diff --git a/README-zh.md b/README-zh.md
index b5d56d6..c9129e8 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -153,6 +153,8 @@ wget https://git.io/vpnsetup-amzn -O vpn.sh && sudo sh vpn.sh
 ```
 </details>
 
+在安装成功之后，推荐 <a href="docs/ikev2-howto-zh.md" target="_blank">配置 IKEv2</a>。
+
 **选项 2:** 编辑脚本并提供你自己的 VPN 登录凭证：
 
 <details open>
@@ -197,6 +199,8 @@ sudo sh vpn.sh
 
 **注：** 一个安全的 IPsec PSK 应该至少包含 20 个随机字符。
 
+在安装成功之后，推荐 <a href="docs/ikev2-howto-zh.md" target="_blank">配置 IKEv2</a>。
+
 **选项 3:** 将你自己的 VPN 登录凭证定义为环境变量：
 
 <details open>
@@ -248,11 +252,7 @@ sh vpn.sh
 ```
 </details>
 
-在安装成功之后，推荐配置 IKEv2。更多信息请参见 <a href="docs/ikev2-howto-zh.md" target="_blank">IKEv2 指南</a>。
-
-```bash
-wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto
-```
+在安装成功之后，推荐 <a href="docs/ikev2-howto-zh.md" target="_blank">配置 IKEv2</a>。
 
 **注：** 如果无法通过 `wget` 下载，你也可以打开 <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a>，<a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a> 或者 <a href="vpnsetup_amzn.sh" target="_blank">vpnsetup_amzn.sh</a>，然后点击右方的 **`Raw`** 按钮。按快捷键 `Ctrl-A` 全选， `Ctrl-C` 复制，然后粘贴到你喜欢的编辑器。
 
diff --git a/README.md b/README.md
index 8ad64c7..8d4262a 100644
--- a/README.md
+++ b/README.md
@@ -153,6 +153,8 @@ wget https://git.io/vpnsetup-amzn -O vpn.sh && sudo sh vpn.sh
 ```
 </details>
 
+After successful installation, it is recommended to <a href="docs/ikev2-howto.md" target="_blank">set up IKEv2</a>.
+
 **Option 2:** Edit the script and provide your own VPN credentials:
 
 <details open>
@@ -197,6 +199,8 @@ sudo sh vpn.sh
 
 **Note:** A secure IPsec PSK should consist of at least 20 random characters.
 
+After successful installation, it is recommended to <a href="docs/ikev2-howto.md" target="_blank">set up IKEv2</a>.
+
 **Option 3:** Define your VPN credentials as environment variables:
 
 <details open>
@@ -248,11 +252,7 @@ sh vpn.sh
 ```
 </details>
 
-After successful installation, it is recommended to set up IKEv2. Refer to the <a href="docs/ikev2-howto.md" target="_blank">IKEv2 guide</a> for more details.
-
-```bash
-wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto
-```
+After successful installation, it is recommended to <a href="docs/ikev2-howto.md" target="_blank">set up IKEv2</a>.
 
 **Note:** If unable to download via `wget`, you may also open <a href="vpnsetup.sh" target="_blank">vpnsetup.sh</a>, <a href="vpnsetup_centos.sh" target="_blank">vpnsetup_centos.sh</a> or <a href="vpnsetup_amzn.sh" target="_blank">vpnsetup_amzn.sh</a>, and click the **`Raw`** button on the right. Press `Ctrl-A` to select all, `Ctrl-C` to copy, then paste into your favorite editor.
 
diff --git a/docs/clients-zh.md b/docs/clients-zh.md
index 5f7be8d..365c296 100644
--- a/docs/clients-zh.md
+++ b/docs/clients-zh.md
@@ -2,7 +2,7 @@
 
 *其他语言版本: [English](clients.md), [简体中文](clients-zh.md).*
 
-**注：** 你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐），或者使用更高效的 [IPsec/XAuth 模式](clients-xauth-zh.md) 连接。
+**注：** 你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐），或者使用 [IPsec/XAuth 模式](clients-xauth-zh.md) 连接。
 
 在成功 <a href="../README-zh.md" target="_blank">搭建自己的 VPN 服务器</a> 之后，按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持，无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。
 
@@ -18,6 +18,8 @@
 
 ## Windows
 
+**注：** 你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐）。
+
 ### Windows 10 and 8.x
 
