Update docs

- Update instructions for customizing IKEv2 options during VPN setup.
- Ref: 56078b0

README-zh.md

@@ -130,7 +130,33 @@ sh vpn.sh
 
 <details>
 <summary>
-可选：在安装 VPN 时自定义 IKEv2 选项。
+如果无法下载，请点这里。
+</summary>
+
+你也可以使用 `curl` 下载。例如：
+
+```bash
+curl -fL https://get.vpnsetup.net -o vpn.sh
+sudo sh vpn.sh
+```
+
+或者，你也可以使用这些链接：
+
+```bash
+https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/vpnsetup.sh
+https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/vpnsetup.sh
+```
+
+如果无法下载，打开 [vpnsetup.sh](vpnsetup.sh)，然后点击右边的 `Raw` 按钮。按快捷键 `Ctrl/Cmd+A` 全选，`Ctrl/Cmd+C` 复制，然后粘贴到你喜欢的编辑器。
+</details>
+
+#### 可选：在安装 VPN 时自定义 IKEv2 选项。
+
+在安装 VPN 时，你可以自定义 IKEv2 选项。这是可选的。
+
+<details>
+<summary>
+选项 1: 使用环境变量自定义 IKEv2 选项。
 </summary>
 
 在安装 VPN 时，你可以指定一个域名作为 IKEv2 服务器地址。这是可选的。该域名必须是一个全称域名(FQDN)。示例如下：
@@ -159,24 +185,24 @@ sudo VPN_PROTECT_CONFIG=yes sh vpn.sh
 </details>
 <details>
 <summary>
-如果无法下载，请点这里。
+选项 2: 在安装 VPN 时跳过 IKEv2，然后使用自定义选项配置 IKEv2。
 </summary>
 
-你也可以使用 `curl` 下载。例如：
+在安装 VPN 时，你可以跳过 IKEv2，仅安装 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式：
 
 ```bash
-curl -fL https://get.vpnsetup.net -o vpn.sh
+sudo VPN_SKIP_IKEV2=yes sh vpn.sh
-sudo sh vpn.sh
 ```
 
-或者，你也可以使用这些链接：
+（可选）如需指定另外的 DNS 服务器，请参见上面的选项 1。
+
+然后运行 IKEv2 [辅助脚本](docs/ikev2-howto-zh.md#使用辅助脚本配置-ikev2) 使用自定义选项以交互方式配置 IKEv2:
 
 ```bash
-https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/vpnsetup.sh
+sudo ikev2.sh
-https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/vpnsetup.sh
 ```
 
-如果无法下载，打开 [vpnsetup.sh](vpnsetup.sh)，然后点击右边的 `Raw` 按钮。按快捷键 `Ctrl/Cmd+A` 全选，`Ctrl/Cmd+C` 复制，然后粘贴到你喜欢的编辑器。
+**注：** 如果服务器上已经配置了 IKEv2，则 `VPN_SKIP_IKEV2` 变量无效。在这种情况下，如需自定义 IKEv2 选项，你可以首先 [移除 IKEv2](docs/ikev2-howto-zh.md#移除-ikev2)，然后运行 `sudo ikev2.sh` 重新配置。
 </details>
 
 ## 下一步

README.md

@@ -130,7 +130,33 @@ After setup, you may optionally install [WireGuard](https://github.com/hwdsl2/wi
 
 <details>
 <summary>
-Optional: Customize IKEv2 options during VPN setup.
+Click here if you are unable to download.
+</summary>
+
+You may also use `curl` to download. For example:
+
+```bash
+curl -fL https://get.vpnsetup.net -o vpn.sh
+sudo sh vpn.sh
+```
+
+Alternative setup URLs:
+
+```bash
+https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/vpnsetup.sh
+https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/vpnsetup.sh
+```
+
+If you are unable to download, open [vpnsetup.sh](vpnsetup.sh), then click the `Raw` button on the right. Press `Ctrl/Cmd+A` to select all, `Ctrl/Cmd+C` to copy, then paste into your favorite editor.
+</details>
+
+#### Optional: Customize IKEv2 options during VPN setup.
+
+When installing the VPN, you can optionally customize IKEv2 options.
+
+<details>
+<summary>
+Option 1: Customize IKEv2 options using environment variables.
 </summary>
 
 When installing the VPN, you can optionally specify a DNS name for the IKEv2 server address. The DNS name must be a fully qualified domain name (FQDN). Example:
@@ -159,24 +185,24 @@ sudo VPN_PROTECT_CONFIG=yes sh vpn.sh
 </details>
 <details>
 <summary>
-Click here if you are unable to download.
+Option 2: Skip IKEv2 during VPN setup, then set up IKEv2 using custom options.
 </summary>
 
-You may also use `curl` to download. For example:
+When installing the VPN, you can skip IKEv2 and only install the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes:
 
 ```bash
-curl -fL https://get.vpnsetup.net -o vpn.sh
+sudo VPN_SKIP_IKEV2=yes sh vpn.sh
-sudo sh vpn.sh
 ```
 
