[pull] dev from EasyTier:dev

.vitepress/config/cn.ts

@@ -20,10 +20,15 @@ export const cn = defineConfig({
           { text: '双节点', link: '/guide/network/two-node-networking' },
           { text: '多节点', link: '/guide/network/multi-node-networking' },
           { text: '子网代理（点对网）', link: '/guide/network/point-to-networking' },
-          { text: '无公网IP', link: '/guide/network/networking-without-public-ip' },
-          { text: '使用 WireGuard 客户端接入', link: '/guide/network/use-easytier-with-wirefuard-client' },
-          { text: '注册为windows服务(开机自启)', link: '/guide/network/install-as-a-windows-service' },
-          { text: '将服务安装为 Linux Systemd 服务', link: '/guide/network/install-as-a-systemd-service' }, 
+          { text: '网对网', link: '/guide/network/network-to-network' },
+          { text: '无公网 IP', link: '/guide/network/networking-without-public-ip' },
+          { text: '使用 WireGuard 客户端接入', link: '/guide/network/use-easytier-with-wireguard-client' },
+          { text: 'SOCKS5', link: '/guide/network/socks5' },
+          { text: '无 TUN 模式（免 Root 权限）', link: '/guide/network/no-root' },
+          { text: '自建公共服务器', link: '/guide/network/host-public-server' },
+          { text: '安装为 Windows 服务（开机自启）', link: '/guide/network/install-as-a-windows-service' },
+          { text: '安装为 Linux systemd 服务', link: '/guide/network/install-as-a-systemd-service' },
+          { text: '安装为 macOS 服务', link: '/guide/network/install-as-a-macos-service' },
           { text: '其他配置', link: '/guide/network/configurations' },
           { text: '配置文件', link: '/guide/network/config-file' },
         ],
@@ -36,6 +41,8 @@ export const cn = defineConfig({
           { text: '手动组网', link: '/guide/gui/manual' },
           { text: 'WireGuard 接入', link: '/guide/gui/vpn_portal' },
           { text: '子网代理', link: '/guide/gui/subnet_proxy' },
+          { text: 'EasyTier 管理器', link: '/guide/gui/easytier-manager' },
+          { text: 'EasyTier游戏联机启动器', link: '/guide/gui/easytier-game' },
         ],
       },
       {

.vitepress/config/en.ts

@@ -2,28 +2,33 @@ import { defineConfig } from 'vitepress'
 
 export const en = defineConfig({
   lang: 'en',
-  description: 'a simple, safe and decentralized VPN networking solution implemented with the Rust language and Tokio framework.',
+  description: 'A simple, safe and decentralized VPN networking solution implemented with the Rust language and Tokio framework',
 
   themeConfig: {
     sidebar: [
       {
-        text: 'Getting Started',
+        text: 'Getting started',
         items: [
           { text: 'Introduction', link: '/en/guide/introduction' },
-          { text: 'installation', link: '/en/guide/installation' },
+          { text: 'Installation', link: '/en/guide/installation' },
         ],
       },
       {
         text: 'Networking',
         link: '/en/guide/networking',
         items: [
-          { text: 'Two Node', link: '/en/guide/network/two-node-networking' },
-          { text: 'Multi Node', link: '/en/guide/network/multi-node-networking' },
+          { text: 'Peer to Peer Networking', link: '/en/guide/network/two-node-networking' },
+          { text: 'Multi Peers Networking', link: '/en/guide/network/multi-node-networking' },
           { text: 'Subnet Proxy', link: '/en/guide/network/point-to-networking' },
+          { text: 'Network to Network', link: '/en/guide/network/network-to-network' },
           { text: 'Without Public IP', link: '/en/guide/network/networking-without-public-ip' },
-          { text: 'Use WireGuard Client', link: '/en/guide/network/use-easytier-with-wirefuard-client' },
-          { text: 'Installing as a Windows Service (Auto-Start on Boot)', link: '/en/guide/network/install-as-a-windows-service' },
+          { text: 'Use WireGuard Client', link: '/en/guide/network/use-easytier-with-wireguard-client' },
+          { text: 'SOCKS5', link: '/en/guide/network/socks5' },
+          { text: 'Rootless mode (no TUN)', link: '/en/guide/network/no-root' },
+          { text: 'Self-hosted Public Server', link: '/en/guide/network/host-public-server' },
+          { text: 'Installing as a Windows Service (Auto start on boot)', link: '/en/guide/network/install-as-a-windows-service' },
           { text: 'Installing as a Linux Systemd Service', link: '/en/guide/network/install-as-a-systemd-service' },
+          { text: 'Installing as a macOS Service', link: '/en/guide/network/install-as-a-macos-service' },
           { text: 'Other Configurations', link: '/en/guide/network/configurations' },
           { text: 'Configuration File', link: '/en/guide/network/config-file' },
         ],

