diff --git a/README.md b/README.md
index 78144d7..be2e615 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-<img align="right" height="216" src="https://cloud.protogen.engineering/public.php/dav/files/6PPN3gmR75Ccqmc/"  />
+<img align="right" height="216" src="https://raskinthewild.com/pawdanse.png"  />
 <br clear="bottom">
 <br clear="bottom">
 <br clear="bottom">
@@ -78,36 +78,38 @@ vim pawdance-client.conf
 Example **client** config:
 
 ```bash
-# pawdance client example config
-ROLE="client"
+# ---------------------------------------------------------------------------
+# pawdance
+# ---------------------------------------------------------------------------
+ROLE="client"              # client or server
 
-# How to reach the server
-CONNECT_MODE="dns"           # dns | ip | auto
-REMOTE_HOST="vps.your.domain"
-# REMOTE_CONNECT_IP4="203.0.113.42"
+CONNECT_MODE="auto"         # dns|ip|auto
+REMOTE_HOST="vpn.example.com"   # used when dns/auto
+# REMOTE_CONNECT_IP4="203.0.113.42"   # used when ip/auto with no REMOTE_HOST.
 # REMOTE_CONNECT_IP6="2001:db8::42"
-CONNECT_PREFER="ipv4"         # auto | ipv4 | ipv6
+CONNECT_PREFER="auto"       # auto|ipv4|ipv6
 
-REMOTE_USER="stinky"
+# --- SSH authentication -----------------------------------------------------
+REMOTE_USER="youruser"
+SSH_KEY_MODE="false"        # true = pass explicit key; false = default chain
+SSH_KEY="/home/alice/.ssh/id_ed25519" # only if SSH_KEY_MODE=true
 
-# Tunnel interface
+# --- Tunnel parameters ------------------------------------------------------
 TUN_INDEX="1"
 TUN_DEV="tun${TUN_INDEX}"
-
 LOCAL_IP4="10.0.1.2/24"
 REMOTE_IP4="10.0.1.1"
-
 LOCAL_IP6="2001:db8:1::2/64"
 REMOTE_IP6="2001:db8:1::1"
-
 MTU="1500"
 
-# Optional: post‑quantum crypto overrides
+# --- Crypto preferences -----------------------------------------
 SSH_KEX="mlkem768x25519-sha256"
 SSH_CIPHERS="chacha20-poly1305@openssh.com"
 SSH_MACS="hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com"
 
-# Push whole‑internet routes through the tunnel?
+# use remote server as vpn for all traffic.
+# if set to false, vpn becomes transparent.
 DEFAULT_ROUTE_IPV4="true"
 DEFAULT_ROUTE_IPV6="true"
 ```
@@ -123,20 +125,24 @@ vim srv-config.conf
 Example **server** config:
 
 ```bash
+# ---------------------------------------------------------------------------
+# pawdance
+# ---------------------------------------------------------------------------
 ROLE="server"
 
+# --- Tunnel parameters ------------------------------------------------------
 TUN_INDEX="1"
 TUN_DEV="tun${TUN_INDEX}"
-
 LOCAL_IP4="10.0.1.1/24"
 LOCAL_IP6="2001:db8:1::1/64"
 MTU="1500"
 
-# allow VPN clients to access other networks?
-VPN_FORWARD="true"   # adds iptables/ip6tables FORWARD rules
+# allow clients to accsess networks on the server?
+VPN_FORWARD="true"  # iptables/ip6tables FORWARD rules
 
-# keep this true (required for routing)
-IP_FORWARD="true"    # sets net.ipv4.ip_forward + net.ipv6.conf.all.forwarding
+#keep this to true. It is required for the tunnel to work.
+# this enables net.ipv4.ip_forward + net.ipv6.conf.all.forwarding
+IP_FORWARD="true"
 ```
 
 
@@ -185,6 +191,7 @@ This removes:
 * any iptables/ip6tables **FORWARD** rules added by Pawdance  
 
 (Kernel forwarding sysctls remain as you set them.)
+useful if script was terminated forcefully. Or you wanna remove tun from server. 
 
 ---
 
diff --git a/pawdance b/pawdance
index f32e42b..f491a0a 100644
--- a/pawdance
+++ b/pawdance
@@ -1,28 +1,10 @@
 #!/usr/bin/env bash
-# pawdance.sh – EXACT client *and* server logic driven by an easy‑to‑edit config file
-# -----------------------------------------------------------------------------
-# Modes (ROLE in config):
-#   client – brings up a point‑to‑point tunnel by SSH‑w’ing into the server.
-#   server – creates the matching tunnel locally and (optionally) enables routing.
-#
-# Connection source (CONNECT_MODE):
-#   dns   – resolve REMOTE_HOST on every run.
-#   ip    – use the hard‑coded REMOTE_CONNECT_IP4 and/or REMOTE_CONNECT_IP6.
-#   auto  – if REMOTE_HOST is set use dns, otherwise ip (default).
-#
-# Extra dial options:
-#   CONNECT_PREFER   – which address family to try first (auto|ipv4|ipv6).
-#   SSH_KEY_MODE     – set to "true" to pass an explicit private key via -i.
-#   SSH_KEY          – absolute path to that key (required if SSH_KEY_MODE=true).
-#
-# -----------------------------------------------------------------------------
-# v4.5.1 – better --help, commented example configs, SSH_KEY_MODE support.
-# -----------------------------------------------------------------------------
-
+# pawdance.sh - EXACT client *and* server logic driven by an easy‑to‑edit config file
+# 
 set -euo pipefail
 
 SCRIPT_NAME="pawdance"
-VERSION="4.5.1"
+VERSION="4.5.2"
 
 CONFIG_FILE=""
 SUBCMD=""
@@ -249,7 +231,7 @@ client_up() {
   [[ -n "$REMOTE_IP6_RESOLVED" && -n "$IPV6_GW" ]] && \
     $SUDO ip -6 route add "$REMOTE_IP6_RESOLVED" via "$IPV6_GW" dev "$IFACE6"
 
-  log "Setting default routes (metric 1)…"
+  log "Setting default routes (metric1)…"
   [[ "$DEFAULT_ROUTE_IPV4" == "true" && -n "$REMOTE_IP4" ]] && \
     $SUDO ip  route add default via "$REMOTE_IP4" dev "$TUN_DEV" metric 1
   [[ "$DEFAULT_ROUTE_IPV6" == "true" && -n "$REMOTE_IP6" ]] && \
@@ -308,7 +290,7 @@ server_up() {
 # -------------- CLI --------------
 usage() {
 cat <<EOF
-$SCRIPT_NAME $VERSION – vpn wrapper over SSH
+$SCRIPT_NAME $VERSION - vpn wrapper over SSH
 
 Sub‑commands:
   up     --config <file>      Bring tunnel up (client or server, per ROLE).