diff --git a/README-zh.md b/README-zh.md
index 70e02ae0ac..a3a9bdd1a1 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -143,7 +143,7 @@ VPN_PASSWORD='你的VPN密码' sh vpnsetup.sh
同一个 VPN 账户可以在你的多个设备上使用。但是由于 IPsec/L2TP 的局限性,如果需要同时连接在同一个 NAT (比如家用路由器)后面的多个设备到 VPN 服务器,你必须仅使用 IPsec/XAuth 模式。
-对于有外部防火墙的服务器(比如 EC2/GCE),请为 VPN 打开 UDP 端口 500 和 4500。
+对于有外部防火墙的服务器(比如 EC2/GCE),请为 VPN 打开 UDP 端口 500 和 4500。阿里云用户请参见 [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433)。
如果需要添加,修改或者删除 VPN 用户账户,请参见 管理 VPN 用户。
@@ -168,6 +168,8 @@ wget https://git.io/vpnupgrade -O vpnupgrade.sh
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh
```
+:warning: VPN 脚本默认安装 Libreswan 3.22,因为新版本 3.23 和 3.25 存在问题,从而不能同时连接在同一个 NAT (比如家用路由器)后面的多个 IPsec/XAuth VPN 客户端。
+
## 问题和反馈
- 有问题需要提问?请先搜索已有的留言,在 这个 Gist 以及 我的博客。
diff --git a/README.md b/README.md
index 6786b1416b..8c37b710d8 100644
--- a/README.md
+++ b/README.md
@@ -143,7 +143,7 @@ For **Windows users**, this IPsec/XAuth mode.
-For servers with an external firewall (e.g. EC2/GCE), open UDP ports 500 and 4500 for the VPN.
+For servers with an external firewall (e.g. EC2/GCE), open UDP ports 500 and 4500 for the VPN. Aliyun users, see [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433).
If you wish to add, edit or remove VPN user accounts, see Manage VPN Users.
@@ -168,6 +168,8 @@ wget https://git.io/vpnupgrade -O vpnupgrade.sh
wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh
```
+:warning: The VPN scripts install Libreswan 3.22 by default, because newer versions 3.23 and 3.25 have issues with connecting multiple IPsec/XAuth VPN clients from behind the same NAT (e.g. home router).
+
## Bugs & Questions
- Got a question? Please first search other people's comments in this Gist and on my blog.
diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md
index 1f2b1b77ef..6e3e1251e4 100644
--- a/docs/ikev2-howto-zh.md
+++ b/docs/ikev2-howto-zh.md
@@ -204,7 +204,7 @@ Libreswan 支持通过使用 RSA 签名算法的 X.509 Machine Certificates 来
1. 启用新的 IKEv2 VPN 连接,并且开始使用 VPN!
https://wiki.strongswan.org/projects/strongswan/wiki/Win7Connect
- 1. (可选步骤) 如需启用更安全的加密方式,可以添加 这个注册表键 并重启。
+ 1. (可选步骤) 如需启用更安全的加密方式,可以添加 这个注册表键 并重启。
1. 连接成功后,你可以到 这里 检测你的 IP 地址,应该显示为`你的 VPN 服务器 IP`。
@@ -217,4 +217,4 @@ Windows 自带的 VPN 客户端不支持 IKEv2 fragmentation。在有些网络
* https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
* https://libreswan.org/wiki/HOWTO:_Using_NSS_with_libreswan
* https://libreswan.org/man/ipsec.conf.5.html
-* https://wiki.strongswan.org/projects/strongswan/wiki/Windows7
+* https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients
diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md
index 710e9f9dc3..f6d730da27 100644
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@@ -204,7 +204,7 @@ Before continuing, make sure you have successfully this registry key and reboot.
+ 1. (Optional) You may enable stronger ciphers by adding this registry key and reboot.
1. Once successfully connected, you can verify that your traffic is being routed properly by looking up your IP address on Google. It should say "Your public IP address is `Your VPN Server IP`".
@@ -217,4 +217,4 @@ The built-in VPN client in Windows does not support IKEv2 fragmentation. On some
* https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
* https://libreswan.org/wiki/HOWTO:_Using_NSS_with_libreswan
* https://libreswan.org/man/ipsec.conf.5.html
-* https://wiki.strongswan.org/projects/strongswan/wiki/Windows7
+* https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients