Update docs

- Add an advanced usage section for customizing VPN subnets.
  Ref: hwdsl2#291

README-zh.md

@@ -317,6 +317,7 @@ docker exec -it ipsec-vpn-server ikev2.sh
 - [访问 Docker 主机上的其它容器](docs/advanced-usage-zh.md#访问-docker-主机上的其它容器)
 - [指定 VPN 服务器的公有 IP](docs/advanced-usage-zh.md#指定-vpn-服务器的公有-ip)
 - [为 VPN 客户端指定静态 IP](docs/advanced-usage-zh.md#为-vpn-客户端指定静态-ip)
+- [自定义 VPN 子网](docs/advanced-usage-zh.md#自定义-vpn-子网)
 - [关于 host network 模式](docs/advanced-usage-zh.md#关于-host-network-模式)
 - [启用 Libreswan 日志](docs/advanced-usage-zh.md#启用-libreswan-日志)
 - [查看服务器状态](docs/advanced-usage-zh.md#查看服务器状态)

README.md

@@ -318,6 +318,7 @@ See [Advanced usage](docs/advanced-usage.md).
 - [Access other containers on the Docker host](docs/advanced-usage.md#access-other-containers-on-the-docker-host)
 - [Specify VPN server's public IP](docs/advanced-usage.md#specify-vpn-servers-public-ip)
 - [Assign static IPs to VPN clients](docs/advanced-usage.md#assign-static-ips-to-vpn-clients)
+- [Customize VPN subnets](docs/advanced-usage.md#customize-vpn-subnets)
 - [About host network mode](docs/advanced-usage.md#about-host-network-mode)
 - [Enable Libreswan logs](docs/advanced-usage.md#enable-libreswan-logs)
 - [Check server status](docs/advanced-usage.md#check-server-status)

docs/advanced-usage-zh.md

@@ -8,6 +8,7 @@
 - [访问 Docker 主机上的其它容器](#访问-docker-主机上的其它容器)
 - [指定 VPN 服务器的公有 IP](#指定-vpn-服务器的公有-ip)
 - [为 VPN 客户端指定静态 IP](#为-vpn-客户端指定静态-ip)
+- [自定义 VPN 子网](#自定义-vpn-子网)
 - [关于 host network 模式](#关于-host-network-模式)
 - [启用 Libreswan 日志](#启用-libreswan-日志)
 - [查看服务器状态](#查看服务器状态)
@@ -144,6 +145,33 @@ VPN_XAUTH_POOL=192.168.43.100-192.168.43.250
 
 **注：** 在你的 `env` 文件中，**不要**为变量值添加 `""` 或者 `''`，或在 `=` 两边添加空格。**不要**在值中使用这些字符： `\ " '`。
 
+## 自定义 VPN 子网
+
+默认情况下，IPsec/L2TP VPN 客户端将使用内部 VPN 子网 `192.168.42.0/24`，而 IPsec/XAuth ("Cisco IPsec") 和 IKEv2 VPN 客户端将使用内部 VPN 子网 `192.168.43.0/24`。有关更多详细信息，请阅读上一节。
+
+对于大多数用例，没有必要也 **不建议** 自定义这些子网。但是，如果你的用例需要它，你可以在 `env` 文件中指定自定义子网，然后你必须重新创建 Docker 容器。
+
+```
+# 示例：为 IPsec/L2TP 模式指定自定义 VPN 子网
+# 注：必须指定所有三个变量。
+VPN_L2TP_NET=10.1.0.0/16
+VPN_L2TP_LOCAL=10.1.0.1
+VPN_L2TP_POOL=10.1.0.10-10.1.254.254
+```
+
+```
+# 示例：为 IPsec/XAuth 和 IKEv2 模式指定自定义 VPN 子网
+# 注：必须指定以下两个变量。
+VPN_XAUTH_NET=10.2.0.0/16
+VPN_XAUTH_POOL=10.2.0.10-10.2.254.254
+```
+
+**注：** 在你的 `env` 文件中，**不要**为变量值添加 `""` 或者 `''`，或在 `=` 两边添加空格。
+
+在上面的例子中，`VPN_L2TP_LOCAL` 是在 IPsec/L2TP 模式下的 VPN 服务器的内部 IP。`VPN_L2TP_POOL` 和 `VPN_XAUTH_POOL` 是为 VPN 客户端自动分配的 IP 地址池。
+
+请注意，如果你在 `env` 文件中指定了 `VPN_XAUTH_POOL`，并且在 Docker 容器中已经配置了 IKEv2，你 **必须** 在重新创建 Docker 容器之前手动编辑容器内的 `/etc/ipsec.d/ikev2.conf` 并将 `rightaddresspool=192.168.43.10-192.168.43.250` 替换为与 `VPN_XAUTH_POOL` **相同的值**。否则 IKEv2 可能会停止工作。
+
 ## 关于 host network 模式
 