-Alternative setup URLs:
+(Optional) If you want to specify custom DNS server(s), refer to option 1 above.
+
+After that, run the IKEv2 [helper script](docs/ikev2-howto.md#set-up-ikev2-using-helper-script) to set up IKEv2 interactively using custom options:
 
 ```bash
-https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/vpnsetup.sh
+sudo ikev2.sh
-https://gitlab.com/hwdsl2/setup-ipsec-vpn/-/raw/master/vpnsetup.sh
 ```
 
-If you are unable to download, open [vpnsetup.sh](vpnsetup.sh), then click the `Raw` button on the right. Press `Ctrl/Cmd+A` to select all, `Ctrl/Cmd+C` to copy, then paste into your favorite editor.
+**Note:** The `VPN_SKIP_IKEV2` variable has no effect if IKEv2 is already set up on the server. In that case, to customize IKEv2 options, you can first [remove IKEv2](docs/ikev2-howto.md#remove-ikev2), then set it up again using `sudo ikev2.sh`.
 </details>
 
 ## Next steps

extras/quickstart.sh

@@ -188,7 +188,7 @@ check_dns() {
 
 check_server_dns() {
   if [ -n "$VPN_DNS_NAME" ] && ! check_dns_name "$VPN_DNS_NAME"; then
-      exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)."
+    exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)."
   fi
 }
 
@@ -266,7 +266,8 @@ run_setup() {
     if ( set -x; wget -t 3 -T 30 -q -O "$tmpdir/vpn.sh" "$setup_url1" \
       || wget -t 3 -T 30 -q -O "$tmpdir/vpn.sh" "$setup_url2" \
       || curl -fsL "$setup_url1" -o "$tmpdir/vpn.sh" 2>/dev/null ); then
-      VPN_IPSEC_PSK="$VPN_IPSEC_PSK" VPN_USER="$VPN_USER" VPN_PASSWORD="$VPN_PASSWORD" \
+      VPN_IPSEC_PSK="$VPN_IPSEC_PSK" VPN_USER="$VPN_USER" \
+      VPN_PASSWORD="$VPN_PASSWORD" \
       VPN_PUBLIC_IP="$VPN_PUBLIC_IP" VPN_L2TP_NET="$VPN_L2TP_NET" \
       VPN_L2TP_LOCAL="$VPN_L2TP_LOCAL" VPN_L2TP_POOL="$VPN_L2TP_POOL" \
       VPN_XAUTH_NET="$VPN_XAUTH_NET" VPN_XAUTH_POOL="$VPN_XAUTH_POOL" \

vpnsetup.sh

@@ -188,7 +188,7 @@ check_dns() {
 
 check_server_dns() {
   if [ -n "$VPN_DNS_NAME" ] && ! check_dns_name "$VPN_DNS_NAME"; then
-      exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)."
+    exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)."
   fi
 }
 
@@ -266,7 +266,8 @@ run_setup() {
     if ( set -x; wget -t 3 -T 30 -q -O "$tmpdir/vpn.sh" "$setup_url1" \
       || wget -t 3 -T 30 -q -O "$tmpdir/vpn.sh" "$setup_url2" \
       || curl -fsL "$setup_url1" -o "$tmpdir/vpn.sh" 2>/dev/null ); then
-      VPN_IPSEC_PSK="$VPN_IPSEC_PSK" VPN_USER="$VPN_USER" VPN_PASSWORD="$VPN_PASSWORD" \
+      VPN_IPSEC_PSK="$VPN_IPSEC_PSK" VPN_USER="$VPN_USER" \
+      VPN_PASSWORD="$VPN_PASSWORD" \
       VPN_PUBLIC_IP="$VPN_PUBLIC_IP" VPN_L2TP_NET="$VPN_L2TP_NET" \
       VPN_L2TP_LOCAL="$VPN_L2TP_LOCAL" VPN_L2TP_POOL="$VPN_L2TP_POOL" \
       VPN_XAUTH_NET="$VPN_XAUTH_NET" VPN_XAUTH_POOL="$VPN_XAUTH_POOL" \

vpnsetup_alpine.sh

@@ -130,7 +130,7 @@ check_dns() {
 
 check_server_dns() {
   if [ -n "$VPN_DNS_NAME" ] && ! check_dns_name "$VPN_DNS_NAME"; then
-      exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)."
+    exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)."
   fi
 }
 

vpnsetup_amzn.sh

@@ -112,7 +112,7 @@ check_dns() {
 
 check_server_dns() {
   if [ -n "$VPN_DNS_NAME" ] && ! check_dns_name "$VPN_DNS_NAME"; then
-      exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)."
+    exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)."
   fi
 }
 

vpnsetup_centos.sh

@@ -158,7 +158,7 @@ check_dns() {
 
 check_server_dns() {
   if [ -n "$VPN_DNS_NAME" ] && ! check_dns_name "$VPN_DNS_NAME"; then
-      exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)."
+    exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)."
   fi
 }
 

vpnsetup_ubuntu.sh

@@ -149,7 +149,7 @@ check_dns() {
 
 check_server_dns() {
   if [ -n "$VPN_DNS_NAME" ] && ! check_dns_name "$VPN_DNS_NAME"; then
-      exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)."
+    exiterr "Invalid DNS name. 'VPN_DNS_NAME' must be a fully qualified domain name (FQDN)."
   fi
 }