diff --git a/README.md b/README.md
index 1ec1d361..b1ea9ac4 100644
--- a/README.md
+++ b/README.md
@@ -8,27 +8,29 @@
-一个简单的组网工具.
+A simple networking tool.
-## 如何使用
+**[中文文档](docs/README.zh-CN.md)**
-- [安装 Windows 客户端](https://docs.canets.org/install-client-for-windows)
-- [安装 macOS 客户端](https://docs.canets.org/install-client-for-macos)
-- [安装 Linux 客户端](https://docs.canets.org/install-client-for-linux)
-- [部署 Web 服务端](https://docs.canets.org/deploy-web-server)
-- [部署 CLI 服务端](https://docs.canets.org/deploy-cli-server)
-- [使用社区服务器](https://docs.canets.org/use-the-community-server)
-- [多局域网组网](https://docs.canets.org/software-defined-wide-area-network)
+## How to Use
-## 相关项目
+- [Install Windows Client](docs/install-client-for-windows.md)
+- [Install macOS Client](docs/install-client-for-macos.md)
+- [Install Linux Client](docs/install-client-for-linux.md)
+- [Deploy Web Server](docs/deploy-web-server.md)
+- [Deploy CLI Server](docs/deploy-cli-server.md)
+- [Use Community Server](docs/use-the-community-server.md)
+- [Multi-LAN Networking](docs/software-defined-wide-area-network.md)
-- [Cacao](https://github.com/lanthora/cacao): WebUI 版的 Candy 服务器
-- [Cake](https://github.com/lanthora/cake): Qt 实现的 Candy GUI 桌面应用程序
-- [Candy Android](https://github.com/Jercrox/Candy_Android_Client): Android 客户端
-- [EasyTier](https://github.com/EasyTier/EasyTier): 一个简单、安全、去中心化的内网穿透 VPN 组网方案,使用 Rust 语言和 Tokio 框架实现
-- [candygo](https://github.com/SoraKasvgano/candygo): 一个简单的与candy原项目配置文件兼容的go版本
+## Related Projects
-## 交流群
+- [Cacao](https://github.com/lanthora/cacao): WebUI version of Candy server
+- [Cake](https://github.com/lanthora/cake): Qt-based Candy GUI desktop application
+- [Candy Android](https://github.com/Jercrox/Candy_Android_Client): Android client
+- [EasyTier](https://github.com/EasyTier/EasyTier): A simple, secure, decentralized NAT traversal VPN networking solution implemented in Rust using Tokio framework
+- [candygo](https://github.com/SoraKasvgano/candygo): A simple Go version compatible with candy project configuration files
+
+## Community
- QQ: 768305206
- TG: [Click to Join](https://t.me/CandyUserGroup)
diff --git a/candy-service/README.md b/candy-service/README.md
index 8960a61c..44c1b17d 100644
--- a/candy-service/README.md
+++ b/candy-service/README.md
@@ -1,34 +1,36 @@
# candy-service
-Candy 客户端的另一个实现.
+**[中文文档](README.zh-CN.md)**
-- **无状态**: 进程本身不持久化任何数据, 进程重启后数据丢失,需要外部维护网络配置信息
-- **API 交互**: 对外提供 HTTP API 交互接口,可以远程控制和访问
+Another implementation of the Candy client.
+
+- **Stateless**: The process itself does not persist any data. Data is lost after process restart and requires external maintenance of network configuration information
+- **API Interaction**: Provides HTTP API interaction interface externally, enabling remote control and access
## API
-### 帮助
+### Help
-Linux
+Linux:
```bash
candy-service --help
```
-Windows
-
+Windows:
+
```bat
candy-service /help
```
-请求响应中的 **id** 用于标识网络连接, 通过不同标识可以同时加入多个网络, 这个标识用于查看状态和关闭网络.
+The **id** in the request response is used to identify the network connection. Different identifiers can be used to join multiple networks simultaneously. This identifier is used to view status and close networks.
### Run
-启动参数的含义与[配置文件](../candy.cfg)相同,此外还有两个额外的配置项.
+The meaning of startup parameters is the same as the [configuration file](../candy.cfg), with two additional configuration items:
-- vmac: 用于标识唯一设备,当同一网络中有两台不同 vmac 的设备申请相同 IP 地址时, 后者会报告 IP 冲突. 为 16 个字符的随机数字字母字符串, 需要持久化存储, 建议在首次启动进程时生成.
-- expt: 期望使用的 IP 地址, 这个参数用于实现有优先分配曾经使用过的地址, 由客户端主动向服务器报告, 可以为空. 建议由服务端随机分配地址的情况下, 通过 `/api/status` 查看分配的地址并保存, 下次连接时携带这个地址.
+- **vmac**: Used to identify a unique device. When two devices with different vmac in the same network apply for the same IP address, the latter will report an IP conflict. It is a 16-character random alphanumeric string that needs to be persisted. It is recommended to generate it when starting the process for the first time.
+- **expt**: The expected IP address to use. This parameter is used to implement priority allocation of previously used addresses. It is actively reported to the server by the client and can be empty. It is recommended that when the server randomly assigns an address, view the assigned address through `/api/status` and save it, and carry this address when connecting next time.
`POST /api/run`
@@ -53,10 +55,12 @@ candy-service /help
}
```
+Response:
+
```json
{
- "id": "test",
- "message": "success"
+ "id": "test",
+ "message": "success"
}
```
@@ -70,6 +74,8 @@ candy-service /help
}
```
+Response:
+
```json
{
"id": "test",
@@ -90,9 +96,11 @@ candy-service /help
}
```
+Response:
+
```json
{
- "id": "test",
- "message": "success"
+ "id": "test",
+ "message": "success"
}
```
diff --git a/candy-service/README.zh-CN.md b/candy-service/README.zh-CN.md
new file mode 100644
index 00000000..3819622a
--- /dev/null
+++ b/candy-service/README.zh-CN.md
@@ -0,0 +1,100 @@
+# candy-service
+
+**[English](README.md)**
+
+Candy 客户端的另一个实现.
