From 65f1bcd726ba3385fd10da258dbfe413459c1edb Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Fri, 30 Sep 2016 11:53:33 -0500
Subject: [PATCH] Update docs

[ci skip]
---
 README-zh.md            | 10 +++++-----
 README.md               | 10 +++++-----
 docs/clients-xauth.md   |  2 +-
 docs/clients-zh.md      | 20 ++++++++++++++------
 docs/clients.md         | 22 +++++++++++++++-------
 docs/ikev2-howto-zh.md  |  7 +++++--
 docs/ikev2-howto.md     |  7 +++++--
 docs/manage-users-zh.md |  2 +-
 docs/manage-users.md    |  2 +-
 9 files changed, 52 insertions(+), 30 deletions(-)

diff --git a/README-zh.md b/README-zh.md
index 2fc9547..0353b43 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -20,8 +20,6 @@ IPsec VPN 可以加密你的网络流量，以防止在通过因特网传送时
 - [功能特性](#功能特性)
 - [系统要求](#系统要求)
 - [安装说明](#安装说明)
-  - [Ubuntu & Debian](#ubuntu--debian)
-  - [CentOS & RHEL](#centos--rhel)
 - [下一步](#下一步)
 - [重要提示](#重要提示)
 - [升级Libreswan](#升级libreswan)
@@ -117,16 +115,18 @@ DigitalOcean 用户可以参考这个<a href="https://usefulpcguide.com/17318/cr
 
 <a href="docs/ikev2-howto-zh.md" target="_blank">如何配置 IKEv2 VPN: Windows 7 和更新版本</a>
 
+如果在连接过程中遇到错误，请参见 <a href="docs/clients-zh.md#故障排除" target="_blank">故障排除</a>。
+
 开始使用自己的专属 VPN ! :sparkles::tada::rocket::sparkles:
 
 ## 重要提示
 
-**Windows 和 Android 6.0/7.0 用户**： 如果在连接过程中遇到错误，请参见 <a href="docs/clients-zh.md#故障排除" target="_blank">故障排除</a>。
+**Windows 和 Android 用户**： 如果在连接过程中遇到错误，请参见 <a href="docs/clients-zh.md#故障排除" target="_blank">故障排除</a>。
+
+同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec 协议的局限性，如果这些设备在同一个 NAT 后面（比如家用路由器），它们无法同时连接到 VPN 服务器。
 
 如果需要添加，修改或者删除 VPN 用户账户，请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a>。
 
-同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec 协议的局限性，如果上述设备属于同一个 NAT 网络（比如家用路由器），它们无法同时连接到 VPN 服务器。
-
 在 VPN 已连接时，客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果偏好其它的域名解析服务，请编辑 `/etc/ppp/options.xl2tpd` 和 `/etc/ipsec.conf` 并替换 `8.8.8.8` 和 `8.8.4.4`。然后重启服务器。
 
 对于有外部防火墙的服务器（比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>），请打开 UDP 端口 500 和 4500，以及 TCP 端口 22 （用于 SSH）。
diff --git a/README.md b/README.md
index ddd036d..b4894c1 100644
--- a/README.md
+++ b/README.md
@@ -20,8 +20,6 @@ We will use <a href="https://libreswan.org/" target="_blank">Libreswan</a> as th
 - [Features](#features)
 - [Requirements](#requirements)
 - [Installation](#installation)
-  - [Ubuntu & Debian](#ubuntu--debian)
-  - [CentOS & RHEL](#centos--rhel)
 - [Next steps](#next-steps)
 - [Important notes](#important-notes)
 - [Upgrade Libreswan](#upgrade-libreswan)
@@ -117,16 +115,18 @@ Get your computer or device to use the VPN. Please refer to:
 
 <a href="docs/ikev2-howto.md" target="_blank">How To: IKEv2 VPN for Windows 7 and newer</a>
 
+If you get an error when trying to connect, see <a href="docs/clients.md#troubleshooting" target="_blank">Troubleshooting</a>.
+
 Enjoy your very own VPN! :sparkles::tada::rocket::sparkles:
 
 ## Important notes
 
-**Windows and Android 6.0/7.0 users**: If you get an error when trying to connect, see <a href="docs/clients.md#troubleshooting" target="_blank">Troubleshooting</a>.
-
-If you wish to add, edit or remove VPN user accounts, refer to <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>.
+**Windows and Android users**: If you get an error when trying to connect, see <a href="docs/clients.md#troubleshooting" target="_blank">Troubleshooting</a>.
 
