diff --git a/extras/ikev2setup.sh b/extras/ikev2setup.sh
index 0268800..7486dae 100755
--- a/extras/ikev2setup.sh
+++ b/extras/ikev2setup.sh
@@ -150,7 +150,7 @@ confirm_or_abort() {
 show_header() {
 cat <<'EOF'
 
-IKEv2 Script   Copyright (c) 2020-2022 Lin Song   16 Feb 2022
+IKEv2 Script   Copyright (c) 2020-2022 Lin Song   18 Feb 2022
 
 EOF
 }
@@ -308,8 +308,7 @@ set_dns_servers() {
 
 show_welcome() {
 cat <<'EOF'
-Welcome! Use this script to set up IKEv2 on your IPsec VPN server.
-
+Welcome! Use this script to set up IKEv2 on your VPN server.
 I need to ask you a few questions before starting setup.
 You can use the default options and just press enter if you are OK with them.
 
@@ -317,20 +316,12 @@ EOF
 }
 
 show_start_setup() {
-  if [ -n "$VPN_DNS_NAME" ] || [ -n "$VPN_CLIENT_NAME" ] || [ -n "$VPN_DNS_SRV1" ]; then
-    bigecho "Starting IKEv2 setup in auto mode."
-    printf '%s' "## Using custom option(s): "
-    [ -n "$VPN_DNS_NAME" ] && printf '%s' "VPN_DNS_NAME "
-    [ -n "$VPN_CLIENT_NAME" ] && printf '%s' "VPN_CLIENT_NAME "
-    if [ -n "$VPN_DNS_SRV1" ] && [ -n "$VPN_DNS_SRV2" ]; then
-      printf '%s' "VPN_DNS_SRV1 VPN_DNS_SRV2"
-    elif [ -n "$VPN_DNS_SRV1" ]; then
-      printf '%s' "VPN_DNS_SRV1"
-    fi
-    echo
-  else
-    bigecho "Starting IKEv2 setup in auto mode, using default options."
+  op_text=default
+  if [ -n "$VPN_DNS_NAME" ] || [ -n "$VPN_CLIENT_NAME" ] \
+    || [ -n "$VPN_DNS_SRV1" ] || [ -n "$VPN_PROTECT_CONFIG" ]; then
+    op_text=custom
   fi
+  bigecho "Starting IKEv2 setup in auto mode, using $op_text options."
 }
 
 show_add_client() {
@@ -517,10 +508,10 @@ enter_custom_dns() {
       echo "Invalid DNS server."
       read -rp "Enter primary DNS server: " dns_server_1
     done
-    read -rp "Enter secondary DNS server (enter to skip): " dns_server_2
+    read -rp "Enter secondary DNS server (Enter to skip): " dns_server_2
     until [ -z "$dns_server_2" ] || check_ip "$dns_server_2"; do
       echo "Invalid DNS server."
-      read -rp "Enter secondary DNS server (enter to skip): " dns_server_2
+      read -rp "Enter secondary DNS server (Enter to skip): " dns_server_2
     done
     if [ -n "$dns_server_2" ]; then
       dns_servers="$dns_server_1 $dns_server_2"
@@ -612,7 +603,7 @@ select_config_password() {
   if [ "$use_config_password" = "0" ]; then
 cat <<'EOF'
 
-IKEv2 client config files contain the client certificate, private key and CA certificate.
+IKEv2 client config contains the client certificate, private key and CA certificate.
 This script can optionally generate a random password to protect these files.
 Future client config files will also be protected using this password.
 
@@ -680,6 +671,11 @@ EOF
   else
     echo "MOBIKE support: Not available"
   fi
+  if [ "$use_config_password" = "1" ]; then
+    echo "Protect client config: Yes"
+  else
+    echo "Protect client config: No"
+  fi
 cat <<EOF
 DNS server(s): $dns_servers
 
@@ -1173,12 +1169,8 @@ print_client_revoked() {
 }
 
 print_setup_complete() {
-  if [ -n "$VPN_DNS_NAME" ] || [ -n "$VPN_CLIENT_NAME" ] || [ -n "$VPN_DNS_SRV1" ]; then
-    printf '\e[2K\r'
-  else
-    printf '\e[2K\e[1A\e[2K\r'
-    [ "$use_defaults" = "1" ] && printf '\e[1A\e[2K\e[1A\e[2K\e[1A\e[2K\r'
-  fi
+  printf '\e[2K\e[1A\e[2K\r'
+  [ "$use_defaults" = "1" ] && printf '\e[1A\e[2K\e[1A\e[2K\e[1A\e[2K\r'
 cat <<EOF
 ================================================
 
@@ -1215,7 +1207,7 @@ EOF
 cat <<'EOF'
 
 Note: No password is required when importing
-client config files.
+client configuration.
 EOF
   fi
 cat <<'EOF'