安全关联 (Security Association, SA)。与 IKE 版本 1 相比较,IKEv2 的功能改进包括比如通过 MOBIKE 实现 Standard Mobility 支持,以及更高的可靠性。另外,IKEv2 支持同时连接在同一个 NAT(比如家用路由器)后面的多个设备到 VPN 服务器。
+Windows 7 和更新版本支持 IKEv2 协议标准,通过 Microsoft 的 Agile VPN 功能来实现。因特网密钥交换 (英语:Internet Key Exchange,简称 IKE 或 IKEv2)是一种网络协议,归属于 IPsec 协议族之下,用以创建安全关联 (Security Association, SA)。与 IKE 版本 1 相比较,IKEv2 的功能改进包括比如通过 MOBIKE 实现 Standard Mobility 支持,以及更高的可靠性。
Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来对 IKEv2 客户端进行身份验证。该方法无需 IPsec PSK, 用户名或密码。它可以用于以下系统:
@@ -189,7 +189,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
**注:** 如需显示证书内容,可使用 `certutil -L -d sql:/etc/ipsec.d -n "Nickname"`。要删除一个证书,将 `-L` 换成 `-D`。更多的 `certutil` 使用说明请看 这里。
-1. **重启 IPsec 服务**:
+1. **(重要)重启 IPsec 服务**:
```bash
$ service ipsec restart
@@ -266,6 +266,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
1. Windows 自带的 VPN 客户端可能不支持 IKEv2 fragmentation。在有些网络上,这可能会导致连接错误或其它连接问题。你可以尝试换用 IPsec/L2TP 或 IPsec/XAuth 模式连接。
1. 如果你使用 strongSwan Android VPN 客户端,则必须将服务器上的 Libreswan 升级到版本 3.26 或以上。
+1. 目前还不支持同时连接在同一个 NAT (比如家用路由器)后面的多个 IKEv2 客户端。对于这个用例,请换用 IPsec/XAuth 模式。
## 参考链接
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index d42b476..0699e81 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -8,7 +8,7 @@
---
-Windows 7 and newer releases support the IKEv2 standard through Microsoft's Agile VPN functionality. Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a Security Association (SA) in the IPsec protocol suite. Compared to IKE version 1, IKEv2 contains improvements such as Standard Mobility support through MOBIKE, and improved reliability. In addition, IKEv2 supports connecting multiple devices simultaneously from behind the same NAT (e.g. home router) to the VPN server.
+Windows 7 and newer releases support the IKEv2 standard through Microsoft's Agile VPN functionality. Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a Security Association (SA) in the IPsec protocol suite. Compared to IKE version 1, IKEv2 contains improvements such as Standard Mobility support through MOBIKE, and improved reliability.
Libreswan can authenticate IKEv2 clients on the basis of X.509 Machine Certificates using RSA signatures. This method does not require an IPsec PSK, username or password. It can be used with:
@@ -189,7 +189,7 @@ Before continuing, make sure you have successfully this page.
-1. **Restart IPsec service**:
+1. **(Important) Restart IPsec service**:
```bash
$ service ipsec restart
@@ -266,6 +266,7 @@ Before continuing, make sure you have successfully IPsec/L2TP or IPsec/XAuth mode.
1. If using the strongSwan Android VPN client, you must upgrade Libreswan on your server to version 3.26 or above.
+1. Connecting multiple IKEv2 clients simultaneously from behind the same NAT (e.g. home router) is not supported at this time. For this use case, please instead use IPsec/XAuth mode.
## References