 The same VPN account can be used by your multiple devices. However, due to a limitation of the IPsec protocol, if these devices are behind the same NAT (e.g. home router), they cannot simultaneously connect to the VPN server.
 
+If you wish to add, edit or remove VPN user accounts, see <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>.
+
 Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `/etc/ppp/options.xl2tpd` and `/etc/ipsec.conf`. Then reboot your server.
 
 For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/compute/docs/networking#firewalls" target="_blank">GCE</a>), open UDP ports 500 & 4500, and TCP port 22 (for SSH).
diff --git a/docs/clients-xauth.md b/docs/clients-xauth.md
index 0a657db..4478d53 100644
--- a/docs/clients-xauth.md
+++ b/docs/clients-xauth.md
@@ -97,7 +97,7 @@ Once connected, you will see a VPN icon in the status bar. You can verify that y
 
 ## Credits
 
-This document was adapted from the <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> project by Joshua Lund and contributors.
+This document was adapted from the <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> project, maintained by Joshua Lund and contributors.
 
 ## License
 
diff --git a/docs/clients-zh.md b/docs/clients-zh.md
index f2a931b..b1a2474 100644
--- a/docs/clients-zh.md
+++ b/docs/clients-zh.md
@@ -17,6 +17,11 @@
   * [Chromebook](#chromebook)
   * [Windows Phone](#windows-phone)
   * [Linux](#linux)
+* [故障排除](#故障排除)
+  * [Windows 错误 809](#windows-错误-809)
+  * [Windows 错误 628](#windows-错误-628)
+  * [Android 6.0 and 7.0](#android-60-and-70)
+  * [其它错误](#其它错误)
 
 ## Windows
 
@@ -32,7 +37,7 @@
 1. 返回 **网络与共享中心**。单击左侧的 **更改适配器设置**。
 1. 右键单击新创建的 VPN 连接，并选择 **属性**。
 1. 单击 **安全** 选项卡，从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
-1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框，并且取消选中所有其它项。
+1. 单击 **允许使用这些协议**。确保选中 "质询握手身份验证协议 (CHAP)" 复选框。
 1. 单击 **高级设置** 按钮。
 1. 单击 **使用预共享密钥作身份验证** 并在 **密钥** 字段中输入`你的 VPN IPsec PSK`。
 1. 单击 **确定** 关闭 **高级设置**。
@@ -58,7 +63,7 @@
 1. 右键单击新创建的 VPN 连接，并选择 **属性**。
 1. 单击 **选项** 选项卡，取消选中 **包括Windows登录域** 复选框。
 1. 单击 **安全** 选项卡，从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
-1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框，并且取消选中所有其它项。
+1. 单击 **允许使用这些协议**。确保选中 "质询握手身份验证协议 (CHAP)" 复选框。
 1. 单击 **高级设置** 按钮。
 1. 单击 **使用预共享密钥作身份验证** 并在 **密钥** 字段中输入`你的 VPN IPsec PSK`。
 1. 单击 **确定** 关闭 **高级设置**。
@@ -220,7 +225,10 @@ sudo route del default dev ppp0
 1. 右键单击系统托盘中的无线/网络图标，选择 **打开网络与共享中心**。
 1. 单击左侧的 **更改适配器设置**。右键单击新的 VPN 连接，并选择 **属性**。
 1. 单击 **安全** 选项卡，从 **VPN 类型** 下拉菜单中选择 "使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)"。
-1. 单击 **允许使用这些协议**。选中 "质询握手身份验证协议 (CHAP)" 复选框，并且取消选中所有其它项。
+1. 单击 **允许使用这些协议**。确保选中 "质询握手身份验证协议 (CHAP)" 复选框。
+1. 单击 **高级设置** 按钮。
+1. 单击 **使用预共享密钥作身份验证** 并在 **密钥** 字段中输入`你的 VPN IPsec PSK`。
+1. 单击 **确定** 关闭 **高级设置**。
 1. 单击 **确定** 保存 VPN 连接的详细信息。
 
 ![Select CHAP in VPN connection properties](images/vpn-properties-zh.png)
@@ -236,9 +244,9 @@ sudo route del default dev ppp0
 
 更多的故障排除信息请参见以下链接：
 
-https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues   
-https://blogs.technet.microsoft.com/rrasblog/2009/08/12/troubleshooting-common-vpn-related-errors/   
-http://www.tp-link.com/en/faq-1029.html
+* https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues   
+* https://blogs.technet.microsoft.com/rrasblog/2009/08/12/troubleshooting-common-vpn-related-errors/   
+* http://www.tp-link.com/en/faq-1029.html
 