+
+- **无状态**: 进程本身不持久化任何数据, 进程重启后数据丢失,需要外部维护网络配置信息
+- **API 交互**: 对外提供 HTTP API 交互接口,可以远程控制和访问
+
+## API
+
+### 帮助
+
+Linux
+
+```bash
+candy-service --help
+```
+
+Windows
+
+```bat
+candy-service /help
+```
+
+请求响应中的 **id** 用于标识网络连接, 通过不同标识可以同时加入多个网络, 这个标识用于查看状态和关闭网络.
+
+### Run
+
+启动参数的含义与[配置文件](../candy.cfg)相同,此外还有两个额外的配置项.
+
+- vmac: 用于标识唯一设备,当同一网络中有两台不同 vmac 的设备申请相同 IP 地址时, 后者会报告 IP 冲突. 为 16 个字符的随机数字字母字符串, 需要持久化存储, 建议在首次启动进程时生成.
+- expt: 期望使用的 IP 地址, 这个参数用于实现有优先分配曾经使用过的地址, 由客户端主动向服务器报告, 可以为空. 建议由服务端随机分配地址的情况下, 通过 `/api/status` 查看分配的地址并保存, 下次连接时携带这个地址.
+
+`POST /api/run`
+
+```json
+{
+ "id": "test",
+ "config": {
+ "mode": "client",
+ "websocket": "wss://canets.org",
+ "password": "",
+ "name": "",
+ "tun": "",
+ "stun": "stun://stun.canets.org",
+ "discovery": 300,
+ "route": 5,
+ "port": 0,
+ "localhost": "",
+ "mtu": 1400,
+ "expt": "",
+ "vmac": "16-char rand str"
+ }
+}
+```
+
+```json
+{
+ "id": "test",
+ "message": "success"
+}
+```
+
+### Status
+
+`POST /api/status`
+
+```json
+{
+ "id": "test"
+}
+```
+
+```json
+{
+ "id": "test",
+ "message": "success",
+ "status": {
+ "address": "192.168.202.1/24"
+ }
+}
+```
+
+### Shutdown
+
+`POST /api/shutdown`
+
+```json
+{
+ "id": "test"
+}
+```
+
+```json
+{
+ "id": "test",
+ "message": "success"
+}
+```
diff --git a/docs/README.zh-CN.md b/docs/README.zh-CN.md
new file mode 100644
index 00000000..8b252610
--- /dev/null
+++ b/docs/README.zh-CN.md
@@ -0,0 +1,36 @@
+# Candy
+
+
+
+
+
+
+
+
+
+一个简单的组网工具.
+
+**[English](../README.md)**
+
+## 如何使用
+
+- [安装 Windows 客户端](install-client-for-windows.zh-CN.md)
+- [安装 macOS 客户端](install-client-for-macos.zh-CN.md)
+- [安装 Linux 客户端](install-client-for-linux.zh-CN.md)
+- [部署 Web 服务端](deploy-web-server.zh-CN.md)
+- [部署 CLI 服务端](deploy-cli-server.zh-CN.md)
+- [使用社区服务器](use-the-community-server.zh-CN.md)
+- [多局域网组网](software-defined-wide-area-network.zh-CN.md)
+
+## 相关项目
+
+- [Cacao](https://github.com/lanthora/cacao): WebUI 版的 Candy 服务器
+- [Cake](https://github.com/lanthora/cake): Qt 实现的 Candy GUI 桌面应用程序
+- [Candy Android](https://github.com/Jercrox/Candy_Android_Client): Android 客户端
+- [EasyTier](https://github.com/EasyTier/EasyTier): 一个简单、安全、去中心化的内网穿透 VPN 组网方案,使用 Rust 语言和 Tokio 框架实现
+- [candygo](https://github.com/SoraKasvgano/candygo): 一个简单的与candy原项目配置文件兼容的go版本
+
+## 交流群
+
+- QQ: 768305206
+- TG: [Click to Join](https://t.me/CandyUserGroup)
diff --git a/docs/deploy-cli-server.md b/docs/deploy-cli-server.md
index ab50149b..169e2699 100644
--- a/docs/deploy-cli-server.md
+++ b/docs/deploy-cli-server.md
@@ -1,5 +1,7 @@
-# 部署 CLI 服务端
+# Deploy CLI Server
-根据帮助信息 `candy --help` 和配置文件描述部署.
+**[中文文档](deploy-cli-server.zh-CN.md)**
-非专业用户请[部署 Web 服务端](https://docs.canets.org/deploy-web-server).
+Deploy according to the help information `candy --help` and configuration file description.
+
+Non-professional users should [deploy the web server](deploy-web-server.md).
diff --git a/docs/deploy-cli-server.zh-CN.md b/docs/deploy-cli-server.zh-CN.md
new file mode 100644
index 00000000..5c65143c
--- /dev/null
+++ b/docs/deploy-cli-server.zh-CN.md
@@ -0,0 +1,7 @@
+# 部署 CLI 服务端
+
+**[English](deploy-cli-server.md)**
+
+根据帮助信息 `candy --help` 和配置文件描述部署.
+
+非专业用户请[部署 Web 服务端](deploy-web-server.zh-CN.md).
diff --git a/docs/deploy-web-server.md b/docs/deploy-web-server.md
index ffd8828a..8bda29b4 100644
--- a/docs/deploy-web-server.md
+++ b/docs/deploy-web-server.md
@@ -1,54 +1,56 @@
-# 部署 Web 服务端
+# Deploy Web Server
-## 前置条件
+**[中文文档](deploy-web-server.zh-CN.md)**
-知道如何部署 Web 服务,并能够申请证书后对外提供 HTTPS 服务.
+## Prerequisites
-否则使用明文传输将导致数据泄漏,存在安全隐患.此时建议使用社区服务器构建私有网络.
+Know how to deploy web services and obtain certificates to provide HTTPS services externally.
-## 一键部署服务端
+Otherwise, using plaintext transmission will lead to data leakage and security risks. In this case, it is recommended to use the community server to build a private network.
