diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index 52af43f..804ec20 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -259,11 +259,17 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh
 1. 在 Windows 计算机上添加一个新的 IKEv2 VPN 连接：   
    https://wiki.strongswan.org/projects/strongswan/wiki/Win7Config
 
+1. （可选但推荐）为 IKEv2 启用更强的加密算法，通过修改一次注册表来实现。请下载并导入下面的 `.reg` 文件，或者打开 <a href="http://www.cnblogs.com/xxcanghai/p/4610054.html" target="_blank">提升权限命令提示符</a> 并运行以下命令。更多信息请看 <a href="https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048" target="_blank">这里</a>。
+
+   - 适用于 Windows 7, 8.x 和 10 ([下载 .reg 文件](https://static.ls20.com/reg-files/v1/Enable_Stronger_Ciphers_for_IKEv2_on_Windows.reg))
+
+     ```console
+     REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v NegotiateDH2048_AES256 /t REG_DWORD /d 0x1 /f
+     ```
+
 1. 启用新的 VPN 连接，并且开始使用 IKEv2 VPN！   
    https://wiki.strongswan.org/projects/strongswan/wiki/Win7Connect
 
-1. （可选步骤） 如需启用更强的加密算法，你可以添加注册表键 `NegotiateDH2048_AES256` 并重启。更多信息请看 <a href="https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048" target="_blank">这里</a>。
-
 ### OS X (macOS)
 
 首先，将生成的 `.p12` 文件安全地传送到你的 Mac，然后双击以导入到 **钥匙串访问** 中的 **登录** 钥匙串。下一步，双击导入的 `IKEv2 VPN CA` 证书，展开 **信任** 并从 **IP 安全 (IPsec)** 下拉菜单中选择 **始终信任**。单击左上角的红色 "X" 关闭窗口。根据提示使用触控 ID，或者输入密码并单击 "更新设置"。在完成之后，检查并确保新的客户端证书和 `IKEv2 VPN CA` 都显示在 **登录** 钥匙串 的 **证书** 类别中。
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index 34428dc..8457c48 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -259,11 +259,17 @@ Before continuing, you **must** restart the IPsec service. The IKEv2 setup on th
 1. On the Windows computer, add a new IKEv2 VPN connection:   
    https://wiki.strongswan.org/projects/strongswan/wiki/Win7Config
 
+1. (Optional but recommended) Enable stronger ciphers for IKEv2 with a one-time registry change. Download and import the `.reg` file below, or run the following from an <a href="http://www.winhelponline.com/blog/open-elevated-command-prompt-windows/" target="_blank">elevated command prompt</a>. Read more <a href="https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048" target="_blank">here</a>.
+
+   - For Windows 7, 8.x and 10 ([download .reg file](https://static.ls20.com/reg-files/v1/Enable_Stronger_Ciphers_for_IKEv2_on_Windows.reg))
+
+     ```console
+     REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v NegotiateDH2048_AES256 /t REG_DWORD /d 0x1 /f
+     ```
+
 1. Start the new VPN connection, and enjoy your IKEv2 VPN!   
    https://wiki.strongswan.org/projects/strongswan/wiki/Win7Connect
 
-1. (Optional) Enable stronger ciphers by adding the registry key `NegotiateDH2048_AES256` and reboot. Read more <a href="https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048" target="_blank">here</a>.
-
 ### OS X (macOS)
 
 First, securely transfer the generated `.p12` file to your Mac, then double-click to import into the **login** keychain in **Keychain Access**. Next, double-click on the imported `IKEv2 VPN CA` certificate, expand **Trust** and select **Always Trust** from the **IP Security (IPsec)** drop-down menu. Close the dialog using the red "X" on the top-left corner. When prompted, use Touch ID or enter your password and click "Update Settings". When finished, check to make sure both the new client certificate and `IKEv2 VPN CA` are listed under the **Certificates** category of **login** keychain.