From 454c89d2b5862ab1bb7c9608acbcc10d3bf0a9ac Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Thu, 3 Mar 2022 00:08:40 -0600
Subject: [PATCH] Update docs

---
 docs/ikev2-howto-zh.md | 32 ++++++++++++++++++++++++++
 docs/ikev2-howto.md    | 51 +++++++++++++++++++++---------------------
 2 files changed, 58 insertions(+), 25 deletions(-)

diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index c01fe81..5ea2c86 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -26,6 +26,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
 - iOS (iPhone/iPad)
 - Android 4 和更新版本（使用 strongSwan VPN 客户端）
 - Linux
+- Mikrotik RouterOS
 
 在按照本指南操作之后，你将可以选择三种模式中的任意一种连接到 VPN：IKEv2，以及已有的 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式。
 
@@ -128,6 +129,7 @@ To customize IKEv2 or client options, run this script without arguments.
 * [iOS (iPhone/iPad)](#ios)
 * [Android](#android)
 * [Linux](#linux)
+* [Mikrotik RouterOS](#routeros)
 
 ### Windows 7, 8, 10 和 11
 
@@ -406,6 +408,36 @@ sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
 
 如果在连接过程中遇到错误，请参见 [故障排除](#故障排除)。
 
+### RouterOS
+
+**注：** 这些步骤由 [@Unix-User](https://github.com/Unix-User) 提供。
+
+1. 将生成的 `.p12` 文件安全地传送到你的计算机。
+1. 在 WinBox 中，转到 System > certificates > import.
+1. 将 `.p12` 证书文件导入两次（是的，导入同一个文件两次）。
+1. 在 terminal 中运行以下命令：
+   ```bash
+   /ip ipsec mode-config
+   add name=ike2-rw responder=no
+   /ip ipsec policy group
+   add name=ike2-rw
+   /ip ipsec profile
+   add name=ike2-rw
+   /ip ipsec peer
+   add address=YOUR_SERVER_ADDRESS_OR_DNS exchange-mode=ike2 name=ike2-rw-client profile=ike2-rw
+   /ip ipsec proposal
+   add name=ike2-rw pfs-group=none
+   /ip ipsec identity
+   add auth-method=digital-signature certificate=certificate.p12_1 generate-policy=port-strict mode-config=ike2-rw \
+       peer=ike2-rw-client policy-template-group=ike2-rw
+   /ip ipsec policy
+   add group=ike2-rw proposal=ike2-rw template=yes
+   ```
+
+> 已在以下系统测试   
+> mar/02/2022 12:52:57 by RouterOS 6.48   
+> RouterBOARD 941-2nD
+
 ## 管理客户端证书
 
 * [列出已有的客户端](#列出已有的客户端)
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index 78d5448..7fd4df0 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -129,7 +129,7 @@ To customize IKEv2 or client options, run this script without arguments.
 * [iOS (iPhone/iPad)](#ios)
 * [Android](#android)
 * [Linux](#linux)
-* [RouterOS Mikrotik](#routeros)
+* [Mikrotik RouterOS](#routeros)
 
 ### Windows 7, 8, 10 and 11
 
@@ -410,34 +410,35 @@ Once successfully connected, you can verify that your traffic is being routed pr
 
 If you get an error when trying to connect, see [Troubleshooting](#troubleshooting).
 
-
 ### RouterOS
 
-In winbox, System > certificates > import.
-Import the .p12 certificate file twice(yes import the same file two times!!!)
-Run these in terminal:
-```bash
-/ip ipsec mode-config
-add name=ike2-rw responder=no
-/ip ipsec policy group
-add name=ike2-rw
-/ip ipsec profile
-add name=ike2-rw
-/ip ipsec peer
-add address=YOUR_SERVER_ADDRESS_OR_DNS exchange-mode=ike2 name=ike2-rw-client profile=ike2-rw
-/ip ipsec proposal
-add name=ike2-rw pfs-group=none
-/ip ipsec identity
-add auth-method=digital-signature certificate=certificate.p12_1 generate-policy=port-strict mode-config=ike2-rw \
-    peer=ike2-rw-client policy-template-group=ike2-rw
-/ip ipsec policy
-add group=ike2-rw proposal=ike2-rw template=yes
-```
+**Note:** These steps were contributed by [@Unix-User](https://github.com/Unix-User).
 
+1. Securely transfer the generated `.p12` file to your computer.
+1. In WinBox, go to System > certificates > import.
+1. Import the `.p12` certificate file twice (yes, import the same file two times!).
+1. Run these in terminal:
+   ```bash
+   /ip ipsec mode-config
+   add name=ike2-rw responder=no
+   /ip ipsec policy group
+   add name=ike2-rw
+   /ip ipsec profile
+   add name=ike2-rw
+   /ip ipsec peer
+   add address=YOUR_SERVER_ADDRESS_OR_DNS exchange-mode=ike2 name=ike2-rw-client profile=ike2-rw
+   /ip ipsec proposal
+   add name=ike2-rw pfs-group=none
+   /ip ipsec identity
+   add auth-method=digital-signature certificate=certificate.p12_1 generate-policy=port-strict mode-config=ike2-rw \
+       peer=ike2-rw-client policy-template-group=ike2-rw
+   /ip ipsec policy
+   add group=ike2-rw proposal=ike2-rw template=yes
+   ```
 
-tested on
-mar/02/2022 12:52:57 by RouterOS 6.48
-RouterBOARD 941-2nD
+> tested on   
+> mar/02/2022 12:52:57 by RouterOS 6.48   
+> RouterBOARD 941-2nD
 
 ## Manage client certificates