+
+## One-Click Server Deployment
```bash
docker run --name=cacao --detach --volume /var/lib/cacao:/var/lib/cacao --publish 8080:80 docker.io/lanthora/cacao:latest
```
-## 使用
+## Usage
-假设你的域名为 `example.com`, 此时通过 `https://example.com` 应该能够正常访问服务.如果不是 `https` 请回到最开始解决前置条件.
+Assume your domain is `example.com`. At this point, you should be able to access the service normally via `https://example.com`. If it's not `https`, please go back to the beginning and solve the prerequisites.
-服务器启动后的第一个注册用户默认被设置为管理员.管理员无法创建网络,且无权查看其他用户的网络.
+The first registered user after the server starts is set as administrator by default. Administrators cannot create networks and have no permission to view other users' networks.
-管理员配置页面,能够配置是否允许注册,以及允许注册时的注册间隔(避免脚本小子刷注册用户).同时可以配置自动清理不活跃用户.
+The administrator configuration page allows you to configure whether registration is allowed, and the registration interval when registration is allowed (to avoid script kiddies flooding registration users). You can also configure automatic cleanup of inactive users.
-### 单网络模式
+### Single Network Mode
-在不允许注册时,管理员可以手动添加用户.其中名为 @ 的用户是一个特殊用户,这个用户只能创建一个名为 @ 的网络.用户名和网络名的作用在后面说明.先创建这个用户.
+When registration is not allowed, administrators can manually add users. Among them, the user named `@` is a special user who can only create a network named `@`. The role of username and network name will be explained later. First, create this user.
-退出管理员,并以 @ 用户登录.此时已经默认添加了 @ 网络.默认网络生成了随机密码 `ZrhaUcz1`
+Log out as administrator and log in as the `@` user. At this point, the `@` network has been added by default. The default network generated a random password `ZrhaUcz1`.
-此时连接这个网络的客户端仅需要修改以下配置:
+At this point, clients connecting to this network only need to modify the following configuration:
```cfg
websocket = "wss://example.com"
password = "ZrhaUcz1"
```
-除非你知道自己在做什么,否则请不要修改任何其他配置项.
+Unless you know what you're doing, please do not modify any other configuration items.
-### 多用户多网络模式
+### Multi-User Multi-Network Mode
-如果只是创建一个网络,单网络模式已经足够了.如果要允许多个用户使用,且每个用户可以创建多个网络.则可以使用多用户多网络模式.
+If you just want to create one network, single network mode is sufficient. If you want to allow multiple users to use it, and each user can create multiple networks, you can use multi-user multi-network mode.
-假设由管理员创建或自行注册的普通用户名为 `${username}`, 这个用户拥有的一个网络名是 `${netname}`,那么客户端对应的配置仅需要修改为:
+Assume a normal user created by the administrator or self-registered is named `${username}`, and this user has a network named `${netname}`, then the corresponding client configuration only needs to be modified to:
```cfg
websocket = "wss://example.com/${username}/${netname}"
```
-当用户名或者网络名为 @ 时,在客户端的配置中需要留空.当用户名和网络名都为空时,就是所谓的单网络模式
+When the username or network name is `@`, it needs to be left blank in the client configuration. When both username and network name are blank, it is the so-called single network mode.
diff --git a/docs/deploy-web-server.zh-CN.md b/docs/deploy-web-server.zh-CN.md
new file mode 100644
index 00000000..71d3cc0a
--- /dev/null
+++ b/docs/deploy-web-server.zh-CN.md
@@ -0,0 +1,56 @@
+# 部署 Web 服务端
+
+**[English](deploy-web-server.md)**
+
+## 前置条件
+
+知道如何部署 Web 服务,并能够申请证书后对外提供 HTTPS 服务.
+
+否则使用明文传输将导致数据泄漏,存在安全隐患.此时建议使用社区服务器构建私有网络.
+
+## 一键部署服务端
+
+```bash
+docker run --name=cacao --detach --volume /var/lib/cacao:/var/lib/cacao --publish 8080:80 docker.io/lanthora/cacao:latest
+```
+
+## 使用
+
+假设你的域名为 `example.com`, 此时通过 `https://example.com` 应该能够正常访问服务.如果不是 `https` 请回到最开始解决前置条件.
+
+服务器启动后的第一个注册用户默认被设置为管理员.管理员无法创建网络,且无权查看其他用户的网络.
+
+管理员配置页面,能够配置是否允许注册,以及允许注册时的注册间隔(避免脚本小子刷注册用户).同时可以配置自动清理不活跃用户.
+
+
+
+### 单网络模式
+
+在不允许注册时,管理员可以手动添加用户.其中名为 @ 的用户是一个特殊用户,这个用户只能创建一个名为 @ 的网络.用户名和网络名的作用在后面说明.先创建这个用户.
+
+
+
+退出管理员,并以 @ 用户登录.此时已经默认添加了 @ 网络.默认网络生成了随机密码 `ZrhaUcz1`
+
+
+
+此时连接这个网络的客户端仅需要修改以下配置:
+
+```cfg
+websocket = "wss://example.com"
+password = "ZrhaUcz1"
+```
+
+除非你知道自己在做什么,否则请不要修改任何其他配置项.
+
+### 多用户多网络模式
+
+如果只是创建一个网络,单网络模式已经足够了.如果要允许多个用户使用,且每个用户可以创建多个网络.则可以使用多用户多网络模式.
+
+假设由管理员创建或自行注册的普通用户名为 `${username}`, 这个用户拥有的一个网络名是 `${netname}`,那么客户端对应的配置仅需要修改为:
+
+```cfg
+websocket = "wss://example.com/${username}/${netname}"
+```
+
+当用户名或者网络名为 @ 时,在客户端的配置中需要留空.当用户名和网络名都为空时,就是所谓的单网络模式
diff --git a/docs/index.md b/docs/index.md
index caf60010..d284eec7 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -8,27 +8,29 @@
-一个高可用,低时延,反审查的组网工具.
+A high-availability, low-latency, censorship-resistant networking tool.
-## 如何使用
+**[中文文档](index.zh-CN.md)**
-- [安装 Windows 客户端](install-client-for-windows)
-- [安装 macOS 客户端](install-client-for-macos)
-- [安装 Linux 客户端](install-client-for-linux)
-- [部署 Web 服务端](deploy-web-server)
-- [部署 CLI 服务端](deploy-cli-server)
-- [使用社区服务器](use-the-community-server)
-- [多局域网组网](software-defined-wide-area-network)
+## How to Use
-## 相关项目
+- [Install Windows Client](install-client-for-windows.md)
+- [Install macOS Client](install-client-for-macos.md)
+- [Install Linux Client](install-client-for-linux.md)
+- [Deploy Web Server](deploy-web-server.md)
+- [Deploy CLI Server](deploy-cli-server.md)
+- [Use Community Server](use-the-community-server.md)
+- [Multi-LAN Networking](software-defined-wide-area-network.md)
-- [Cacao](https://github.com/lanthora/cacao): WebUI 版的 Candy 服务器
-- [Cake](https://github.com/lanthora/cake): Qt 实现的 Candy GUI 桌面应用程序
-- [Candy Android](https://github.com/Jercrox/Candy_Android_Client): Android 客户端
-- [EasyTier](https://github.com/EasyTier/EasyTier): 一个简单、安全、去中心化的内网穿透 VPN 组网方案,使用 Rust 语言和 Tokio 框架实现
-- [candygo](https://github.com/SoraKasvgano/candygo): 一个简单的与candy原项目配置文件兼容的go版本
+## Related Projects
-## 交流群
+- [Cacao](https://github.com/lanthora/cacao): WebUI version of Candy server
+- [Cake](https://github.com/lanthora/cake): Qt-based Candy GUI desktop application
+- [Candy Android](https://github.com/Jercrox/Candy_Android_Client): Android client
+- [EasyTier](https://github.com/EasyTier/EasyTier): A simple, secure, decentralized NAT traversal VPN networking solution implemented in Rust using Tokio framework
+- [candygo](https://github.com/SoraKasvgano/candygo): A simple Go version compatible with candy project configuration files
+
+## Community
- QQ: 768305206
- TG: [Click to Join](https://t.me/CandyUserGroup)
diff --git a/docs/index.zh-CN.md b/docs/index.zh-CN.md
new file mode 100644
index 00000000..7ea6e462
--- /dev/null
+++ b/docs/index.zh-CN.md
@@ -0,0 +1,36 @@
+# Candy
+
+
+
+
+
+
+
+
+
+一个高可用,低时延,反审查的组网工具.
+
+**[English](index.md)**
+
+## 如何使用
+
+- [安装 Windows 客户端](install-client-for-windows.zh-CN.md)
+- [安装 macOS 客户端](install-client-for-macos.zh-CN.md)
+- [安装 Linux 客户端](install-client-for-linux.zh-CN.md)
+- [部署 Web 服务端](deploy-web-server.zh-CN.md)
+- [部署 CLI 服务端](deploy-cli-server.zh-CN.md)
+- [使用社区服务器](use-the-community-server.zh-CN.md)
+- [多局域网组网](software-defined-wide-area-network.zh-CN.md)
+
+## 相关项目
+
+- [Cacao](https://github.com/lanthora/cacao): WebUI 版的 Candy 服务器
+- [Cake](https://github.com/lanthora/cake): Qt 实现的 Candy GUI 桌面应用程序
+- [Candy Android](https://github.com/Jercrox/Candy_Android_Client): Android 客户端
+- [EasyTier](https://github.com/EasyTier/EasyTier): 一个简单、安全、去中心化的内网穿透 VPN 组网方案,使用 Rust 语言和 Tokio 框架实现
+- [candygo](https://github.com/SoraKasvgano/candygo): 一个简单的与candy原项目配置文件兼容的go版本
+
+## 交流群
+
+- QQ: 768305206
+- TG: [Click to Join](https://t.me/CandyUserGroup)
diff --git a/docs/install-client-for-linux.md b/docs/install-client-for-linux.md
index b1003526..154530e8 100644
--- a/docs/install-client-for-linux.md
+++ b/docs/install-client-for-linux.md
@@ -1,33 +1,35 @@
-# 安装 Linux 客户端
+# Install Linux Client
-我们针对不同 Linux 发行版提供了多种格式的安装包.对于暂未支持的发行版,可以选择容器部署或者静态链接的可执行文件.
-我们致力于支持所有架构的 Linux 系统.
+**[中文文档](install-client-for-linux.zh-CN.md)**
+
+We provide installation packages in various formats for different Linux distributions. For distributions not yet supported, you can choose container deployment or statically linked executables.
+We are committed to supporting Linux systems of all architectures.
## Docker
-镜像已上传 [Docker Hub](https://hub.docker.com/r/lanthora/candy) 和 [Github Packages](https://github.com/lanthora/candy/pkgs/container/candy).
+Images have been uploaded to [Docker Hub](https://hub.docker.com/r/lanthora/candy) and [Github Packages](https://github.com/lanthora/candy/pkgs/container/candy).
-获取最新镜像
+Get the latest image:
```bash
docker pull docker.io/lanthora/candy:latest
```
-容器需要管理员权限读取设备创建虚拟网卡并设置路由,同时需要 Host 网络命名空间共享虚拟网卡.
+The container requires administrator privileges to read devices, create virtual network interfaces, and set up routing. It also needs to share the Host network namespace for virtual network interfaces.
-以默认配置文件启动将加入社区网络.指定的参数为 `--rm` 当进程结束时会自动销毁容器,且日志会在控制台输出,这有利于初次运行调试.
+Starting with the default configuration file will join the community network. The specified parameter `--rm` means the container will be automatically destroyed when the process ends, and logs will be output to the console, which is helpful for initial debugging.
```bash
docker run --rm --privileged=true --net=host --volume /var/lib/candy:/var/lib/candy docker.io/lanthora/candy:latest
```
-以自定义配置文件启动.请在[默认配置](https://raw.githubusercontent.com/lanthora/candy/refs/heads/master/candy.cfg)基础上自定义配置文件.
+Start with a custom configuration file. Please customize the configuration file based on the [default configuration](https://raw.githubusercontent.com/lanthora/candy/refs/heads/master/candy.cfg).
```bash
docker run --rm --privileged=true --net=host --volume /var/lib/candy:/var/lib/candy --volume /path/to/candy.cfg:/etc/candy.cfg docker.io/lanthora/candy:latest
```
-一切正常后,以守护进程的形式启动.
+After everything is working properly, start as a daemon process:
```bash
docker run --detach --restart=always --privileged=true --net=host --volume /var/lib/candy:/var/lib/candy --volume /path/to/candy.cfg:/etc/candy.cfg docker.io/lanthora/candy:latest
@@ -35,7 +37,7 @@ docker run --detach --restart=always --privileged=true --net=host --volume /var/
## Arch Linux
-使用 [AUR](https://aur.archlinux.org/packages/candy) 或者 [archlinuxcn](https://github.com/archlinuxcn/repo/tree/master/archlinuxcn/candy) 仓库
+Use [AUR](https://aur.archlinux.org/packages/candy) or [archlinuxcn](https://github.com/archlinuxcn/repo/tree/master/archlinuxcn/candy) repository
```bash
# AUR
@@ -50,13 +52,13 @@ pacman -S candy
emerge --sync gentoo && emerge -av candy
```
-## 单文件可执行程序
+## Standalone Executable
-当上述所有方式都不适用时,尝试[单文件可执行程序](https://github.com/lanthora/candy/releases/latest).
+When none of the above methods work, try the [standalone executable](https://github.com/lanthora/candy/releases/latest).
-该程序由[交叉编译脚本](https://github.com/lanthora/candy/tree/master/scripts/build-standalone.sh)构建.
+This program is built by the [cross-compilation script](https://github.com/lanthora/candy/tree/master/scripts/build-standalone.sh).
-如果你的系统在使用 Systemd 管理进程.请复制以下文件到指定目录.
+If your system uses Systemd for process management, please copy the following files to the specified directories:
```bash
cp candy.service /usr/lib/systemd/system/candy.service
@@ -64,26 +66,26 @@ cp candy@.service /usr/lib/systemd/system/candy@.service
cp candy.cfg /etc/candy.cfg
```
-然后按照后续进程管理的方式管理进程.
+Then manage the process according to the process management section below.
-判断 Systemd 的方法: 检查 `ps -p 1 -o comm=` 输出的内容里是否为 systemd
+To determine if Systemd is being used: check if the output of `ps -p 1 -o comm=` contains "systemd".
-## 进程管理
+## Process Management
-各发行版安装后自带 Service 文件,强烈建议使用 Systemd 管理进程,不要使用自己编写的脚本.
+Each distribution comes with Service files after installation. It is strongly recommended to use Systemd to manage processes rather than your own scripts.
-对于自定义配置的用户,可以通过以下方式启动进程,不要修改默认配置.
+For users with custom configurations, you can start processes in the following way without modifying the default configuration:
```bash
mkdir /etc/candy.d
-# 复制一份默认配置,并修改.文件名为 one.cfg
+# Copy a default configuration and modify it. File name is one.cfg
cp /etc/candy.cfg /etc/candy.d/one.cfg
-# 以 one.cfg 为配置启动进程
+# Start process with one.cfg as configuration
systemctl start candy@one
-# 复制一份默认配置,并修改.文件名为 two.cfg
-# 需要注意不同配置文件中的 name 字段不能重复
+# Copy another default configuration and modify it. File name is two.cfg
+# Note that the name field in different configuration files cannot be duplicated
cp /etc/candy.cfg /etc/candy.d/two.cfg
-# 以 two.cfg 为配置启动进程
+# Start process with two.cfg as configuration
systemctl start candy@two
```
diff --git a/docs/install-client-for-linux.zh-CN.md b/docs/install-client-for-linux.zh-CN.md
new file mode 100644
index 00000000..75c7c959
--- /dev/null
+++ b/docs/install-client-for-linux.zh-CN.md
@@ -0,0 +1,91 @@
+# 安装 Linux 客户端
+
+**[English](install-client-for-linux.md)**
+
+我们针对不同 Linux 发行版提供了多种格式的安装包.对于暂未支持的发行版,可以选择容器部署或者静态链接的可执行文件.
+我们致力于支持所有架构的 Linux 系统.
+
+## Docker
+
+镜像已上传 [Docker Hub](https://hub.docker.com/r/lanthora/candy) 和 [Github Packages](https://github.com/lanthora/candy/pkgs/container/candy).
+
+获取最新镜像
+
+```bash
+docker pull docker.io/lanthora/candy:latest
+```
+
+容器需要管理员权限读取设备创建虚拟网卡并设置路由,同时需要 Host 网络命名空间共享虚拟网卡.
+
+以默认配置文件启动将加入社区网络.指定的参数为 `--rm` 当进程结束时会自动销毁容器,且日志会在控制台输出,这有利于初次运行调试.
+
+```bash
+docker run --rm --privileged=true --net=host --volume /var/lib/candy:/var/lib/candy docker.io/lanthora/candy:latest
+```
+
+以自定义配置文件启动.请在[默认配置](https://raw.githubusercontent.com/lanthora/candy/refs/heads/master/candy.cfg)基础上自定义配置文件.
+
+```bash
+docker run --rm --privileged=true --net=host --volume /var/lib/candy:/var/lib/candy --volume /path/to/candy.cfg:/etc/candy.cfg docker.io/lanthora/candy:latest
+```
+
+一切正常后,以守护进程的形式启动.
