diff --git a/README-zh.md b/README-zh.md
index b4fd6ab..1a842ce 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -20,6 +20,7 @@
- [CentOS & RHEL](#centos--rhel)
- [下一步](#下一步)
- [重要提示](#重要提示)
+- [管理 VPN 用户](#管理-vpn-用户)
- [关于升级Libreswan](#关于升级libreswan)
- [问题和反馈](#问题和反馈)
- [另见](#另见)
@@ -108,14 +109,54 @@ sudo sh vpnsetup_centos.sh
**Android 6 (Marshmallow) 用户** 请参考此文档中的注释: 配置 IPsec/L2TP VPN 客户端。
-如果要创建具有不同凭据的多个 VPN 用户,只需要修改这几行的脚本。
-
在 VPN 已连接时,客户端配置为使用 Google Public DNS。此设置可通过编辑文件 `options.xl2tpd` 和 `ipsec.conf` 来更改。
如果服务器配置了自定义 SSH 端口(不是 22)或其他服务,请在运行脚本前编辑 IPTables 防火墙规则。
这些脚本在更改现有的配置文件之前会先做备份,使用 `.old-日期-时间` 为文件名后缀。
+## 管理 VPN 用户
+
+在默认情况下,将只创建一个用于 VPN 登录的用户账户。如果你需要添加,编辑或者删除用户,请阅读本节。
+
+首先,IPsec PSK (预共享密钥) 保存在文件 `/etc/ipsec.secrets`。如果要更换一个新的 PSK,可以编辑此文件。
+
+```bash
+ %any : PSK ""
+```
+
+对于 `IPsec/L2TP`,VPN 用户账户信息保存在文件 `/etc/ppp/chap-secrets`。该文件的格式如下:
+
+```bash
+"" l2tpd "" *
+"" l2tpd "" *
+... ...
+```
+
+你可以添加更多用户,每个用户对应文件中的一行。**不要**在用户名和密码中使用这些字符:`\ "`
+
+对于 `IPsec/XAuth ("Cisco IPsec")`, VPN 用户账户信息保存在文件 `/etc/ipsec.d/passwd`。该文件的格式如下:
+
+```bash
+::xauth-psk
+::xauth-psk
+... ...
+```
+
+这个文件中的密码以 salted and hashed 的形式保存。该步骤可以借助比如 `openssl` 工具来完成:
+
+```bash
+# The output will be
+openssl passwd -1 ""
+```
+
+在完成修改之后,你必须重新启动相关服务:
+
+```bash
+service ipsec restart
+service xl2tpd restart
+```
+
## 关于升级Libreswan
提供两个额外的脚本 vpnupgrade_Libreswan.sh 和 vpnupgrade_Libreswan_centos.sh ,可用于升级 Libreswan。请关注官方网站,并在运行前根据需要更新 `swan_ver` 变量。
diff --git a/README.md b/README.md
index 0e60ffc..e56588a 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,7 @@ We will use Libreswan as th
- [CentOS & RHEL](#centos--rhel)
- [Next Steps](#next-steps)
- [Important Notes](#important-notes)
+- [Manage VPN Users](#manage-vpn-users)
- [Upgrading Libreswan](#upgrading-libreswan)
- [Bugs & Questions](#bugs--questions)
- [See Also](#see-also)
@@ -108,14 +109,54 @@ For **Windows users**, a one-ti
**Android 6 (Marshmallow) users**: Please see notes in Configure IPsec/L2TP VPN Clients.
-To create multiple VPN users with different credentials, just edit a few lines in the scripts.
-
Clients are set to use Google Public DNS when the VPN is active. To change, edit `options.xl2tpd` and `ipsec.conf`.
For servers with a custom SSH port (not 22) or other services, edit the IPTables rules before using.
The scripts will backup existing config files before making changes, with `.old-date-time` suffix.
+## Manage VPN Users
+
+By default, a single user account for VPN login is created. If you wish to add, edit or remove users, read this section.
+
+First, the IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets`. To change to a new PSK, just edit this file.
+
+```bash
+ %any : PSK ""
+```
+
+For `IPsec/L2TP`, VPN users are specified in `/etc/ppp/chap-secrets`. The format of this file is:
+
+```bash
+"" l2tpd "" *
+"" l2tpd "" *
+... ...
+```
+
+You can add more users, use one line for each user. DO NOT use the characters `\` and `"` inside username or password.
+
+For `IPsec/XAuth ("Cisco IPsec")`, VPN users are specified in `/etc/ipsec.d/passwd`. The format of this file is:
+
+```bash
+::xauth-psk
+::xauth-psk
+... ...
+```
+
+Passwords in this file are salted and hashed. This step can be done using e.g. the `openssl` utility:
+
+```bash
+# The output will be
+openssl passwd -1 ""
+```
+
+When finished, you must restart services with:
+
+```bash
+service ipsec restart
+service xl2tpd restart
+```
+
## Upgrading Libreswan
The additional scripts vpnupgrade_Libreswan.sh and vpnupgrade_Libreswan_centos.sh can be used to upgrade Libreswan. Check the official website and update the `swan_ver` variable as necessary.
diff --git a/docs/enable-multiple-users.txt b/docs/enable-multiple-users.txt
deleted file mode 100644
index 518823a..0000000
--- a/docs/enable-multiple-users.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-To create multiple VPN users with different credentials for IPsec/L2TP,
- find and replace these lines in the script:
-
-cat > /etc/ppp/chap-secrets < /etc/ppp/chap-secrets <