Update docs

namibia · Jan 19, 2021 · 9e56048 · 9e56048
1 parent 427dbaf
commit 9e56048
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 4 deletions.
diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
@@ -499,14 +499,23 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto
 
 ## 移除 IKEv2
 
-如果你想要从 VPN 服务器移除 IKEv2，但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式，按照以下步骤操作。这些命令必须用 `root` 账户运行。请注意，这将删除所有的 IKEv2 配置，并且**不可撤销**！
+如果你想要从 VPN 服务器移除 IKEv2，但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式，请重新运行 [辅助脚本](#使用辅助脚本) 并选择 "Remove IKEv2" 选项。请注意，这将删除所有的 IKEv2 配置（包括证书），并且**不可撤销**！
+
+<details>
+<summary>
+另外，你也可以手动移除 IKEv2。点这里查看步骤。
+</summary>
+
+要手动从 VPN 服务器移除 IKEv2，但是保留 [IPsec/L2TP](clients-zh.md) 和 [IPsec/XAuth ("Cisco IPsec")](clients-xauth-zh.md) 模式，按照以下步骤操作。这些命令必须用 `root` 账户运行。请注意，这将删除所有的 IKEv2 配置（包括证书），并且**不可撤销**！
 
 1. 重命名（或者删除）IKEv2 配置文件：
 
    ```bash
    mv /etc/ipsec.d/ikev2.conf /etc/ipsec.d/ikev2.conf.bak
    ```
 
+   **注：** 如果你使用了较旧版本（2020-05-31 之前）的 IKEv2 辅助脚本或者配置说明，文件 `/etc/ipsec.d/ikev2.conf` 可能不存在。在该情况下，请移除文件 `/etc/ipsec.conf` 中的 `conn ikev2-cp` 部分。
+
 1. **（重要）重启 IPsec 服务**：
 
    ```bash
@@ -535,6 +544,7 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto
    ```bash
    certutil -D -d sql:/etc/ipsec.d -n "Nickname"
    ```
+</details>
 
 ## 参考链接
 

diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
@@ -88,7 +88,7 @@ First, securely transfer the generated `.mobileconfig` file to your Mac, then do
 
 <details>
 <summary>
-If you manually set up IKEv2 without using the helper script, click here to see instructions.
+If you manually set up IKEv2 without using the helper script, click here for instructions.
 </summary>
 
 First, securely transfer the generated `.p12` file to your Mac, then double-click to import into the **login** keychain in **Keychain Access**. Next, double-click on the imported `IKEv2 VPN CA` certificate, expand **Trust** and select **Always Trust** from the **IP Security (IPsec)** drop-down menu. Close the dialog using the red "X" on the top-left corner. When prompted, use Touch ID or enter your password and click "Update Settings".
@@ -134,7 +134,7 @@ When finished, check to make sure "IKEv2 VPN configuration" is listed under Sett
 
 <details>
 <summary>
-If you manually set up IKEv2 without using the helper script, click here to see instructions.
+If you manually set up IKEv2 without using the helper script, click here for instructions.
 </summary>
 
 First, securely transfer the generated `ikev2vpnca.cer` and `.p12` files to your iOS device, then import them one by one as iOS profiles. To transfer the files, you may use:
@@ -499,14 +499,23 @@ Before continuing, you **must** restart the IPsec service. The IKEv2 setup on th
 
 ## Remove IKEv2
 
-If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, follow these steps. Commands must be run as `root`. Note that this will delete all IKEv2 configuration and **cannot be undone**!
+If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, run the [helper script](#using-helper-scripts) again and select the "Remove IKEv2" option. Note that this will delete all IKEv2 configuration including certificates, and **cannot be undone**!
+
+<details>
+<summary>
+Alternatively, you can manually remove IKEv2. Click here for instructions.
+</summary>
+
+To manually remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, follow these steps. Commands must be run as `root`. Note that this will delete all IKEv2 configuration including certificates, and **cannot be undone**!
 
 1. Rename (or delete) the IKEv2 config file:
 
    ```bash
    mv /etc/ipsec.d/ikev2.conf /etc/ipsec.d/ikev2.conf.bak
    ```
 
+   **Note:** If you used an older version (before 2020-05-31) of the IKEv2 helper script or instructions, file `/etc/ipsec.d/ikev2.conf` may not exist. In this case, please instead remove the `conn ikev2-cp` section from file `/etc/ipsec.conf`.
+
 1. **(Important) Restart the IPsec service**:
 
    ```bash
@@ -535,6 +544,7 @@ If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clien
    ```bash
    certutil -D -d sql:/etc/ipsec.d -n "Nickname"
    ```
+</details>
 
 ## References