From 8ee69d6e7f8d4eb36cf545b32691a120d699de86 Mon Sep 17 00:00:00 2001
From: racks <racks@noreply.localhost>
Date: Fri, 25 Jul 2025 17:09:55 +0200
Subject: [PATCH] Update README.md

---
 README.md | 44 +++++++++++++++++++++++++-------------------
 1 file changed, 25 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index 78144d7..9d7b613 100644
--- a/README.md
+++ b/README.md
@@ -78,36 +78,38 @@ vim pawdance-client.conf
 Example **client** config:
 
 ```bash
-# pawdance client example config
-ROLE="client"
+# ---------------------------------------------------------------------------
+# pawdance
+# ---------------------------------------------------------------------------
+ROLE="client"              # client or server
 
-# How to reach the server
-CONNECT_MODE="dns"           # dns | ip | auto
-REMOTE_HOST="vps.your.domain"
-# REMOTE_CONNECT_IP4="203.0.113.42"
+CONNECT_MODE="auto"         # dns|ip|auto
+REMOTE_HOST="vpn.example.com"   # used when dns/auto
+# REMOTE_CONNECT_IP4="203.0.113.42"   # used when ip/auto with no REMOTE_HOST.
 # REMOTE_CONNECT_IP6="2001:db8::42"
-CONNECT_PREFER="ipv4"         # auto | ipv4 | ipv6
+CONNECT_PREFER="auto"       # auto|ipv4|ipv6
 
-REMOTE_USER="stinky"
+# --- SSH authentication -----------------------------------------------------
+REMOTE_USER="youruser"
+SSH_KEY_MODE="false"        # true = pass explicit key; false = default chain
+SSH_KEY="/home/alice/.ssh/id_ed25519" # only if SSH_KEY_MODE=true
 
-# Tunnel interface
+# --- Tunnel parameters ------------------------------------------------------
 TUN_INDEX="1"
 TUN_DEV="tun${TUN_INDEX}"
-
 LOCAL_IP4="10.0.1.2/24"
 REMOTE_IP4="10.0.1.1"
-
 LOCAL_IP6="2001:db8:1::2/64"
 REMOTE_IP6="2001:db8:1::1"
-
 MTU="1500"
 
-# Optional: post‑quantum crypto overrides
+# --- Crypto preferences -----------------------------------------
 SSH_KEX="mlkem768x25519-sha256"
 SSH_CIPHERS="chacha20-poly1305@openssh.com"
 SSH_MACS="hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com"
 
-# Push whole‑internet routes through the tunnel?
+# use remote server as vpn for all traffic.
+# if set to false, vpn becomes transparent.
 DEFAULT_ROUTE_IPV4="true"
 DEFAULT_ROUTE_IPV6="true"
 ```
@@ -123,20 +125,24 @@ vim srv-config.conf
 Example **server** config:
 
 ```bash
+# ---------------------------------------------------------------------------
+# pawdance
+# ---------------------------------------------------------------------------
 ROLE="server"
 
+# --- Tunnel parameters ------------------------------------------------------
 TUN_INDEX="1"
 TUN_DEV="tun${TUN_INDEX}"
-
 LOCAL_IP4="10.0.1.1/24"
 LOCAL_IP6="2001:db8:1::1/64"
 MTU="1500"
 
-# allow VPN clients to access other networks?
-VPN_FORWARD="true"   # adds iptables/ip6tables FORWARD rules
+# allow clients to accsess networks on the server?
+VPN_FORWARD="true"  # iptables/ip6tables FORWARD rules
 
-# keep this true (required for routing)
-IP_FORWARD="true"    # sets net.ipv4.ip_forward + net.ipv6.conf.all.forwarding
+#keep this to true. It is required for the tunnel to work.
+# this enables net.ipv4.ip_forward + net.ipv6.conf.all.forwarding
+IP_FORWARD="true"
 ```