 ## 致谢
 
diff --git a/docs/clients.md b/docs/clients.md
index e6ed18f..23fd067 100644
--- a/docs/clients.md
+++ b/docs/clients.md
@@ -17,6 +17,11 @@ An alternative <a href="https://usefulpcguide.com/17318/create-your-own-vpn/" ta
   * [Chromebook](#chromebook)
   * [Windows Phone](#windows-phone)
   * [Linux](#linux)
+* [Troubleshooting](#troubleshooting)
+  * [Windows Error 809](#windows-error-809)
+  * [Windows Error 628](#windows-error-628)
+  * [Android 6.0 and 7.0](#android-60-and-70)
+  * [Other Errors](#other-errors)
 
 ## Windows
 
@@ -32,7 +37,7 @@ An alternative <a href="https://usefulpcguide.com/17318/create-your-own-vpn/" ta
 1. Return to **Network and Sharing Center**. On the left, click **Change adapter settings**.
 1. Right-click on the new VPN entry and choose **Properties**.
 1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for the **Type of VPN**.
-1. Click **Allow these protocols**. Check "Challenge Handshake Authentication Protocol (CHAP)" and uncheck all others.
+1. Click **Allow these protocols**. Be sure to select the "Challenge Handshake Authentication Protocol (CHAP)" checkbox.
 1. Click the **Advanced settings** button.
 1. Select **Use preshared key for authentication** and enter `Your VPN IPsec PSK` for the **Key**.
 1. Click **OK** to close the **Advanced settings**.
@@ -58,7 +63,7 @@ An alternative <a href="https://usefulpcguide.com/17318/create-your-own-vpn/" ta
 1. Right-click on the new VPN entry and choose **Properties**.
 1. Click the **Options** tab and uncheck **Include Windows logon domain**.
 1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for the **Type of VPN**.
-1. Click **Allow these protocols**. Check "Challenge Handshake Authentication Protocol (CHAP)" and uncheck all others.
+1. Click **Allow these protocols**. Be sure to select the "Challenge Handshake Authentication Protocol (CHAP)" checkbox.
 1. Click the **Advanced settings** button.
 1. Select **Use preshared key for authentication** and enter `Your VPN IPsec PSK` for the **Key**.
 1. Click **OK** to close the **Advanced settings**.
@@ -220,7 +225,10 @@ To fix this error, please follow these steps:
 1. Right-click on the wireless/network icon in system tray, select **Open Network and Sharing Center**.
 1. On the left, click **Change adapter settings**. Right-click on the new VPN and choose **Properties**.
 1. Click the **Security** tab. Select "Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)" for **Type of VPN**.
-1. Click **Allow these protocols**. Check "Challenge Handshake Authentication Protocol (CHAP)" and uncheck all others.
+1. Click **Allow these protocols**. Be sure to select the "Challenge Handshake Authentication Protocol (CHAP)" checkbox.
+1. Click the **Advanced settings** button.
+1. Select **Use preshared key for authentication** and enter `Your VPN IPsec PSK` for the **Key**.
+1. Click **OK** to close the **Advanced settings**.
 1. Click **OK** to save the VPN connection details.
 
 ![Select CHAP in VPN connection properties](images/vpn-properties.png)
@@ -236,13 +244,13 @@ If you are unable to connect using Android 6.0 (Marshmallow) or 7.0 (Nougat), tr
 
 Refer to the links below for more troubleshooting tips:
 
-https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues   
-https://blogs.technet.microsoft.com/rrasblog/2009/08/12/troubleshooting-common-vpn-related-errors/   
-http://www.tp-link.com/en/faq-1029.html
+* https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues   
+* https://blogs.technet.microsoft.com/rrasblog/2009/08/12/troubleshooting-common-vpn-related-errors/   
+* http://www.tp-link.com/en/faq-1029.html
 
 ## Credits
 
-This document was adapted from the <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> project by Joshua Lund and contributors.
+This document was adapted from the <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> project, maintained by Joshua Lund and contributors.
 