 1. 右键单击系统托盘中的无线/网络图标。
@@ -86,6 +88,8 @@ Add-VpnConnection -Name 'My IPsec VPN' -ServerAddress '你的 VPN 服务器 IP'
 
 ## OS X
 
+**注：** 你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐），或者使用 [IPsec/XAuth 模式](clients-xauth-zh.md) 连接。
+
 1. 打开系统偏好设置并转到网络部分。
 1. 在窗口左下角单击 **+** 按钮。
 1. 从 **接口** 下拉菜单选择 **VPN**。
@@ -110,6 +114,8 @@ Add-VpnConnection -Name 'My IPsec VPN' -ServerAddress '你的 VPN 服务器 IP'
 
 ## Android
 
+**注：** 你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐），或者使用 [IPsec/XAuth 模式](clients-xauth-zh.md) 连接。
+
 1. 启动 **设置** 应用程序。
 1. 单击 **网络和互联网**。或者，如果你使用 Android 7 或更早版本，在 **无线和网络** 部分单击 **更多...**。
 1. 单击 **VPN**。
@@ -133,6 +139,8 @@ VPN 连接成功后，会在通知栏显示图标。最后你可以到 <a href="
 
 ## iOS
 
+**注：** 你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐），或者使用 [IPsec/XAuth 模式](clients-xauth-zh.md) 连接。
+
 1. 进入设置 -> 通用 -> VPN。
 1. 单击 **添加VPN配置...**。
 1. 单击 **类型** 。选择 **L2TP** 并返回。
@@ -170,6 +178,8 @@ VPN 连接成功后，网络状态图标上会出现 VPN 指示。最后你可
 
 ## Linux
 
+**注：** 你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐）。
+
 ### Ubuntu Linux
 
 Ubuntu 18.04 和更新版本用户可以使用 `apt` 安装 <a href="https://packages.ubuntu.com/search?keywords=network-manager-l2tp-gnome" target="_blank">network-manager-l2tp-gnome</a> 软件包，然后通过 GUI 配置 IPsec/L2TP VPN 客户端。Ubuntu 16.04 用户可能需要添加 `nm-l2tp` PPA，参见 <a href="https://medium.com/@hkdb/ubuntu-16-04-connecting-to-l2tp-over-ipsec-via-network-manager-204b5d475721" target="_blank">这里</a>。
@@ -198,7 +208,7 @@ VPN 连接成功后，你可以到 <a href="https://www.ipchicken.com" target="_
 
 ### Fedora 和 CentOS
 
-Fedora 28 （和更新版本）和 CentOS 8/7 用户可以使用更高效的 [IPsec/XAuth](clients-xauth-zh.md#linux) 模式连接。
+Fedora 28（和更新版本）和 CentOS 8/7 用户可以使用 [IPsec/XAuth](clients-xauth-zh.md) 模式连接。
 
 ### 其它 Linux
 
@@ -400,24 +410,24 @@ ipsec whack --trafficstatus
 
 ## 使用命令行配置 Linux VPN 客户端
 
-在成功 <a href="../README-zh.md" target="_blank">搭建自己的 VPN 服务器</a> 之后，按照下面的步骤来使用命令行配置 Linux VPN 客户端。另外，你也可以 [使用图形界面](#linux) 配置。以下步骤是基于 [Peter Sanford 的工作](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c)。这些命令必须在你的 VPN 客户端上使用 `root` 账户运行。
+在成功 <a href="../README-zh.md" target="_blank">搭建自己的 VPN 服务器</a> 之后，按照下面的步骤来使用命令行配置 Linux VPN 客户端。另外，你也可以 [配置 IKEv2](ikev2-howto-zh.md)（推荐），或者 [使用图形界面](#linux) 配置。以下步骤是基于 [Peter Sanford 的工作](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c)。这些命令必须在你的 VPN 客户端上使用 `root` 账户运行。
 
 要配置 VPN 客户端，首先安装以下软件包：
 
 ```bash
-# Ubuntu & Debian
+# Ubuntu and Debian
 apt-get update
-apt-get -y install strongswan xl2tpd net-tools
+apt-get install strongswan xl2tpd net-tools
 
-# CentOS & RHEL
-yum -y install epel-release
-yum --enablerepo=epel -y install strongswan xl2tpd net-tools
+# CentOS
+yum install epel-release
+yum --enablerepo=epel install strongswan xl2tpd net-tools
 
 # Fedora
-yum -y install strongswan xl2tpd net-tools
+yum install strongswan xl2tpd net-tools
 ```
 
