diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index 7a27bcb..c5d9dbe 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -116,7 +116,7 @@ To customize IKEv2 or client options, run this script without arguments.
 
 *其他语言版本: [English](ikev2-howto.md#configure-ikev2-vpn-clients), [简体中文](ikev2-howto-zh.md#配置-ikev2-vpn-客户端)。*
 
-**注：** 客户端配置文件的密码可以在 IKEv2 辅助脚本的输出中找到。如果你想要添加或者导出 IKEv2 客户端，只需重新运行[辅助脚本](#使用辅助脚本配置-ikev2)。使用参数 `-h` 显示使用信息。
+**注：** 如果要添加或者导出 IKEv2 客户端，只需重新运行[辅助脚本](#使用辅助脚本配置-ikev2)。使用参数 `-h` 显示使用信息。
 
 * [Windows 7, 8, 10 和 11](#windows-7-8-10-和-11)
 * [OS X (macOS)](#os-x-macos)
@@ -126,6 +126,8 @@ To customize IKEv2 or client options, run this script without arguments.
 
 ### Windows 7, 8, 10 和 11
 
+**注：** 如果 IKEv2 辅助脚本的输出中没有包含客户端配置文件的密码，请在提示输入密码时按回车键继续，或者在手动导入 `.p12` 文件时保持密码字段空白。
+
 Windows 8, 10 和 11 用户可以自动导入 IKEv2 配置：
 
 1. 将生成的 `.p12` 文件安全地传送到你的计算机。
@@ -355,7 +357,8 @@ sudo yum --enablerepo=epel install NetworkManager-strongswan-gnome
 
 ```bash
 # 示例：提取 CA 证书，客户端证书和私钥。在完成后可以删除 .p12 文件。
-# 注：你将需要输入 import password，它可以在 IKEv2 辅助脚本的输出中找到。
+# 注：你可能需要输入 import password，它可以在 IKEv2 辅助脚本的输出中找到。
+# 如果在脚本的输出中没有 import password，请按回车键继续。
 openssl pkcs12 -in vpnclient.p12 -cacerts -nokeys -out ikev2vpnca.cer
 openssl pkcs12 -in vpnclient.p12 -clcerts -nokeys -out vpnclient.cer
 openssl pkcs12 -in vpnclient.p12 -nocerts -nodes  -out vpnclient.key
@@ -772,38 +775,10 @@ sudo ikev2.sh --revokeclient [client name]
 
 **另见：** [检查日志及 VPN 状态](clients-zh.md#检查日志及-vpn-状态)，[IKEv1 故障排除](clients-zh.md#故障排除) 和 [高级用法](advanced-usage-zh.md)。
 
-* [在导入时提示密码不正确](#在导入时提示密码不正确)
 * [IKEv2 在一小时后断开连接](#ikev2-在一小时后断开连接)
 * [无法同时连接多个 IKEv2 客户端](#无法同时连接多个-ikev2-客户端)
 * [其它已知问题](#其它已知问题)
 
-### 在导入时提示密码不正确
-
-如果你忘记了客户端配置文件的密码，可以重新 [导出 IKEv2 客户端的配置](#导出已有的客户端的配置)。
-
-Ubuntu 18.04 用户在尝试将生成的 `.p12` 文件导入到 Windows 时可能会遇到错误 "输入的密码不正确"。这是由 `NSS` 中的一个问题导致的。更多信息请看 [这里](https://github.com/hwdsl2/setup-ipsec-vpn/issues/414#issuecomment-460495258)。在 2021-01-21 已更新 IKEv2 辅助脚本以自动应用以下解决方法。
-<details>
-<summary>
-Ubuntu 18.04 上的 NSS 问题的解决方法
-</summary>
-
-**注：** 该解决方法仅适用于运行在 `x86_64` 架构下的 Ubuntu 18.04 系统。
-
-首先安装更新版本的 `libnss3` 相关的软件包：
-
-```
-wget https://mirrors.kernel.org/ubuntu/pool/main/n/nss/libnss3_3.49.1-1ubuntu1.6_amd64.deb
-wget https://mirrors.kernel.org/ubuntu/pool/main/n/nss/libnss3-dev_3.49.1-1ubuntu1.6_amd64.deb
-wget https://mirrors.kernel.org/ubuntu/pool/universe/n/nss/libnss3-tools_3.49.1-1ubuntu1.6_amd64.deb
-apt-get -y update
-apt-get -y install "./libnss3_3.49.1-1ubuntu1.6_amd64.deb" \
- "./libnss3-dev_3.49.1-1ubuntu1.6_amd64.deb" \
- "./libnss3-tools_3.49.1-1ubuntu1.6_amd64.deb"
-```
-
-然后重新 [导出 IKEv2 客户端的配置](#导出已有的客户端的配置)。
-</details>
-
 ### IKEv2 在一小时后断开连接
 
 如果 IKEv2 连接在一小时（60 分钟）后自动断开，可以这样解决：编辑 VPN 服务器上的 `/etc/ipsec.d/ikev2.conf`（如果不存在，编辑 `/etc/ipsec.conf`）。在 `conn ikev2-cp` 一节的末尾添加以下行，开头必须空两格：
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index 4a6e498..5516824 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -116,7 +116,7 @@ To customize IKEv2 or client options, run this script without arguments.
 
 *Read this in other languages: [English](ikev2-howto.md#configure-ikev2-vpn-clients), [简体中文](ikev2-howto-zh.md#配置-ikev2-vpn-客户端).*
 
-**Note:** The password for client configuration files can be found in the output of the IKEv2 helper script. If you want to add or export IKEv2 client(s), just run the [helper script](#set-up-ikev2-using-helper-script) again. Use option `-h` to show usage information.
+**Note:** If you want to add or export IKEv2 client(s), just run the [helper script](#set-up-ikev2-using-helper-script) again. Use option `-h` to show usage information.
 
 * [Windows 7, 8, 10 and 11](#windows-7-8-10-and-11)
 * [OS X (macOS)](#os-x-macos)
@@ -126,6 +126,8 @@ To customize IKEv2 or client options, run this script without arguments.
 
 ### Windows 7, 8, 10 and 11
 
+**Note:** If there is no password for client config files in the output of the IKEv2 helper script, press Enter to continue when prompted for the password, or if manually importing the `.p12` file, leave the password field blank.
+
 Windows 8, 10 and 11 users can automatically import IKEv2 configuration:
 
 1. Securely transfer the generated `.p12` file to your computer.
@@ -356,8 +358,9 @@ Next, securely transfer the generated `.p12` file from the VPN server to your Li
 ```bash
 # Example: Extract CA certificate, client certificate and private key.
 #          You may delete the .p12 file when finished.
-# Note: You will need to enter the import password, which can be found
-#       in the output of the IKEv2 helper script.
+# Note: You may need to enter the import password, which can be found
+#       in the output of the IKEv2 helper script. If the output does not
+#       contain an import password, press Enter to continue.
 openssl pkcs12 -in vpnclient.p12 -cacerts -nokeys -out ikev2vpnca.cer
 openssl pkcs12 -in vpnclient.p12 -clcerts -nokeys -out vpnclient.cer
 openssl pkcs12 -in vpnclient.p12 -nocerts -nodes  -out vpnclient.key
@@ -774,38 +777,10 @@ Before continuing, you **must** restart the IPsec service. The IKEv2 setup on th
 