en/guide/installation.md

@@ -53,3 +53,35 @@
             command: -i <ip> --network-name <user> --network-secret <password> -e tcp://<server address>:11010 -l <listen address>  
    ```
    :::
+
+   5. One-Click Installation Script (For Linux Only)
+
+    ```bash
+    wget -O /tmp/easytier.sh "https://raw.githubusercontent.com/EasyTier/EasyTier/main/script/install.sh" && bash /tmp/easytier.sh install
+    ```
+
+# Frequently Asked Questions
+
+## Question 1
+
+Q: On Windows 7, I cannot create a network, the program crashes or fails to create a virtual network.
+
+A: Windows 7 must be Service Pack 1 (SP1) or later, and you need to install the patches [KB3063858](https://www.microsoft.com/en-us/download/details.aspx?id=47409) and [KB4474419](https://www.catalog.update.microsoft.com/search.aspx?q=KB4474419).
+
+## Question 2
+
+Q: The command-line help in Linux is in English, how can I switch it to Chinese?
+
+A: You need to set the environment variable `LANG=zh_CN`. Command: `export LANG=zh_CN`
+
+## Question 3
+
+Q: After starting, I get a TunError message.
+
+A: Ensure that the TUN driver has been correctly loaded and that the file `/dev/net/tun` exists. If using Docker, make sure privilege mode is enabled. To load the Linux TUN driver:
+
+```bash
+modprobe tun
+mkdir /dev/net
+sudo mknod /dev/net/tun c 10 200
+```

en/guide/introduction.md

@@ -7,7 +7,7 @@ EasyTier is a simple, safe and decentralized VPN networking solution implemented
 - **Decentralized**: No need to rely on centralized services, nodes are equal and independent.
 - **Safe**: Use WireGuard protocol to encrypt data.
 - **High Performance**: Full-link zero-copy, with performance comparable to mainstream networking software.
-- **Cross-platform**: Supports MacOS/Linux/Windows, will support IOS and Android in the future. The executable file is statically linked, making deployment simple.
+- **Cross-platform**: Supports MacOS/Linux/Windows/FreeBSD/Android, will support IOS in the future. The executable file is statically linked, making deployment simple.
 - **Networking without public IP**: Supports networking using shared public nodes, refer to [Configuration Guide](/guide/network/networking-without-public-ip)
 - **NAT traversal**: Supports UDP-based NAT traversal, able to establish stable connections even in complex network environments.
 - **Subnet Proxy (Point-to-Network)**: Nodes can expose accessible network segments as proxies to the VPN subnet, allowing other nodes to access these subnets through the node.

en/guide/network/config-file.md

@@ -5,14 +5,14 @@ Supports specifying the configuration file path using the -c parameter.
 Note: The configuration file has a higher priority. When a configuration file is specified at runtime, all command line parameters except for -c will be ignored and only the configuration file will take effect.
 
 ```sh
-./easytier-core -c ./config.yaml
+./easytier-core -c ./config.toml
 ```
 
 You can run `./easytier-core` directly without using any parameters to obtain the minimal configuration file. By running the command with parameters, you can get a configuration file corresponding to those parameters. The configuration file will be printed on the command line, and you can manually copy the relevant configuration and save it as a TOML file.
 
 Below is an example of a configuration file along with annotations for various configuration options.
 
-```yaml
+```toml
 # instance name to identify this vpn node in same machine
 instance_name = ""
 # Hostname, used to identify the hostname of this device
@@ -60,6 +60,13 @@ cidr = "10.0.1.0/24"
 [[proxy_network]]
 cidr = "10.0.2.0/24"
 
+#wg configuration information
+[vpn_portal_config]
+#The subnet where the VPN client is located, as shown in the example below.
+client_cidr = "10.14.14.0/24"
+#The port that wg listens to (please do not conflict with the listeners' wg).
+wireguard_listen = "0.0.0.0:11012"
+
 [flags]
 # default protocol to use when connecting to peers
 default_protocol = "tcp"