+
+```bash
+docker run --detach --restart=always --privileged=true --net=host --volume /var/lib/candy:/var/lib/candy --volume /path/to/candy.cfg:/etc/candy.cfg docker.io/lanthora/candy:latest
+```
+
+## Arch Linux
+
+使用 [AUR](https://aur.archlinux.org/packages/candy) 或者 [archlinuxcn](https://github.com/archlinuxcn/repo/tree/master/archlinuxcn/candy) 仓库
+
+```bash
+# AUR
+paru candy
+# archlinuxcn
+pacman -S candy
+```
+
+## Gentoo
+
+```bash
+emerge --sync gentoo && emerge -av candy
+```
+
+## 单文件可执行程序
+
+当上述所有方式都不适用时,尝试[单文件可执行程序](https://github.com/lanthora/candy/releases/latest).
+
+该程序由[交叉编译脚本](https://github.com/lanthora/candy/tree/master/scripts/build-standalone.sh)构建.
+
+如果你的系统在使用 Systemd 管理进程.请复制以下文件到指定目录.
+
+```bash
+cp candy.service /usr/lib/systemd/system/candy.service
+cp candy@.service /usr/lib/systemd/system/candy@.service
+cp candy.cfg /etc/candy.cfg
+```
+
+然后按照后续进程管理的方式管理进程.
+
+判断 Systemd 的方法: 检查 `ps -p 1 -o comm=` 输出的内容里是否为 systemd
+
+## 进程管理
+
+各发行版安装后自带 Service 文件,强烈建议使用 Systemd 管理进程,不要使用自己编写的脚本.
+
+对于自定义配置的用户,可以通过以下方式启动进程,不要修改默认配置.
+
+```bash
+mkdir /etc/candy.d
+# 复制一份默认配置,并修改.文件名为 one.cfg
+cp /etc/candy.cfg /etc/candy.d/one.cfg
+# 以 one.cfg 为配置启动进程
+systemctl start candy@one
+
+# 复制一份默认配置,并修改.文件名为 two.cfg
+# 需要注意不同配置文件中的 name 字段不能重复
+cp /etc/candy.cfg /etc/candy.d/two.cfg
+# 以 two.cfg 为配置启动进程
+systemctl start candy@two
+```
diff --git a/docs/install-client-for-macos.md b/docs/install-client-for-macos.md
index 8d019d7f..2949dbb7 100644
--- a/docs/install-client-for-macos.md
+++ b/docs/install-client-for-macos.md
@@ -1,38 +1,40 @@
-# 安装 macOS 客户端
+# Install macOS Client
-macOS 客户端通过 [Homebrew](https://brew.sh) 安装并提供服务.
+**[中文文档](install-client-for-macos.zh-CN.md)**
-## 安装 Homebrew
+The macOS client is installed and serviced via [Homebrew](https://brew.sh).
+
+## Install Homebrew
```bash
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
```
-## 添加第三方仓库
+## Add Third-Party Repository
```bash
brew tap lanthora/repo
```
-## 安装 Candy
+## Install Candy
```bash
brew install candy
```
-## 修改配置
+## Modify Configuration
-对于 M 系列处理器,配置文件在 `/opt/homebrew/etc/candy.cfg`, Intel 系列处理器,配置文件在 `/usr/local/etc/candy.cfg`
+For M-series processors, the configuration file is at `/opt/homebrew/etc/candy.cfg`. For Intel series processors, the configuration file is at `/usr/local/etc/candy.cfg`.
-通过以下命令进行测试:
+Test with the following command:
```bash
sudo candy -c /path/to/candy.cfg
```
-## 启动服务
+## Start Service
-测试成功后以服务的形式运行.
+After successful testing, run as a service:
```bash
sudo brew services start lanthora/repo/candy
diff --git a/docs/install-client-for-macos.zh-CN.md b/docs/install-client-for-macos.zh-CN.md
new file mode 100644
index 00000000..f292867d
--- /dev/null
+++ b/docs/install-client-for-macos.zh-CN.md
@@ -0,0 +1,41 @@
+# 安装 macOS 客户端
+
+**[English](install-client-for-macos.md)**
+
+macOS 客户端通过 [Homebrew](https://brew.sh) 安装并提供服务.
+
+## 安装 Homebrew
+
+```bash
+/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+```
+
+## 添加第三方仓库
+
+```bash
+brew tap lanthora/repo
+```
+
+## 安装 Candy
+
+```bash
+brew install candy
+```
+
+## 修改配置
+
+对于 M 系列处理器,配置文件在 `/opt/homebrew/etc/candy.cfg`, Intel 系列处理器,配置文件在 `/usr/local/etc/candy.cfg`
+
+通过以下命令进行测试:
+
+```bash
+sudo candy -c /path/to/candy.cfg
+```
+
+## 启动服务
+
+测试成功后以服务的形式运行.
+
+```bash
+sudo brew services start lanthora/repo/candy
+```
diff --git a/docs/install-client-for-windows.md b/docs/install-client-for-windows.md
index 41cce81a..3c234c92 100644
--- a/docs/install-client-for-windows.md
+++ b/docs/install-client-for-windows.md
@@ -1,19 +1,21 @@
-# 安装 Windows 客户端
+# Install Windows Client
-## 图形用户界面
+**[中文文档](install-client-for-windows.zh-CN.md)**
-对于 Windows 10 及以上的用户,请使用[图形界面版本](https://github.com/lanthora/cake/releases/latest).此版本支持同时配置多个网络.
+## Graphical User Interface
-在没有任何配置时,点击 "文件" => "新建" 将填充默认配置,点击 "保存" 后配置生效,客户端此时才开始连接服务端.
+For Windows 10 and above users, please use the [graphical interface version](https://github.com/lanthora/cake/releases/latest). This version supports configuring multiple networks simultaneously.
-图形界面的配置与[默认配置](https://raw.githubusercontent.com/lanthora/candy/refs/heads/master/candy.cfg)对应.
+When there is no configuration, click "File" => "New" to populate the default configuration. After clicking "Save", the configuration takes effect and the client starts connecting to the server.
-日志保存在 `C:/ProgramData/Cake/logs`, 反馈 Windows 相关问题请带着日志和配置截图.
+The GUI configuration corresponds to the [default configuration](https://raw.githubusercontent.com/lanthora/candy/refs/heads/master/candy.cfg).
+
+Logs are saved in `C:/ProgramData/Cake/logs`. When reporting Windows-related issues, please include logs and configuration screenshots.
-## 命令行
+## Command Line
-使用命令行版本请自行解决遇到的任何问题,我们不对 Windows 命令行提供任何技术支持.
+If you use the command-line version, please solve any problems you encounter on your own. We do not provide any technical support for the Windows command line.
-Windows 7 用户只能使用[命令行版本](https://github.com/lanthora/candy/releases/latest)
+Windows 7 users can only use the [command-line version](https://github.com/lanthora/candy/releases/latest).
diff --git a/docs/install-client-for-windows.zh-CN.md b/docs/install-client-for-windows.zh-CN.md
new file mode 100644
index 00000000..90f9b2cc
--- /dev/null
+++ b/docs/install-client-for-windows.zh-CN.md
@@ -0,0 +1,21 @@
+# 安装 Windows 客户端
+
+**[English](install-client-for-windows.md)**
+
+## 图形用户界面
+
+对于 Windows 10 及以上的用户,请使用[图形界面版本](https://github.com/lanthora/cake/releases/latest).此版本支持同时配置多个网络.
+
+在没有任何配置时,点击 "文件" => "新建" 将填充默认配置,点击 "保存" 后配置生效,客户端此时才开始连接服务端.
+
+图形界面的配置与[默认配置](https://raw.githubusercontent.com/lanthora/candy/refs/heads/master/candy.cfg)对应.
+
+日志保存在 `C:/ProgramData/Cake/logs`, 反馈 Windows 相关问题请带着日志和配置截图.
+
+
+
+## 命令行
+
+使用命令行版本请自行解决遇到的任何问题,我们不对 Windows 命令行提供任何技术支持.
+
+Windows 7 用户只能使用[命令行版本](https://github.com/lanthora/candy/releases/latest)
diff --git a/docs/software-defined-wide-area-network.md b/docs/software-defined-wide-area-network.md
index 86d26da0..afd278b2 100644
--- a/docs/software-defined-wide-area-network.md
+++ b/docs/software-defined-wide-area-network.md
@@ -1,21 +1,23 @@
-# 多局域网组网
+# Multi-LAN Networking
-## 需求
+**[中文文档](software-defined-wide-area-network.zh-CN.md)**
-在多地有多个局域网时,希望能够让本局域网内的设备通过其他局域网的地址直接访问对方的设备,并且无需在所有设备上部署 Candy 客户端.
+## Requirements
-## 示例
+When there are multiple local area networks in multiple locations, we want devices in one LAN to directly access devices in other LANs through their addresses, without deploying Candy clients on all devices.
-首先你需要:
+## Example
-- 有一个独立的网络.可以自建服务端或者使用社区服务器
-- 在网关 (Gateway) 上部署 Candy 并成功加入自己创建的网络
+First, you need:
-以 LAN A 为例解释表格含义.
+- An independent network (you can build your own server or use the community server)
+- Deploy Candy on the Gateway and successfully join the network you created
-- 局域网 (Network) 地址为 `172.16.1.0/24`, 这个地址不能与 B,C 冲突
-- 网关 (Gateway) 可以是路由器,也可以是局域网中任意一台 Linux 系统,但需要能够部署 Candy 客户端,假设它在局域网中的地址是 `172.16.1.1`. 通过给局域网中的设备配置路由,确保流量能够进入网关
-- Candy 客户端部署在网关上,它在虚拟网络中的地址是 `192.168.202.1`
+Taking LAN A as an example to explain the table meaning:
+
+- The LAN (Network) address is `172.16.1.0/24`, which cannot conflict with B and C
+- The Gateway can be a router or any Linux system in the LAN, but it needs to be able to deploy the Candy client. Assume its address in the LAN is `172.16.1.1`. By configuring routes for devices in the LAN, ensure traffic can enter the gateway
+- The Candy client is deployed on the gateway, and its address in the virtual network is `192.168.202.1`
| LAN | A | B | C |
| :------ | :------------ | :------------ | :------------ |
@@ -23,36 +25,36 @@
| Gateway | 172.16.1.1 | 172.16.2.1 | 172.16.3.1 |
| Candy | 192.168.202.1 | 192.168.202.2 | 192.168.202.3 |
-当 `172.16.1.0/24` 的设备访问 `172.16.2.0/24` 的设备时,希望流量可以通过以下方式送达:
+When devices in `172.16.1.0/24` access devices in `172.16.2.0/24`, we want traffic to be delivered in the following way:
```txt
172.16.1.0/24 <=> 172.16.1.1 <=> 192.168.202.1 <=> 192.168.202.2 <=> 172.16.2.1 <=> 172.16.2.0/24
```
-### 流量转发到网关 (172.16.1.0/24 => 172.16.1.1)
+### Forward Traffic to Gateway (172.16.1.0/24 => 172.16.1.1)
-如果网关是路由器,不需要任何操作,流量就应该能够进入网关.否则需要在非网关设备上配置流量转发到网关的路由.
+If the gateway is a router, no operation is needed, and traffic should be able to enter the gateway. Otherwise, you need to configure routes on non-gateway devices to forward traffic to the gateway.
-给 172.16.1.0/24 的设备配置路由:
+Configure routes for devices in 172.16.1.0/24:
- dst: 172.16.2.0/24; gw: 172.16.1.1
- dst: 172.16.3.0/24; gw: 172.16.1.1
-需要用同样的方式给另外两个局域网做配置.
+You need to configure the other two LANs in the same way.
-### 允许网关转发流量 (172.16.1.1 <=> 192.168.202.1)
+### Allow Gateway to Forward Traffic (172.16.1.1 <=> 192.168.202.1)
#### Linux
-如果你的网关是路由器,应该能够轻易的配置出允许转发.否则需要手动添加转发相关的配置.
+If your gateway is a router, you should be able to easily configure it to allow forwarding. Otherwise, you need to manually add forwarding-related configurations.
-开启内核流量转发功能
+Enable kernel traffic forwarding:
```bash
sysctl -w net.ipv4.ip_forward=1
```
-开启动态伪装并接受转发报文.