 ## License
 
diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index dfaa753..7adf40a 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -154,7 +154,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
    N
    ```
 
-1. 生成客户端证书，并且导出 p12 文件。该文件包含客户端证书，私钥以及 CA 证书：
+1. 生成客户端证书，并且导出 `.p12` 文件。该文件包含客户端证书，私钥以及 CA 证书：
 
    ```bash
    $ certutil -S -c "Example CA" -n "vpnclient" -s "O=Example,CN=vpnclient" -k rsa -g 4096 -v 36 -d sql:/etc/ipsec.d -t ",," -1 -6 -8 "vpnclient"
@@ -196,7 +196,10 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
    详细的操作步骤：   
    https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs
 
-   Windows Phone 8.1 及以上版本用户： 首先导入 .p12 文件，然后参照 <a href="https://technet.microsoft.com/en-us/windows/dn673608.aspx" target="_blank">这些说明</a> 配置一个基于证书的 IKEv2 VPN。
+   Windows Phone 8.1 及以上版本用户： 首先导入 `.p12` 文件，然后参照 <a href="https://technet.microsoft.com/en-us/windows/dn673608.aspx" target="_blank">这些说明</a> 配置一个基于证书的 IKEv2 VPN。
+
+   Android 4+ 用户请参见：   
+   https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVpnClient
 
 1. 在 Windows 计算机上添加一个新的 IKEv2 VPN 连接。
 
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index 3b283b7..69ecbaf 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -154,7 +154,7 @@ First, make sure you have successfully <a href="https://github.com/hwdsl2/setup-
    N
    ```
 
-1. Generate client certificate(s), and export the p12 file that contains the client certificate, private key, and CA certificate:
+1. Generate client certificate(s), and export the `.p12` file that contains the client certificate, private key, and CA certificate:
 
    ```bash
    $ certutil -S -c "Example CA" -n "vpnclient" -s "O=Example,CN=vpnclient" -k rsa -g 4096 -v 36 -d sql:/etc/ipsec.d -t ",," -1 -6 -8 "vpnclient"
@@ -196,7 +196,10 @@ First, make sure you have successfully <a href="https://github.com/hwdsl2/setup-
    Detailed instructions:   
    https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs
 
-   Users with Windows Phone 8.1 and above: First import the .p12 file, then follow <a href="https://technet.microsoft.com/en-us/windows/dn673608.aspx" target="_blank">these instructions</a> to configure a certificate-based IKEv2 VPN.
+   Users with Windows Phone 8.1 and above: First import the `.p12` file, then follow <a href="https://technet.microsoft.com/en-us/windows/dn673608.aspx" target="_blank">these instructions</a> to configure a certificate-based IKEv2 VPN.
+
+   Android 4+ users please refer to:   
+   https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVpnClient
 
 1. On the Windows computer, add a new IKEv2 VPN connection.
 
diff --git a/docs/manage-users-zh.md b/docs/manage-users-zh.md
index 2ebcdd4..2569180 100644
--- a/docs/manage-users-zh.md
+++ b/docs/manage-users-zh.md
@@ -4,7 +4,7 @@
 
 在默认情况下，将只创建一个用于 VPN 登录的用户账户。如果你需要添加，修改或者删除用户，请阅读本文档。
 
-**注：** 同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec 协议的局限性，如果上述设备属于同一个 NAT 网络（比如家用路由器），它们无法同时连接到 VPN 服务器。即使你创建多个用户也是如此。
+**注：** 同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec 协议的局限性，如果这些设备在同一个 NAT 后面（比如家用路由器），它们无法同时连接到 VPN 服务器，即使你创建多个用户也是如此。对于上述情形，你可以尝试使用 [Shadowsocks](https://github.com/shadowsocks/shadowsocks-libev) / [ShadowsocksR](https://github.com/breakwa11/shadowsocks-rss) 或者 [OpenVPN](https://github.com/Nyr/openvpn-install)。
 
 首先，IPsec PSK (预共享密钥) 保存在文件 `/etc/ipsec.secrets`。如果要更换一个新的 PSK，可以编辑此文件。
 
diff --git a/docs/manage-users.md b/docs/manage-users.md
index 67d1593..2002d7d 100644
--- a/docs/manage-users.md
+++ b/docs/manage-users.md
@@ -4,7 +4,7 @@
 
 By default, a single user account for VPN login is created. If you wish to add, edit or remove users, read this document.
 
-**Note:** The same VPN account can be used by your multiple devices. However, due to a limitation of the IPsec protocol, if these devices are behind the same NAT (e.g. home router), they cannot simultaneously connect to the VPN server. This applies even if you create multiple users.
+**Note:** The same VPN account can be used by your multiple devices. However, due to a limitation of the IPsec protocol, if these devices are behind the same NAT (e.g. home router), they cannot simultaneously connect to the VPN server. This applies even if you create multiple users. For the above use case, try [OpenVPN](https://github.com/Nyr/openvpn-install).
 
 First, the IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets`. To change to a new PSK, just edit this file.