diff --git a/README-zh.md b/README-zh.md
index 85f4ae4..a9011e1 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,6 +1,6 @@
# IPsec VPN 服务器一键安装脚本
-[](https://github.com/hwdsl2/setup-ipsec-vpn/actions/workflows/main.yml) [](https://github.com/hwdsl2/setup-ipsec-vpn/stargazers) [](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md) [](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md)
+[](https://github.com/hwdsl2/setup-ipsec-vpn/actions/workflows/main.yml) [](https://github.com/hwdsl2/setup-ipsec-vpn/stargazers) [](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md) [](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md)
使用 Linux 脚本一键快速搭建自己的 IPsec VPN 服务器。支持 IPsec/L2TP, Cisco IPsec 和 IKEv2 协议。你只需提供自己的 VPN 登录凭证,然后运行脚本自动完成安装。
@@ -98,7 +98,7 @@ curl -fsSL https://git.io/vpnsetup -o vpn.sh && sudo sh vpn.sh
## 安装说明
-首先,更新你的系统:运行 `sudo apt-get update && sudo apt-get dist-upgrade` (Ubuntu/Debian) 或者 `sudo yum update` 并重启。这一步是可选的,但推荐。
+首先,更新你的服务器:运行 `sudo apt-get update && sudo apt-get dist-upgrade` (Ubuntu/Debian) 或者 `sudo yum update` 并重启。这一步是可选的,但推荐。
要安装 VPN,请从以下选项中选择一个:
@@ -131,6 +131,35 @@ VPN_PASSWORD='你的VPN密码' \
sh vpn.sh
```
+
+
+高级用户可以自定义 IKEv2 选项。
+
+
+高级用户可以指定一个域名作为 IKEv2 模式下的 VPN 服务器地址。这是可选的。该域名必须是一个全称域名(FQDN),它将被包含在生成的服务器证书中。示例如下:
+
+```bash
+sudo VPN_DNS_NAME='vpn.example.com' sh vpn.sh
+```
+
+类似地,你可以指定第一个 IKEv2 客户端的名称。这是可选的。如果未指定,则使用默认值 `vpnclient`。
+
+```bash
+sudo VPN_CLIENT_NAME='your_client_name' sh vpn.sh
+```
+
+在 VPN 已连接时,客户端默认配置为使用 [Google Public DNS](https://developers.google.com/speed/public-dns/)。高级用户可以为所有的 VPN 模式指定另外的 DNS 服务器。这是可选的。示例如下:
+
+```bash
+sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 sh vpn.sh
+```
+
+默认情况下,导入 IKEv2 客户端配置时不需要密码。你可以选择使用随机密码保护客户端配置文件。这是可选的。示例如下:
+
+```bash
+sudo VPN_PROTECT_CONFIG=yes sh vpn.sh
+```
+
如果无法通过 wget 下载,点这里查看解决方案。
diff --git a/README.md b/README.md
index 87f1cca..148d647 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
# IPsec VPN Server Auto Setup Scripts
-[](https://github.com/hwdsl2/setup-ipsec-vpn/actions/workflows/main.yml) [](https://github.com/hwdsl2/setup-ipsec-vpn/stargazers) [](https://github.com/hwdsl2/docker-ipsec-vpn-server) [](https://github.com/hwdsl2/docker-ipsec-vpn-server)
+[](https://github.com/hwdsl2/setup-ipsec-vpn/actions/workflows/main.yml) [](https://github.com/hwdsl2/setup-ipsec-vpn/stargazers) [](https://github.com/hwdsl2/docker-ipsec-vpn-server) [](https://github.com/hwdsl2/docker-ipsec-vpn-server)
Set up your own IPsec VPN server in just a few minutes, with IPsec/L2TP, Cisco IPsec and IKEv2. All you need to do is provide your own VPN credentials, and let the scripts handle the rest.
@@ -98,7 +98,7 @@ A pre-built [Docker image](https://github.com/hwdsl2/docker-ipsec-vpn-server) is
## Installation
-First, update your system with `sudo apt-get update && sudo apt-get dist-upgrade` (Ubuntu/Debian) or `sudo yum update` and reboot. This is optional, but recommended.
+First, update your server with `sudo apt-get update && sudo apt-get dist-upgrade` (Ubuntu/Debian) or `sudo yum update` and reboot. This is optional, but recommended.
To install the VPN, please choose one of the following options:
@@ -131,6 +131,35 @@ VPN_PASSWORD='your_vpn_password' \
sh vpn.sh
```
+
+
+Advanced users can customize IKEv2 options.
+
+
+Advanced users can optionally specify a DNS name to be used as the VPN server address for IKEv2 mode. The DNS name must be a fully qualified domain name (FQDN). It will be included in the generated server certificate. Example:
+
+```bash
+sudo VPN_DNS_NAME='vpn.example.com' sh vpn.sh
+```
+
+Similarly, you may optionally specify a name for the first IKEv2 client. The default is `vpnclient` if not specified.
+
+```bash
+sudo VPN_CLIENT_NAME='your_client_name' sh vpn.sh
+```
+
+By default, clients are set to use [Google Public DNS](https://developers.google.com/speed/public-dns/) when the VPN is active. Advanced users may optionally specify custom DNS server(s) for all VPN modes. Example:
+
+```bash
+sudo VPN_DNS_SRV1=1.1.1.1 VPN_DNS_SRV2=1.0.0.1 sh vpn.sh
+```
+
+By default, no password is required when importing IKEv2 client configuration. You may optionally choose to protect client config files using a random password. Example:
+
+```bash
+sudo VPN_PROTECT_CONFIG=yes sh vpn.sh
+```
+
Click here if you are unable to download using wget.