en/guide/network/host-public-server.md

@@ -0,0 +1,27 @@
+# Self-Hosted Public Server
+
+Users can use their own public IP nodes to host a public server, making it convenient for other users without public IPs to form networks. To start EasyTier as a public server, simply launch `easytier-core` without any parameters (no root permissions required):
+
+```
+easytier-core
+```
+
+EasyTier supports public server clusters. Each virtual network (created using the same network name and key) can function as a public server cluster. Nodes from other networks can connect to any node in the public server cluster and discover each other without the need for a public IP. Running a self-hosted public server cluster is identical to running a virtual network, except you can skip configuring an IPv4 address.
+
+You can also use the following command to join the official public server cluster. In the future, load balancing between nodes in the public server cluster will be implemented:
+
+```
+sudo easytier-core --network-name easytier --network-secret easytier -p tcp://public.easytier.top:11010
+```
+
+## Disable Forwarding
+
+By default, every node of EasyTier is capable of providing forwarding services for other virtual networks, even if the node has specified a `--network-name` and `--network-secret` and has joined a virtual network.
+
+If you wish to change this behavior, you can use the `--relay-network-whitelist` parameter to define a whitelist of network names (a space-separated list of wildcard patterns, e.g., `"ab* abc"`). When the list for this parameter is empty, the node will not provide forwarding services for all other networks.
+
+EasyTier can be configured not to forward packets from other virtual networks but instead help establish P2P connections by leaving the whitelist empty and setting it to only forward RPC traffic. The reference command is:
+
+```
+easytier-core --relay-network-whitelist --relay-all-peer-rpc
+```

en/guide/network/install-as-a-macos-service.md

@@ -0,0 +1,33 @@
+# Installing as macOS service
+
+Download and install [serviceman](https://webinstall.dev/serviceman)
+
+Open terminal and run the following commands to register easytier service:
+
+```bash
+# Start easytier with configuration file
+sudo serviceman add -name easytier -system \
+--workdir /var/log/easytier \
+-groupname wheel -username root \
+-cap-net-bind \
+-- easytier-core -c ~/.config/easytier.toml
+
+# or you can register easytier service without configuration
+sudo serviceman add -name easytier -system \
+--workdir /var/log/easytier \
+-groupname wheel -username root \
+-cap-net-bind \
+-- easytier-core --ipv4 x.x.x.x --network-name xxx --network-secret yyy --peers tcp://peer_host:11010
+```
+
+Start easytier service：
+
+```bash
+sudo serviceman start easytier
+```
+
+Stop easytier service:
+
+```bash
+sudo serviceman stop easytier
+```

en/guide/network/install-as-a-windows-service.md

@@ -2,7 +2,7 @@
 1. Go to the NSSM official website [https://nssm.cc/download] to download NSSM and extract it to a local directory.
 2. Download the command-line version of `easytier-core.exe`, remember the installation directory, such as `D:\Software\Easytier\cli\easytier-core.exe`.
 3. Register it as a Windows service, naming it `easytier_service`:
-    - `nssm.exe install easytier_service D:\Software\Easytier\cli\easytier-core.exe --ipv4 10.144.144.2 --network-name abc --network-secret abc -e tcp://easytier.public.kkrainbow.top:11010`
+    - `nssm.exe install easytier_service D:\Software\Easytier\cli\easytier-core.exe --ipv4 10.144.144.2 --network-name abc --network-secret abc -e tcp://public.easytier.top:11010`
 4. Run `services.msc`, locate the `easytier_service` service, enable it, and set it to start with a delay.
 5. To remove the service: `nssm.exe remove easytier_service`.
 6. Note that after registering as a service, the program (referring to easytier-core.exe) cannot be modified, deleted, or moved. Otherwise, it needs to be removed for re-registration or modifying the Windows registry.

en/guide/network/network-to-network.md

@@ -0,0 +1,45 @@
+# Network-to-Network
+
+The network topology of network-to-network is shown in the figure below.
+
+```mermaid
+flowchart LR
+
+subgraph Node A
+nodeA[EasyTier\n10.144.144.1]
+end
+
+subgraph Node B
+nodeB[EasyTier\n10.144.144.2]
+end
+
+id1[[10.1.1.0/24]]
+
+id2[[192.168.1.0/24]]
+
+id2 <-.Subnet proxy.-> nodeA <--> nodeB <-.Subnet proxy.-> id1
+
+id2 -.No need for EasyTier to access each other's subnet.-> id1
+
+```
+
+After the network-to-network configuration is successful, devices in the 192.168.1.0/24 subnet can access devices in the 10.1.1.0/24 subnet for mutual communication without installing EasyTier.
+
+To achieve network-to-network, Node A needs to be the gateway of the 192.168.1.0/24 subnet. The startup and configuration parameters for the two EasyTier nodes are as follows:
+
+Node A
+```bash
+# Start EasyTier and proxy the 192.168.1.0/24 subnet, and use a public server to help network
+easytier-core -i 10.144.144.1 -n 192.168.1.0/24 -p tcp://public.easytier.top:11010 --network-name n2n_test
+
+# Allow the gateway to forward traffic and configure the firewall to allow forwarding traffic
+sysctl -w net.ipv4.ip_forward=1
+iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
+iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
+```
+
+Node B
+```bash 
+# Start EasyTier and proxy the 10.1.1.0/24 subnet, and use a public server to help network 
+easytier-core -i 10.144.144.2 -n 10.1.1.0/24 -p tcp://public.easytier.top:11010 --network-name n2n_test $ 
+```

en/guide/network/networking-without-public-ip.md

@@ -2,20 +2,24 @@
 
 EasyTier supports networking using shared public nodes. The currently deployed shared public node is
 
-`tcp://easytier.public.kkrainbow.top:11010`
+`tcp://public.easytier.top:11010`
 
 When using shared nodes, each node entering the network needs to provide the same `--network-name` and `--network-secret` parameters as the unique identifier of the network.
 
 Taking two nodes as an example, Node A executes:
 
 ```sh
-sudo easytier-core -i 10.144.144.1 --network-name abc --network-secret abc -e tcp://easytier.public.kkrainbow.top:11010
+sudo easytier-core -i 10.144.144.1 --network-name abc --network-secret abc -p tcp://public.easytier.top:11010
 ```
 
 Node B executes
 
 ```sh
-sudo easytier-core --ipv4 10.144.144.2 --network-name abc --network-secret abc -e tcp://easytier.public.kkrainbow.top:11010
+sudo easytier-core --ipv4 10.144.144.2 --network-name abc --network-secret abc -p tcp://public.easytier.top:11010
 ```
 
 After the command is successfully executed, Node A can access Node B through the virtual IP 10.144.144.2.
+
+`--ipv4 x.x.x.x` can be replaced with `-d` to enable the DHCP function, allowing EasyTier to automatically assign the node's IP address based on other existing virtual IPs within the virtual network.
+
+Nodes can connect to multiple public servers, and even if one public server fails, nodes can still communicate using other active public servers. Simply specify multiple `-p` parameters, such as: `-p tcp://1.1.1.1:11010 -p udp://1.1.1.2:11011`. It is important to note that each node in the virtual network must specify the same list of public servers; otherwise, proper networking may not be achieved.

en/guide/network/no-root.md

@@ -0,0 +1,7 @@
+# No TUN Mode (No Root Permission Required)
+
+Since creating a TUN device requires ROOT permission, EasyTier also provides a method of use that does not depend on TUN for environments where ROOT permission cannot be obtained. Simply add the `--no-tun` parameter when starting EasyTier.
+
+When networking in No TUN mode, nodes can be accessed via virtual IPs (supporting TCP, UDP, and ICMP), and can also act as subnet proxies (using the -n parameter). However, they cannot initiate visits to other nodes.
+
+To actively access other nodes in No TUN mode, you can use EasyTier's [SOCKS5 server functionality](/en/guide/network/socks5).

en/guide/network/point-to-networking.md

@@ -27,7 +27,7 @@ sudo easytier-core --ipv4 10.144.144.2 -n 10.1.1.0/24
 
 Subnet proxy information will automatically sync to each node in the virtual network, and each node will automatically configure the corresponding route. Node A can check whether the subnet proxy is effective through the following command.
 
-1. Check whether the routing information has beensynchronized, the proxy_cidrs column shows the proxied subnets.
+1. Check whether the routing information has been synchronized, the proxy_cidrs column shows the proxied subnets.
 
    ```sh
    easytier-cli route
@@ -43,4 +43,18 @@ Subnet proxy information will automatically sync to each node in the virtual net
    ping 10.1.1.2
    ```
 
+## Manually Specifying Routes
+
+By default, when a node in the virtual network is configured with a subnet proxy, the subnet proxy's segment is synchronized to all nodes within the virtual network, and a route is automatically generated to handle packets destined for these segments via the virtual network.
+
+This simplifies networking in most cases, but in some scenarios, users may not want EasyTier to automatically configure routes on the node. Users can manually configure the traffic that needs to be forwarded to the virtual network using the `--manual-routes` parameter.
+
+After using `--manual-routes`, only the segments configured with this parameter will enter the virtual network. If the list after this parameter is empty, EasyTier will not process any traffic for non-virtual network segments.
+
+## Firewall
+
+Since proxy traffic requires the use of the system's network stack, the subnet proxy needs to disable the firewall on the virtual network card (this applies to both Linux and Windows).
+
+If it is not possible to disable the firewall, you can try using the user-space network stack for the subnet proxy, which can eliminate the need to configure the firewall. Simply add the `--use-smoltcp` parameter when starting EasyTier.
+
 ---

en/guide/network/socks5.md

@@ -0,0 +1,5 @@
+# SOCKS5
+
+EasyTier supports the creation of a SOCKS5 server, allowing other programs on the node to access the virtual network and other proxy subnets within the virtual network by setting their proxy to the EasyTier SOCKS5 service.
+
+The parameter to start the SOCKS5 service is `--socks5 12333`. By adding this parameter to the easytier-core startup command, the local port 12333 can serve SOCKS5 clients. Currently, the SOCKS5 server does not require username and password authentication and can be used directly.