diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index 94674f0..65551ef 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -283,6 +283,7 @@ VPN 服务器上的 IKEv2 配置到此已完成。按照下面的步骤配置你
1. Windows 自带的 VPN 客户端可能不支持 IKEv2 fragmentation。在有些网络上,这可能会导致连接错误或其它连接问题。你可以尝试换用 IPsec/L2TP 或 IPsec/XAuth 模式。
1. 如果你使用 strongSwan Android VPN 客户端,则必须将服务器上的 Libreswan 升级 到版本 3.26 或以上。
+1. 如果你的 VPN 客户端可以连接但是无法打开任何网站,可以尝试编辑服务器上的 `/etc/ipsec.conf`。找到 `conn ikev2-cp` 部分的 `phase2alg=` 一行并删除 `aes_gcm-null,`。保存文件并运行 `service ipsec restart`。
1. Ubuntu 18.04 和 CentOS 用户在尝试将生成的 `.p12` 文件导入到 Windows 时可能会遇到错误 "输入的密码不正确"。这是由 `NSS` 中的一个问题导致的。更多信息请看 这里。
1. 目前还不支持同时连接在同一个 NAT (比如家用路由器)后面的多个 IKEv2 客户端。对于这个用例,请换用 IPsec/XAuth 模式。
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index 422cd4c..3c4d9d7 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -283,6 +283,7 @@ Once successfully connected, you can verify that your traffic is being routed pr
1. The built-in VPN client in Windows may not support IKEv2 fragmentation. On some networks, this can cause the connection to fail or have other issues. You may instead try the IPsec/L2TP or IPsec/XAuth mode.
1. If using the strongSwan Android VPN client, you must upgrade Libreswan on your server to version 3.26 or above.
+1. If your VPN client can connect but cannot open any website, try editing `/etc/ipsec.conf` on the VPN server. Find the line `phase2alg=` under section `conn ikev2-cp` and delete `aes_gcm-null,`. Save the file and run `service ipsec restart`.
1. Ubuntu 18.04 and CentOS users may encounter the error "The password you entered is incorrect" when trying to import the generated `.p12` file into Windows. This is due to a bug in `NSS`. Read more here.
1. Connecting multiple IKEv2 clients simultaneously from behind the same NAT (e.g. home router) is not supported at this time. For this use case, please instead use IPsec/XAuth mode.