diff --git a/README.md b/README.md
index be2e615..78144d7 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-<img align="right" height="216" src="https://raskinthewild.com/pawdanse.png"  />
+<img align="right" height="216" src="https://cloud.protogen.engineering/public.php/dav/files/6PPN3gmR75Ccqmc/"  />
 <br clear="bottom">
 <br clear="bottom">
 <br clear="bottom">
@@ -78,38 +78,36 @@ vim pawdance-client.conf
 Example **client** config:
 
 ```bash
-# ---------------------------------------------------------------------------
-# pawdance
-# ---------------------------------------------------------------------------
-ROLE="client"              # client or server
+# pawdance client example config
+ROLE="client"
 
-CONNECT_MODE="auto"         # dns|ip|auto
-REMOTE_HOST="vpn.example.com"   # used when dns/auto
-# REMOTE_CONNECT_IP4="203.0.113.42"   # used when ip/auto with no REMOTE_HOST.
+# How to reach the server
+CONNECT_MODE="dns"           # dns | ip | auto
+REMOTE_HOST="vps.your.domain"
+# REMOTE_CONNECT_IP4="203.0.113.42"
 # REMOTE_CONNECT_IP6="2001:db8::42"
-CONNECT_PREFER="auto"       # auto|ipv4|ipv6
+CONNECT_PREFER="ipv4"         # auto | ipv4 | ipv6
 
-# --- SSH authentication -----------------------------------------------------
-REMOTE_USER="youruser"
-SSH_KEY_MODE="false"        # true = pass explicit key; false = default chain
-SSH_KEY="/home/alice/.ssh/id_ed25519" # only if SSH_KEY_MODE=true
+REMOTE_USER="stinky"
 
-# --- Tunnel parameters ------------------------------------------------------
+# Tunnel interface
 TUN_INDEX="1"
 TUN_DEV="tun${TUN_INDEX}"
+
 LOCAL_IP4="10.0.1.2/24"
 REMOTE_IP4="10.0.1.1"
+
 LOCAL_IP6="2001:db8:1::2/64"
 REMOTE_IP6="2001:db8:1::1"
+
 MTU="1500"
 
-# --- Crypto preferences -----------------------------------------
+# Optional: post‑quantum crypto overrides
 SSH_KEX="mlkem768x25519-sha256"
 SSH_CIPHERS="chacha20-poly1305@openssh.com"
 SSH_MACS="hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com"
 
-# use remote server as vpn for all traffic.
-# if set to false, vpn becomes transparent.
+# Push whole‑internet routes through the tunnel?
 DEFAULT_ROUTE_IPV4="true"
 DEFAULT_ROUTE_IPV6="true"
 ```
@@ -125,24 +123,20 @@ vim srv-config.conf
 Example **server** config:
 
 ```bash
-# ---------------------------------------------------------------------------
-# pawdance
-# ---------------------------------------------------------------------------
 ROLE="server"
 
-# --- Tunnel parameters ------------------------------------------------------
 TUN_INDEX="1"
 TUN_DEV="tun${TUN_INDEX}"
+
 LOCAL_IP4="10.0.1.1/24"
 LOCAL_IP6="2001:db8:1::1/64"
 MTU="1500"
 
-# allow clients to accsess networks on the server?
-VPN_FORWARD="true"  # iptables/ip6tables FORWARD rules
+# allow VPN clients to access other networks?
+VPN_FORWARD="true"   # adds iptables/ip6tables FORWARD rules
 
-#keep this to true. It is required for the tunnel to work.
-# this enables net.ipv4.ip_forward + net.ipv6.conf.all.forwarding
-IP_FORWARD="true"
+# keep this true (required for routing)
+IP_FORWARD="true"    # sets net.ipv4.ip_forward + net.ipv6.conf.all.forwarding
 ```
 
 
@@ -191,7 +185,6 @@ This removes:
 * any iptables/ip6tables **FORWARD** rules added by Pawdance  
 
 (Kernel forwarding sysctls remain as you set them.)
-useful if script was terminated forcefully. Or you wanna remove tun from server. 
 
 ---
 
diff --git a/pawdance b/pawdance
index f491a0a..f32e42b 100644
--- a/pawdance
+++ b/pawdance
@@ -1,10 +1,28 @@
 #!/usr/bin/env bash
-# pawdance.sh - EXACT client *and* server logic driven by an easy‑to‑edit config file
-# 
+# pawdance.sh – EXACT client *and* server logic driven by an easy‑to‑edit config file
+# -----------------------------------------------------------------------------
+# Modes (ROLE in config):
+#   client – brings up a point‑to‑point tunnel by SSH‑w’ing into the server.
+#   server – creates the matching tunnel locally and (optionally) enables routing.
+#
+# Connection source (CONNECT_MODE):
+#   dns   – resolve REMOTE_HOST on every run.
+#   ip    – use the hard‑coded REMOTE_CONNECT_IP4 and/or REMOTE_CONNECT_IP6.
+#   auto  – if REMOTE_HOST is set use dns, otherwise ip (default).
+#
+# Extra dial options:
+#   CONNECT_PREFER   – which address family to try first (auto|ipv4|ipv6).
+#   SSH_KEY_MODE     – set to "true" to pass an explicit private key via -i.
+#   SSH_KEY          – absolute path to that key (required if SSH_KEY_MODE=true).
+#
+# -----------------------------------------------------------------------------
+# v4.5.1 – better --help, commented example configs, SSH_KEY_MODE support.
+# -----------------------------------------------------------------------------
+
 set -euo pipefail
 
 SCRIPT_NAME="pawdance"
-VERSION="4.5.2"
+VERSION="4.5.1"
 
 CONFIG_FILE=""
 SUBCMD=""
@@ -231,7 +249,7 @@ client_up() {
   [[ -n "$REMOTE_IP6_RESOLVED" && -n "$IPV6_GW" ]] && \
     $SUDO ip -6 route add "$REMOTE_IP6_RESOLVED" via "$IPV6_GW" dev "$IFACE6"
 
-  log "Setting default routes (metric1)…"
+  log "Setting default routes (metric 1)…"
   [[ "$DEFAULT_ROUTE_IPV4" == "true" && -n "$REMOTE_IP4" ]] && \
     $SUDO ip  route add default via "$REMOTE_IP4" dev "$TUN_DEV" metric 1
   [[ "$DEFAULT_ROUTE_IPV6" == "true" && -n "$REMOTE_IP6" ]] && \
@@ -290,7 +308,7 @@ server_up() {
 # -------------- CLI --------------
 usage() {
 cat <<EOF
-$SCRIPT_NAME $VERSION - vpn wrapper over SSH
+$SCRIPT_NAME $VERSION – vpn wrapper over SSH
 
 Sub‑commands:
   up     --config <file>      Bring tunnel up (client or server, per ROLE).