 高级用户可以使用 [host network 模式](https://docs.docker.com/network/host/) 运行本镜像，通过为 `docker run` 命令添加 `--network=host` 参数来实现。另外，如果 [不启用 privileged 模式运行](#不启用-privileged-模式运行)，你可能还需要将 `eth0` 替换为你的 Docker 主机的网络接口名称。

docs/advanced-usage.md

@@ -8,6 +8,7 @@
 - [Access other containers on the Docker host](#access-other-containers-on-the-docker-host)
 - [Specify VPN server's public IP](#specify-vpn-servers-public-ip)
 - [Assign static IPs to VPN clients](#assign-static-ips-to-vpn-clients)
+- [Customize VPN subnets](#customize-vpn-subnets)
 - [About host network mode](#about-host-network-mode)
 - [Enable Libreswan logs](#enable-libreswan-logs)
 - [Check server status](#check-server-status)
@@ -144,6 +145,33 @@ Note that if you specify `VPN_XAUTH_POOL` in the `env` file, and IKEv2 is alread
 
 **Note:** In your `env` file, DO NOT put `""` or `''` around values, or add space around `=`. DO NOT use these special characters within values: `\ " '`.
 
+## Customize VPN subnets
+
+By default, IPsec/L2TP VPN clients will use internal VPN subnet `192.168.42.0/24`, while IPsec/XAuth ("Cisco IPsec") and IKEv2 VPN clients will use internal VPN subnet `192.168.43.0/24`. For more details, read the previous section.
+
+For most use cases, it is NOT necessary and NOT recommended to customize these subnets. If your use case requires it, however, you may specify custom subnet(s) in your `env` file, then you must re-create the Docker container.
+
+```
+# Example: Specify custom VPN subnet for IPsec/L2TP mode
+# Note: All three variables must be specified.
+VPN_L2TP_NET=10.1.0.0/16
+VPN_L2TP_LOCAL=10.1.0.1
+VPN_L2TP_POOL=10.1.0.10-10.1.254.254
+```
+
+```
+# Example: Specify custom VPN subnet for IPsec/XAuth and IKEv2 modes
+# Note: Both variables must be specified.
+VPN_XAUTH_NET=10.2.0.0/16
+VPN_XAUTH_POOL=10.2.0.10-10.2.254.254
+```
+
+**Note:** In your `env` file, DO NOT put `""` or `''` around values, or add space around `=`.
+
+In the examples above, `VPN_L2TP_LOCAL` is the VPN server's internal IP for IPsec/L2TP mode. `VPN_L2TP_POOL` and `VPN_XAUTH_POOL` are the pools of auto-assigned IP addresses for VPN clients.
+
+Note that if you specify `VPN_XAUTH_POOL` in the `env` file, and IKEv2 is already set up in the Docker container, you **must** manually edit `/etc/ipsec.d/ikev2.conf` inside the container and replace `rightaddresspool=192.168.43.10-192.168.43.250` with the **same value** as `VPN_XAUTH_POOL`, before re-creating the Docker container. Otherwise, IKEv2 may stop working.
+
 ## About host network mode
 
 Advanced users can run this image in [host network mode](https://docs.docker.com/network/host/), by adding `--network=host` to the `docker run` command. In addition, if [running without privileged mode](#run-without-privileged-mode), you may also need to replace `eth0` with the network interface name of your Docker host.