 **See also:** [Check logs and VPN status](clients.md#check-logs-and-vpn-status), [IKEv1 troubleshooting](clients.md#troubleshooting) and [Advanced usage](advanced-usage.md).
 
-* [Incorrect password when trying to import](#incorrect-password-when-trying-to-import)
 * [IKEv2 disconnects after one hour](#ikev2-disconnects-after-one-hour)
 * [Unable to connect multiple IKEv2 clients](#unable-to-connect-multiple-ikev2-clients)
 * [Other known issues](#other-known-issues)
 
-### Incorrect password when trying to import
-
-If you forgot the password for client config files, you may [export configuration for the IKEv2 client](#export-configuration-for-an-existing-client) again.
-
-Ubuntu 18.04 users may encounter the error "The password you entered is incorrect" when trying to import the generated `.p12` file into Windows. This is due to a bug in `NSS`. Read more [here](https://github.com/hwdsl2/setup-ipsec-vpn/issues/414#issuecomment-460495258). As of 2021-01-21, the IKEv2 helper script was updated to automatically apply the workaround below.
-<details>
-<summary>
-Workaround for the NSS bug on Ubuntu 18.04
-</summary>
-
-**Note:** This workaround should only be used on Ubuntu 18.04 systems running on the `x86_64` architecture.
-
-First, install newer versions of `libnss3` related packages:
-
-```
-wget https://mirrors.kernel.org/ubuntu/pool/main/n/nss/libnss3_3.49.1-1ubuntu1.6_amd64.deb
-wget https://mirrors.kernel.org/ubuntu/pool/main/n/nss/libnss3-dev_3.49.1-1ubuntu1.6_amd64.deb
-wget https://mirrors.kernel.org/ubuntu/pool/universe/n/nss/libnss3-tools_3.49.1-1ubuntu1.6_amd64.deb
-apt-get -y update
-apt-get -y install "./libnss3_3.49.1-1ubuntu1.6_amd64.deb" \
- "./libnss3-dev_3.49.1-1ubuntu1.6_amd64.deb" \
- "./libnss3-tools_3.49.1-1ubuntu1.6_amd64.deb"
-```
-
-After that, [export configuration for the IKEv2 client](#export-configuration-for-an-existing-client) again.
-</details>
-
 ### IKEv2 disconnects after one hour
 
 If the IKEv2 connection disconnects automatically after one hour (60 minutes), apply this fix: Edit `/etc/ipsec.d/ikev2.conf` on the VPN server (or `/etc/ipsec.conf` if it does not exist), append these lines to the end of section `conn ikev2-cp`, indented by two spaces: