EasyTier · KKRainbow · Aug 25, 2024 · Aug 25, 2024
diff --git a/.vitepress/config/en.ts b/.vitepress/config/en.ts
@@ -20,8 +20,11 @@ export const en = defineConfig({
           { text: 'Two Node', link: '/en/guide/network/two-node-networking' },
           { text: 'Multi Node', link: '/en/guide/network/multi-node-networking' },
           { text: 'Subnet Proxy', link: '/en/guide/network/point-to-networking' },
+          { text: 'Network to Network', link: '/en/guide/network/network-to-network' },
           { text: 'Without Public IP', link: '/en/guide/network/networking-without-public-ip' },
           { text: 'Use WireGuard Client', link: '/en/guide/network/use-easytier-with-wirefuard-client' },
+          { text: 'No TUN Mode (No Root Permission Required', link: '/en/guide/network/no-root' },
+          { text: 'Self-Hosted Public Server', link: '/en/guide/network/host-public-server' },
           { text: 'Installing as a Windows Service (Auto-Start on Boot)', link: '/en/guide/network/install-as-a-windows-service' },
           { text: 'Installing as a Linux Systemd Service', link: '/en/guide/network/install-as-a-systemd-service' },
           { text: 'Other Configurations', link: '/en/guide/network/configurations' },

diff --git a/en/guide/installation.md b/en/guide/installation.md
@@ -53,3 +53,35 @@
             command: -i <ip> --network-name <user> --network-secret <password> -e tcp://<server address>:11010 -l <listen address>  
    ```
    :::
+
+   5. One-Click Installation Script (For Linux Only)
+
+    ```bash
+    wget -O /tmp/easytier.sh "https://raw.githubusercontent.com/EasyTier/EasyTier/main/script/install.sh" && bash /tmp/easytier.sh install
+    ```
+
+# Frequently Asked Questions
+
+## Question 1
+
+Q: On Windows 7, I cannot create a network, the program crashes or fails to create a virtual network.
+
+A: Windows 7 must be Service Pack 1 (SP1) or later, and you need to install the patches [KB3063858](https://www.microsoft.com/en-us/download/details.aspx?id=47409) and [KB4474419](https://www.catalog.update.microsoft.com/search.aspx?q=KB4474419).
+
+## Question 2
+
+Q: The command-line help in Linux is in English, how can I switch it to Chinese?
+
+A: You need to set the environment variable `LANG=zh_CN`. Command: `export LANG=zh_CN`
+
+## Question 3
+
+Q: After starting, I get a TunError message.
+
+A: Ensure that the TUN driver has been correctly loaded and that the file `/dev/net/tun` exists. If using Docker, make sure privilege mode is enabled. To load the Linux TUN driver:
+
+```bash
+modprobe tun
+mkdir /dev/net
+sudo mknod /dev/net/tun c 10 200
+```
diff --git a/en/guide/introduction.md b/en/guide/introduction.md
@@ -7,7 +7,7 @@ EasyTier is a simple, safe and decentralized VPN networking solution implemented
 - **Decentralized**: No need to rely on centralized services, nodes are equal and independent.
 - **Safe**: Use WireGuard protocol to encrypt data.
 - **High Performance**: Full-link zero-copy, with performance comparable to mainstream networking software.
-- **Cross-platform**: Supports MacOS/Linux/Windows, will support IOS and Android in the future. The executable file is statically linked, making deployment simple.
+- **Cross-platform**: Supports MacOS/Linux/Windows/FreeBSD/Android, will support IOS in the future. The executable file is statically linked, making deployment simple.
 - **Networking without public IP**: Supports networking using shared public nodes, refer to [Configuration Guide](/guide/network/networking-without-public-ip)
 - **NAT traversal**: Supports UDP-based NAT traversal, able to establish stable connections even in complex network environments.
 - **Subnet Proxy (Point-to-Network)**: Nodes can expose accessible network segments as proxies to the VPN subnet, allowing other nodes to access these subnets through the node.

diff --git a/en/guide/network/host-public-server.md b/en/guide/network/host-public-server.md
@@ -0,0 +1,19 @@
+# Self-Hosted Public Server
+
+Users can use their own public IP nodes to host a public server for mesh networking without a public IP, making it convenient for other users without public IPs to form networks.
+
+To start EasyTier as a public server, simply launch `easytier-core` without any parameters (no root permissions required):
+
+```
+easytier-core
+```
+
+By default, every node of EasyTier is capable of providing forwarding services for other virtual networks, even if the node has specified a `--network-name` and `--network-secret` and has joined a virtual network.
+
+If you wish to change this behavior, you can use the `--relay-network-whitelist` parameter to define a whitelist of network names (a space-separated list of wildcard patterns, e.g., `"ab* abc"`). When the list for this parameter is empty, the node will not provide forwarding services for all other networks.
+
+EasyTier can be configured not to forward packets from other virtual networks but instead help establish P2P connections by leaving the whitelist empty and setting it to only forward RPC traffic. The reference command is:
+
+```
+easytier-core --relay-network-whitelist --relay-all-peer-rpc
+```
diff --git a/en/guide/network/network-to-network.md b/en/guide/network/network-to-network.md
@@ -0,0 +1,45 @@
+# Network-to-Network
+
+The network topology of network-to-network is shown in the figure below.
+
+```mermaid
+flowchart LR
+
+subgraph Node A
+nodeA[EasyTier\n10.144.144.1]
+end
+
+subgraph Node B
+nodeB[EasyTier\n10.144.144.2]
+end
+
+id1[[10.1.1.0/24]]
+
+id2[[192.168.1.0/24]]
+
+id2 <-.Subnet proxy.-> nodeA <--> nodeB <-.Subnet proxy.-> id1
+
+id2 -.No need for EasyTier to access each other's subnet.-> id1
+
+```
+
+After the network-to-network configuration is successful, devices in the 192.168.1.0/24 subnet can access devices in the 10.1.1.0/24 subnet for mutual communication without installing EasyTier.
+
+To achieve network-to-network, Node A needs to be the gateway of the 192.168.1.0/24 subnet. The startup and configuration parameters for the two EasyTier nodes are as follows:
+
+Node A
+```bash
+# Start EasyTier and proxy the 192.168.1.0/24 subnet, and use a public server to help network
+easytier-core -i 10.144.144.1 -n 192.168.1.0/24 -p tcp://easytier.public.kkrainbow.top:11010 --network-name n2n_test
+
+# Allow the gateway to forward traffic and configure the firewall to allow forwarding traffic
+sysctl -w net.ipv4.ip_forward=1
+iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
+iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
+```
+
+Node B
+```bash 
+# Start EasyTier and proxy the 10.1.1.0/24 subnet, and use a public server to help network 
+easytier-core -i 10.144.144.2 -n 10.1.1.0/24 -p tcp://easytier.public.kkrainbow.top:11010 --network-name n2n_test $ 
+```
diff --git a/en/guide/network/networking-without-public-ip.md b/en/guide/network/networking-without-public-ip.md
@@ -9,13 +9,17 @@ When using shared nodes, each node entering the network needs to provide the sam
 Taking two nodes as an example, Node A executes:
 
 ```sh
-sudo easytier-core -i 10.144.144.1 --network-name abc --network-secret abc -e tcp://easytier.public.kkrainbow.top:11010
+sudo easytier-core -i 10.144.144.1 --network-name abc --network-secret abc -p tcp://easytier.public.kkrainbow.top:11010
 ```
 
 Node B executes
 
 ```sh
-sudo easytier-core --ipv4 10.144.144.2 --network-name abc --network-secret abc -e tcp://easytier.public.kkrainbow.top:11010
+sudo easytier-core --ipv4 10.144.144.2 --network-name abc --network-secret abc -p tcp://easytier.public.kkrainbow.top:11010
 ```
 
 After the command is successfully executed, Node A can access Node B through the virtual IP 10.144.144.2.
+
+`--ipv4 x.x.x.x` can be replaced with `-d` to enable the DHCP function, allowing EasyTier to automatically assign the node's IP address based on other existing virtual IPs within the virtual network.
+
+Nodes can connect to multiple public servers, and even if one public server fails, nodes can still communicate using other active public servers. Simply specify multiple `-p` parameters, such as: `-p tcp://1.1.1.1:11010 -p udp://1.1.1.2:11011`. It is important to note that each node in the virtual network must specify the same list of public servers; otherwise, proper networking may not be achieved.
diff --git a/en/guide/network/no-root.md b/en/guide/network/no-root.md
@@ -0,0 +1,9 @@
+# No TUN Mode (No Root Permission Required)
+
+Since creating a TUN device requires ROOT permission, EasyTier also provides a method of use that does not depend on TUN for environments where ROOT permission cannot be obtained. Simply add the `--no-tun` parameter when starting EasyTier.
+
+When networking in No TUN mode, nodes can be accessed via virtual IPs (supporting TCP, UDP, and ICMP), and can also act as subnet proxies (using the -n parameter). However, they cannot initiate visits to other nodes.
+
+To actively access other nodes in No TUN mode, EasyTier supports the creation of a SOCKS5 server. Other programs on the node can access the virtual network and other proxy subnets within the virtual network by setting the proxy to EasyTier's SOCKS5 service.
+
+The parameter for starting the SOCKS5 service is `--socks5 12333`. By adding this parameter to the easytier-core start command, the local port 12333 can serve SOCKS5 clients. Currently, the SOCKS5 server does not require username and password authentication and can be used directly.
diff --git a/en/guide/network/point-to-networking.md b/en/guide/network/point-to-networking.md
@@ -43,4 +43,18 @@ Subnet proxy information will automatically sync to each node in the virtual net
    ping 10.1.1.2
    ```
 
+## Manually Specifying Routes
+
+By default, when a node in the virtual network is configured with a subnet proxy, the subnet proxy's segment is synchronized to all nodes within the virtual network, and a route is automatically generated to handle packets destined for these segments via the virtual network.
+
+This simplifies networking in most cases, but in some scenarios, users may not want EasyTier to automatically configure routes on the node. Users can manually configure the traffic that needs to be forwarded to the virtual network using the `--manual-routes` parameter.
+
+After using `--manual-routes`, only the segments configured with this parameter will enter the virtual network. If the list after this parameter is empty, EasyTier will not process any traffic for non-virtual network segments.
+
+## Firewall
+
+Since proxy traffic requires the use of the system's network stack, the subnet proxy needs to disable the firewall on the virtual network card (this applies to both Linux and Windows).
+
+If it is not possible to disable the firewall, you can try using the user-space network stack for the subnet proxy, which can eliminate the need to configure the firewall. Simply add the `--use-smoltcp` parameter when starting EasyTier.
+
 ---
diff --git a/en/guide/network/two-node-networking.md b/en/guide/network/two-node-networking.md
@@ -90,4 +90,38 @@ nodea <-----> nodeb
    | :----------- | :------- | :---------- | :------------ | :---------------- | :----------- | :--- |
    | 10.144.144.1 | abc-dec  |             | DIRECT        |                   | 3.646        | 1    |
 
+   Use easytier-cli to view local node info.
+
+   ```sh
+   easytier-cli node
+   ```
+
+   ```
+   ┌───────────────┬──────────────────────┐
+   │ Virtual IP    │ 10.144.144.1         │
+   ├───────────────┼──────────────────────┤
+   │ Hostname      │ archlinux-base       │
+   ├───────────────┼──────────────────────┤
+   │ Proxy CIDRs   │ 10.147.223.0/24      │
+   ├───────────────┼──────────────────────┤
+   │ Peer ID       │ 2616333191           │
+   ├───────────────┼──────────────────────┤
+   │ Public IP     │ 75.52.125.26         │
+   ├───────────────┼──────────────────────┤
+   │ UDP Stun Type │ FullCone             │
+   ├───────────────┼──────────────────────┤
+   │ Listener 1    │ tcp://0.0.0.0:11010  │
+   ├───────────────┼──────────────────────┤
+   │ Listener 2    │ udp://0.0.0.0:11010  │
+   ├───────────────┼──────────────────────┤
+   │ Listener 3    │ wg://0.0.0.0:11011   │
+   ├───────────────┼──────────────────────┤
+   │ Listener 4    │ ws://0.0.0.0:11011/  │
+   ├───────────────┼──────────────────────┤
+   │ Listener 5    │ wss://0.0.0.0:11012/ │
+   ├───────────────┼──────────────────────┤
+   │ Listener 6    │ udp://[::]:37039     │
+   └───────────────┴──────────────────────┘
+   ```
+
 ---
diff --git a/en/index.md b/en/index.md
@@ -28,7 +28,7 @@ features:
   - title: High Performance
     details: Full-link zero-copy, with performance comparable to mainstream networking software.
   - title: Cross-platform
-    details: Supports MacOS/Linux/Windows, will support IOS and Android in the future. The executable file is statically linked, making deployment simple.
+    details: Supports MacOS/Linux/Windows/FreeBSD/Android, will support IOS in the future. The executable file is statically linked, making deployment simple.
   - title: Networking without public IP
     details: Supports networking using shared public nodes, refer to Configuration Guide
   - title: NAT traversal

diff --git a/guide/installation.md b/guide/installation.md
@@ -74,3 +74,15 @@ A: win7 需要是 SP1 及以上, 并且需要安装 [KB3063858](https://www.micr
 Q: Linux 命令行帮助是英文，如何调整为中文。
 
 A: 需要设置环境变量 LANG=zh_CN，命令： `export LANG=zh_CN`
+
+## 问题 3
+
+Q: 启动后提示 TunError
+
+A: 确认 TUN 驱动已经被正确加载，并且 `/dev/net/tun` 文件存在，如果使用 Docker，需要确保开启了特权模式。Linux TUN 驱动加载方法为：
+
+```bash
+modprobe tun
+mkdir /dev/net
+sudo mknod /dev/net/tun c 10 200
+```