Update readme

Readme.md

@@ -1,14 +1,18 @@
 # WireGuard Ops
 
-A group of Interactive bash scripts for [WireGuard](https://github.com/WireGuard/wireguard-go) over [udp2raw-tunnel](https://github.com/wangyu-/udp2raw-tunnel), with optional [UDPSpeeder](https://github.com/wangyu-/UDPspeeder) support.
+[wg-quick](https://man7.org/linux/man-pages/man8/wg-quick.8.html) compatiable config generator with additional features supported.
 
 ## Basic Usage
 
-1. Run `install.sh`. (May prompt sudo)
+1. Clone this repo with `git clone https://github.com/Kiritow/wg-ops`
 
-2. Write a valid WireGuard config file, with supported extension tags.
+2. Run `install.sh`. (May prompt sudo)
 
-3. Run `python3 generate.py` to convert extension tags into config lines.
+3. Write a valid WireGuard `wg-quick` config file, with supported extension tags. (see below)
+
+4. Run `python3 generate.py` to convert extension tags into config lines.
+
+5. Bring it up with `wg-quick up`
 
 Start as service: `systemctl start wg-quick@wg0`
 
@@ -16,37 +20,118 @@ Start service on system start-up: `systemctl enable wg-quick@wg0`
 
 See [wg-quick(8)](https://man7.org/linux/man-pages/man8/wg-quick.8.html) for more information.
 
-Run `python3 generate.py -h` for more help about the generator.
+## Options
+
+python3 **generate.py** [-h] [-k] [-o *filename*] *source_filename*
+
+**-h** Display this help and quit.
+
+**-k** Output generated config to standard output
+
+**-o** *filename* Output generated config to `filename`. Default write to *source_filename*.gen
+
+## Generic Tags
+
+**enable-bbr**
+
+Enable [TCP BBR](https://en.wikipedia.org/wiki/TCP_congestion_control#TCP_BBR). Most of the time it's useful on VPS.
+
+**enable-forward**
+
+Set `net.ipv4.ip_forward` to 1. Enable ip packet forward.
+
+**iptables-forward**
+
+Add iptables rules to accept forward from this wireguard interface. Example: `iptables -A FORWARD -i wg0 -J ACCEPT`
+
+**podman-user** *username*
+
+Run podman container as `username`. Default to `root`.
+
+## Tunnel Tags
+
+**udp2raw-server** *name* *port* *password*
+
+Setup a [udp2raw](https://github.com/wangyu-/udp2raw-tunnel) server. Raw mode set to `fake-tcp`. Expose & listen on port `port`.
+
+**udp2raw-client** *name* *port* *remote* *password*
+
+Setup a udp2raw client. Listen on port `port`.
+
+**udp2raw-client-mux** *name* *mux_size* *port* *remote* *password*
+
+Setup multiple (up to `mux_size`) udp2raw clients. Listen on ports from `port` to `port + mux_size`
+
+**gost-server** *name* *port*
+
+Setup a [gost](https://github.com/ginuerzh/gost) server. Forward mode set to `relay+tls`. Expose & listen on port `port`.
+
+**gost-client** *name* *port* *remote*
+
+Setup a gost client. Listen on port `port`.
+
+**gost-client-mux** *name* *mux_size* *port* *remote*
+
+Setup multiple (up to `mux_size`) gost clients. Listen on ports from `port` to `port + mux_size`
+
+**trojan-server** *name* *port* *password* *cert_path* *key_path*
+
+Setup a [trojan-go](https://github.com/p4gefau1t/trojan-go) server. Expose & listen on port `port`.
+
+Requires a ssl certificate signed by trusted CA.
+
+[acme.sh](https://github.com/acmesh-official/acme.sh) is recommended for acquiring ssl certs. Make sure use `fullchain.cer` as `cert_path`
+
+**trojan-client** *name* *port* *password* *remote_host* *target_port*
+
+Setup a trojan-go client. Listen on port `port`.
+
+**trojan-client-mux** *name* *mux_size* *port* *password* *remote_host* *target_port*
+
+Setup multiple (up to `mux_size`) trojan-go clients. Listen on ports from `port` to `port + mux_size`
+
+## Peer Tags
+
+**use-tunnel** *name*
+
+Use tunnel `name` for this peer. wg-ops may add `Endpoint=` or use `wg set peer` to fullfill this requirement.
+
+## Route Tags
+
+**route-to** *ip_route_table*
+
+Used in chained WireGuard settings. Accept any traffic from `ip_route_table`.
+
+Interface marked with `route-to` should have only **one** peer.
+
+**route-from** *ip_route_table*
+
+Used in chained WireGuard settings. Route traffic from all peers or a marked peer with `ip_route_table`.
+
+Example: The following config means all traffic from `10.44.0.2` will be forward to `10.33.0.1`
+
+wg0.conf (Should have only one peer)
 
 ```
-wg-ops: WireGuard configuration extended generator
-OPTIONS
-    -h Display this help and quit.
-    -k Output generated config to standard output
-    -o <filename> Output generated config to file. Default is {source_filename}.gen
-TAGS
-    #enable-bbr
-    #enable-forward
-    #iptables-forward
-    #route-to table
-    #route-from table
-    #udp2raw-server name port password
-    #udp2raw-client name port remote password
-    #udp2raw-client-mux name mux port remote password
-    #gost-server name port
-    #gost-client name port remote
-    #gost-client-mux name mux port remote
-    #use-tunnel name
+[Interface]
+Address=10.33.0.2
+#route-to TABLE
+
+[Peer]
+AllowedIPs=10.33.0.1
+```
+
+wg1.conf
+
+```
+[Interface]
+Address=10.44.0.1
+
+[Peer]
+AllowedIPs=10.44.0.2
+#route-from TABLE
 ```
 
 ## Notice
 
-Make sure to setup firewall. UFW is recommended.
-
-For a forwarding server, the following commands might be needed:
-
-```
-ufw route allow in on wg0 out on wg0
-```
-
-Reload script only reload wireguard configs. Changes made to tunnels will not work without restart.
+Make sure to setup firewall for better security. [ufw](http://manpages.ubuntu.com/manpages/bionic/man8/ufw.8.html) is recommended for Ubuntu.