diff --git a/README-zh.md b/README-zh.md
index 886b9de..a28c81c 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -5,7 +5,7 @@
使用 Linux Shell 脚本一键搭建 IPsec/L2TP VPN 服务器。适用于 Ubuntu 16.04/14.04/12.04,Debian 8 和 CentOS 6/7 系统。
你只需提供以下的信息: `IPSEC_PSK` , `VPN_USER` 和 `VPN_PASSWORD` ,然后运行脚本自动完成安装。
-我们将使用 Libreswan 作为 IPsec 服务器,以及 xl2tpd 作为 L2TP 提供者。
+我们将使用 Libreswan 作为 IPsec 服务器,以及 xl2tpd 作为 L2TP 提供者。
#### 详细的 VPN 教程请参见我的博客文章
@@ -26,10 +26,9 @@
- CentOS 7 (x86_64) with Updates HVM
- CentOS 6 (x86_64) with Updates HVM
-**- 或者 -**
+**-或者-**
-一个专用服务器,或者基于 KVM/Xen 的虚拟专用服务器 (VPS),使用以下操作系统:
- (注: 推荐在一个全新安装的系统上运行这些脚本)
+一个专用服务器,或者基于 KVM/Xen 的虚拟专用服务器 (VPS),全新安装:
- Ubuntu 16.04 (Xenial), 14.04 (Trusty) or 12.04 (Precise)
- Debian 8 (Jessie)
- Debian 7 (Wheezy) » 不推荐。必须先运行另一个脚本。
@@ -76,21 +75,19 @@ sudo sh vpnsetup_centos.sh
## 重要提示
-**Windows 用户** 在首次连接之前可能需要更改注册表,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。另外如果遇到`Error 628`,请打开 VPN 连接属性的"安全"选项卡,启用 `CHAP` 选项并禁用 `MS-CHAP v2`。
+**Windows 用户** 在首次连接之前需要修改一次注册表,以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题。另外如果遇到`Error 628`,请打开 VPN 连接属性的"安全"选项卡,启用 `CHAP` 选项并禁用 `MS-CHAP v2`。
-**Android 6 (Marshmallow) 用户**: 安装完成之后,请编辑文件 `/etc/ipsec.conf` 并在 `ike=` 和 `phase2alg=` 两行的结尾添加 `,aes256-sha2_256` 。另外增加一行 `sha2-truncbug=yes` 。每行开头必须空两格。保存修改并运行 `service ipsec restart` 。
+**Android 6 (Marshmallow) 用户**: 请编辑 `/etc/ipsec.conf` 并在 `ike=` 和 `phase2alg=` 两行结尾添加 `,aes256-sha2_256` 。另外增加一行 `sha2-truncbug=yes` 。每行开头必须空两格。保存修改并运行 `service ipsec restart` 。
-**iPhone/iPad 用户**: 在 iOS 的设置菜单,选择 `L2TP` (而不是 `IPSec`) 作为 VPN 类型。如果无法连接,可编辑 `ipsec.conf` 并尝试用 `rightprotoport=17/0` 替换 `rightprotoport=17/%any` 。保存修改并重启 `ipsec` 服务。
+**iPhone/iPad 用户**: 在 iOS 的设置菜单请选择 `L2TP` (而不是 `IPSec`) 作为 VPN 类型。
-如果要创建具有不同凭据的多个 VPN 用户,只需修改这几行的脚本。
+如果要创建具有不同凭据的多个 VPN 用户,只需要修改这几行的脚本。
在 VPN 已连接时,客户端配置为使用 Google Public DNS。此设置可在 `options.xl2tpd` 文件的 `ms-dns` 项更改。
-仅适用于 Amazon EC2 实例:在安全组设置中,请打开 UDP 端口 500 和 4500,以及 TCP 端口 22 (可选,用于 SSH )。
+如果服务器配置了自定义 SSH 端口(不是 22)或其他服务,请在运行脚本前编辑 IPTables 防火墙规则。
-如果你配置了自定义 SSH 端口(不是 22)或希望允许其他服务,请在运行脚本之前编辑 IPTables 防火墙规则。
-
-这些脚本在更改你现有的配置文件之前,会在同一目录下以 `.old-日期-时间` 为后缀做备份。
+这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。
## 关于升级Libreswan
diff --git a/README.md b/README.md
index 03a0f53..297dac5 100644
--- a/README.md
+++ b/README.md
@@ -4,29 +4,9 @@
Scripts for automatic configuration of an IPsec/L2TP VPN server on Ubuntu 16.04/14.04/12.04, Debian 8 and CentOS 6 & 7. All you need to do is providing your own values for `IPSEC_PSK`, `VPN_USER` and `VPN_PASSWORD`, and let them handle the rest.