-创建 VPN 变量 （替换为你自己的值）：
+创建 VPN 变量（替换为你自己的值）：
 
 ```bash
 VPN_SERVER_IP='你的VPN服务器IP'
@@ -451,7 +461,7 @@ EOF
 
 chmod 600 /etc/ipsec.secrets
 
-# For CentOS/RHEL & Fedora ONLY
+# For CentOS and Fedora ONLY
 mv /etc/strongswan/ipsec.conf /etc/strongswan/ipsec.conf.old 2>/dev/null
 mv /etc/strongswan/ipsec.secrets /etc/strongswan/ipsec.secrets.old 2>/dev/null
 ln -s /etc/ipsec.conf /etc/strongswan/ipsec.conf
@@ -510,10 +520,10 @@ service xl2tpd restart
 开始 IPsec 连接：
 
 ```bash
-# Ubuntu & Debian
+# Ubuntu and Debian
 ipsec up myvpn
 
-# CentOS/RHEL & Fedora
+# CentOS and Fedora
 strongswan up myvpn
 ```
 
@@ -569,11 +579,11 @@ route del default dev ppp0
 要断开连接：
 
 ```bash
-# Ubuntu & Debian
+# Ubuntu and Debian
 echo "d myvpn" > /var/run/xl2tpd/l2tp-control
 ipsec down myvpn
 
-# CentOS/RHEL & Fedora
+# CentOS and Fedora
 echo "d myvpn" > /var/run/xl2tpd/l2tp-control
 strongswan down myvpn
 ```
diff --git a/docs/clients.md b/docs/clients.md
index d755793..bfbd88f 100644
--- a/docs/clients.md
+++ b/docs/clients.md
@@ -2,7 +2,7 @@
 
 *Read this in other languages: [English](clients.md), [简体中文](clients-zh.md).*
 
-**Note:** You may also [set up IKEv2](ikev2-howto.md) (recommended), or connect using the faster [IPsec/XAuth mode](clients-xauth.md).
+**Note:** You may also [set up IKEv2](ikev2-howto.md) (recommended), or connect using [IPsec/XAuth mode](clients-xauth.md).
 
 After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure your devices. IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows. There is no additional software to install. Setup should only take a few minutes. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly.
 
@@ -18,6 +18,8 @@ After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">settin
 
 ## Windows
 
+**Note:** You may also [set up IKEv2](ikev2-howto.md) (recommended).
+
 ### Windows 10 and 8.x
 
 1. Right-click on the wireless/network icon in your system tray.
@@ -86,6 +88,8 @@ If you get an error when trying to connect, see <a href="#troubleshooting">Troub
 
 ## OS X
 
+**Note:** You may also [set up IKEv2](ikev2-howto.md) (recommended), or connect using [IPsec/XAuth mode](clients-xauth.md).
+
 1. Open System Preferences and go to the Network section.
 1. Click the **+** button in the lower-left corner of the window.
 1. Select **VPN** from the **Interface** drop-down menu.
@@ -109,6 +113,8 @@ If you get an error when trying to connect, see <a href="#troubleshooting">Troub
 
 ## Android
 
+**Note:** You may also [set up IKEv2](ikev2-howto.md) (recommended), or connect using [IPsec/XAuth mode](clients-xauth.md).
+
 1. Launch the **Settings** application.
 1. Tap "Network & internet". Or, if using Android 7 or earlier, tap **More...** in the **Wireless & networks** section.
 1. Tap **VPN**.
@@ -132,6 +138,8 @@ If you get an error when trying to connect, see <a href="#troubleshooting">Troub
 
 ## iOS
 
+**Note:** You may also [set up IKEv2](ikev2-howto.md) (recommended), or connect using [IPsec/XAuth mode](clients-xauth.md).
+
 1. Go to Settings -> General -> VPN.
 1. Tap **Add VPN Configuration...**.
 1. Tap **Type**. Select **L2TP** and go back.
@@ -169,6 +177,8 @@ If you get an error when trying to connect, see <a href="#troubleshooting">Troub
 
 ## Linux
 
+**Note:** You may also [set up IKEv2](ikev2-howto.md) (recommended).
+
 ### Ubuntu Linux
 
 Ubuntu 18.04 (and newer) users can install the <a href="https://packages.ubuntu.com/search?keywords=network-manager-l2tp-gnome" target="_blank">network-manager-l2tp-gnome</a> package using `apt`, then configure the IPsec/L2TP VPN client using the GUI. Ubuntu 16.04 users may need to add the `nm-l2tp` PPA, read more <a href="https://medium.com/@hkdb/ubuntu-16-04-connecting-to-l2tp-over-ipsec-via-network-manager-204b5d475721" target="_blank">here</a>.
@@ -197,7 +207,7 @@ If you get an error when trying to connect, try <a href="https://github.com/nm-l
 
 ### Fedora and CentOS
 
-Fedora 28 (and newer) and CentOS 8/7 users can connect using the faster [IPsec/XAuth](clients-xauth.md#linux) mode.
+Fedora 28 (and newer) and CentOS 8/7 users can connect using [IPsec/XAuth](clients-xauth.md) mode.
 
 ### Other Linux
 
@@ -399,21 +409,21 @@ ipsec whack --trafficstatus
 
 ## Configure Linux VPN clients using the command line
 
-After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure Linux VPN clients using the command line. Alternatively, you may configure [using the GUI](#linux). Instructions below are based on [the work of Peter Sanford](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c). Commands must be run as `root` on your VPN client.
+After <a href="https://github.com/hwdsl2/setup-ipsec-vpn" target="_blank">setting up your own VPN server</a>, follow these steps to configure Linux VPN clients using the command line. Alternatively, you may [set up IKEv2](ikev2-howto.md) (recommended), or configure [using the GUI](#linux). Instructions below are based on [the work of Peter Sanford](https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c). Commands must be run as `root` on your VPN client.
 
 To set up the VPN client, first install the following packages:
 