-We will use Libreswan as the IPsec server, and xl2tpd as the L2TP provider.
+We will use Libreswan as the IPsec server, and xl2tpd as the L2TP provider.
-#### Link to my VPN tutorial with detailed usage instructions
-
-## Table of Contents
-
-- [Author](#author)
-- [Features](#features)
-- [Requirements](#requirements)
-- [Installation](#installation)
- - [Ubuntu & Debian](#ubuntu--debian)
- - [CentOS & RHEL](#centos--rhel)
-- [Next Steps](#next-steps)
-- [Important Notes](#important-notes)
-- [Upgrading Libreswan](#upgrading-libreswan)
-- [Bugs & Questions](#bugs--questions)
-- [License](#license)
-
-## Author
-
-##### Lin Song
-- Final year U.S. PhD candidate seeking opportunities in the industry.
-- View my LinkedIn profile and contact me: www.linkedin.com/in/linsongui
+#### Link to my VPN tutorial with detailed instructions
## Features
@@ -47,8 +27,7 @@ A newly created Amazon EC2
**-OR-**
-A dedicated server or KVM/Xen-based Virtual Private Server (VPS), with the following OS:
- (Note: Starting with a freshly installed system is recommended)
+A dedicated server or KVM/Xen-based Virtual Private Server (VPS), with freshly installed:
- Ubuntu 16.04 (Xenial), 14.04 (Trusty) or 12.04 (Precise)
- Debian 8 (Jessie)
- Debian 7 (Wheezy) » Not recommended. Requires this workaround to work.
@@ -97,19 +76,17 @@ Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
For **Windows users**, a one-time registry change is required if the VPN server and/or client is behind NAT (e.g. home router). In case you see `Error 628`, go to the "Security" tab of VPN connection properties, enable `CHAP` and disable `MS-CHAP v2`.
-**Android 6 (Marshmallow) users**: After install, edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to both `ike=` and `phase2alg=`. Then add a new line `sha2-truncbug=yes`. Indent lines with two spaces. Finally, run `service ipsec restart`.
+**Android 6 (Marshmallow) users**: Edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to both `ike=` and `phase2alg=`. Then add a new line `sha2-truncbug=yes`. Indent lines with two spaces. Finally, run `service ipsec restart`.
-**iPhone/iPad users**: In iOS settings, choose `L2TP` (instead of `IPSec`) as the VPN type. In case you are unable to connect, edit `ipsec.conf` and replace `rightprotoport=17/%any` with `rightprotoport=17/0`. Then restart `ipsec` service.
+**iPhone/iPad users**: In iOS settings, choose `L2TP` (instead of `IPSec`) as the VPN type.
-If you wish to create multiple VPN users with different credentials, just edit a few lines in the scripts.
+To enable multiple VPN users with different credentials, just edit a few lines in the scripts.
Clients are configured to use Google Public DNS when the VPN is active. To change, set `ms-dns` in `options.xl2tpd`.
-For Amazon EC2 instances only: In the security group, open UDP ports 500 & 4500 and TCP port 22 (optional, for SSH).
+For servers with a custom SSH port (not 22) or other services, edit the IPTables rules before using.
-If you configured a custom SSH port (not 22) or wish to allow other services, edit IPTables rules before using the scripts.
-
-The scripts will backup your existing config files before making changes, to the same folder with `.old-date-time` suffix.
+The scripts will backup existing config files before making changes, with `.old-date-time` suffix.
## Upgrading Libreswan
@@ -121,6 +98,12 @@ The additional scripts vpnupgr
- Ask Libreswan (IPsec) related questions on the mailing list, or read these wikis: [1] [2] [3] [4] [5].
- If you found a reproducible bug, open a GitHub Issue to submit a bug report.
+## Author
+
+##### Lin Song
+- Final year U.S. PhD candidate seeking opportunities in Software or Systems Engineering.
+- View my LinkedIn profile and contact me: www.linkedin.com/in/linsongui
+
## License
Copyright (C) 2014-2016 Lin Song 