 ```bash
-# Ubuntu & Debian
+# Ubuntu and Debian
 apt-get update
-apt-get -y install strongswan xl2tpd net-tools
+apt-get install strongswan xl2tpd net-tools
 
-# CentOS & RHEL
-yum -y install epel-release
-yum --enablerepo=epel -y install strongswan xl2tpd net-tools
+# CentOS
+yum install epel-release
+yum --enablerepo=epel install strongswan xl2tpd net-tools
 
 # Fedora
-yum -y install strongswan xl2tpd net-tools
+yum install strongswan xl2tpd net-tools
 ```
 
 Create VPN variables (replace with actual values):
@@ -450,7 +460,7 @@ EOF
 
 chmod 600 /etc/ipsec.secrets
 
-# For CentOS/RHEL & Fedora ONLY
+# For CentOS and Fedora ONLY
 mv /etc/strongswan/ipsec.conf /etc/strongswan/ipsec.conf.old 2>/dev/null
 mv /etc/strongswan/ipsec.secrets /etc/strongswan/ipsec.secrets.old 2>/dev/null
 ln -s /etc/ipsec.conf /etc/strongswan/ipsec.conf
@@ -509,10 +519,10 @@ service xl2tpd restart
 Start the IPsec connection:
 
 ```bash
-# Ubuntu & Debian
+# Ubuntu and Debian
 ipsec up myvpn
 
-# CentOS/RHEL & Fedora
+# CentOS and Fedora
 strongswan up myvpn
 ```
 
@@ -567,11 +577,11 @@ route del default dev ppp0
 To disconnect:
 
 ```bash
-# Ubuntu & Debian
+# Ubuntu and Debian
 echo "d myvpn" > /var/run/xl2tpd/l2tp-control
 ipsec down myvpn
 
-# CentOS/RHEL & Fedora
+# CentOS and Fedora
 echo "d myvpn" > /var/run/xl2tpd/l2tp-control
 strongswan down myvpn
 ```
diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index b809caf..f134a8f 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -318,6 +318,7 @@ openssl pkcs12 -in vpnclient.p12 -nocerts -nodes  -out vpnclient.key
 rm vpnclient.p12
 
 # （重要）保护证书和私钥文件
+# 注：这一步是可选的，但强烈推荐。
 sudo chown root.root ikev2vpnca.cer vpnclient.cer vpnclient.key
 sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
 ```
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index ee9c9bf..a4f1ea6 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -320,6 +320,7 @@ openssl pkcs12 -in vpnclient.p12 -nocerts -nodes  -out vpnclient.key
 rm vpnclient.p12
 
 # (Important) Protect certificate and private key files
+# Note: This step is optional, but strongly recommended.
 sudo chown root.root ikev2vpnca.cer vpnclient.cer vpnclient.key
 sudo chmod 600 ikev2vpnca.cer vpnclient.cer vpnclient.key
 ```