+Enable dynamic masquerading and accept forwarded packets:
```bash
iptables -t nat -A POSTROUTING -j MASQUERADE
@@ -61,13 +63,13 @@ iptables -A FORWARD -j ACCEPT
#### Windows
-查看的网卡名,应该与配置文件中写的名称相同,对于 GUI 版本客户端的默认配置网卡名应该为 `candy`
+Check the network adapter name. It should be the same as written in the configuration file. For the GUI version client, the default configuration network adapter name should be `candy`.
```ps
Get-NetAdapter
```
-允许转发,注意要把网卡名替换成上一步查出来的网卡名
+Allow forwarding. Note that you need to replace the network adapter name with the one found in the previous step:
```ps
Set-NetIPInterface -ifAlias 'candy' -Forwarding Enabled
@@ -75,48 +77,49 @@ Set-NetIPInterface -ifAlias 'candy' -Forwarding Enabled
#### macOS
-应该不会有人拿 macOS 做网关吧, Windows 应该都没有多少人,有需要再补充这部分文档
+Surely no one would use macOS as a gateway, right? There aren't many Windows users either. Documentation will be added if there's a need.
+
+### Create Virtual Link (172.16.1.0/24 <=> 172.16.2.0/24)
-### 创建虚拟链路 (172.16.1.0/24 <=> 172.16.2.0/24)
+All Candy clients `192.168.202.0/24` receiving IP packets destined for `172.16.1.0/24` will forward them to `192.168.202.1`.
-所有 Candy 客户端 `192.168.202.0/24` 收到发往 `172.16.1.0/24` 的 IP 报文时,将其转发到 `192.168.202.1`;
-所有 Candy 客户端 `192.168.202.0/24` 收到发往 `172.16.2.0/24` 的 IP 报文时,将其转发到 `192.168.202.2`;
-所有 Candy 客户端 `192.168.202.0/24` 收到发往 `172.16.3.0/24` 的 IP 报文时,将其转发到 `192.168.202.3`;
+All Candy clients `192.168.202.0/24` receiving IP packets destined for `172.16.2.0/24` will forward them to `192.168.202.2`.
-策略会发下给属于 `192.168.202.0/24` 网络的客户端,上面的配置下发给了虚拟网络中的所有设备,能够满足大部分用户场景.
+All Candy clients `192.168.202.0/24` receiving IP packets destined for `172.16.3.0/24` will forward them to `192.168.202.3`.
-此外支持更细粒度的控制供用户选择,例如 `192.168.202.1/32` 就表示仅把路由策略下发给 `192.168.202.1` 这台设备.
+The policy will be distributed to clients belonging to the `192.168.202.0/24` network. The above configuration is distributed to all devices in the virtual network, which can satisfy most user scenarios.
-#### Cacao 配置
+Additionally, more fine-grained control is supported for users to choose from. For example, `192.168.202.1/32` means only distributing routing policies to the device `192.168.202.1`.
-如果你在使用 Cacao 服务端(例如社区服务端),配置如下.
+#### Cacao Configuration
+
+If you are using the Cacao server (for example, the community server), configure as follows:
-#### Candy 配置
+#### Candy Configuration
-如果你在使用命令行版本的 Candy 服务端,等效配置如下.
+If you are using the command-line version of the Candy server, the equivalent configuration is as follows:
```ini
sdwan = "192.168.202.0/24,172.16.1.0/24,192.168.202.1;192.168.202.0/24,172.16.2.0/24,192.168.202.2;192.168.202.0/24,172.16.3.0/24,192.168.202.3;"
```
-### 测试
-
-此时局域网设备之间应当可以相互 ping 通.
+### Test
-## 常见问题
+At this point, devices in the LAN should be able to ping each other.
-### 能 ping 通网关,但 ping 不通网关下的目标设备
+## FAQ
-- 检查 iptables 配置的动态伪装是否生效.如果生效,抓包可以看到发往目标设备的源地址已经改成了网关地址
-- 检查目标设备防火墙.例如 Windows 系统防火墙默认禁止 ping, 此时直接尝试访问 Windows 提供出的服务,例如远程桌面, SSH, Web 服务等
+### Can ping gateway, but cannot ping target device behind gateway
-### 能 ping 通目标设备,但不能访问服务
+- Check whether the dynamic masquerading configured by iptables is effective. If effective, packet capture can show that the source address sent to the target device has been changed to the gateway address
+- Check the target device firewall. For example, Windows system firewall prohibits ping by default. In this case, try to directly access services provided by Windows, such as Remote Desktop, SSH, Web services, etc.
-- 检查 iptables 配置的动态伪装是否生效.动态伪装不生效的情况下,某种路由配置规则也可以实现 ping 通目标设备,但是防火墙会拦截对应报文.
+### Can ping target device, but cannot access service
-### 关于源进源出
+- Check whether the dynamic masquerading configured by iptables is effective. When dynamic masquerading is not effective, certain routing configuration rules can also achieve ping to the target device, but the firewall will intercept corresponding packets.
-通过合理的路由配置和对防火墙策略的调整,在不使用动态伪装的情况下,可以做到在目标设备看到请求的真实源地址.想要达成这个效果需要有足够的计算机网络知识储备,请自行探索.
+### About Source-Based Routing
+Through reasonable routing configuration and adjustment of firewall policies, without using dynamic masquerading, it is possible to see the real source address of the request on the target device. To achieve this effect, you need sufficient computer network knowledge. Please explore on your own.
diff --git a/docs/software-defined-wide-area-network.zh-CN.md b/docs/software-defined-wide-area-network.zh-CN.md
new file mode 100644
index 00000000..2aee564e
--- /dev/null
+++ b/docs/software-defined-wide-area-network.zh-CN.md
@@ -0,0 +1,123 @@
+# 多局域网组网
+
+**[English](software-defined-wide-area-network.md)**
+
+## 需求
+
+在多地有多个局域网时,希望能够让本局域网内的设备通过其他局域网的地址直接访问对方的设备,并且无需在所有设备上部署 Candy 客户端.
+
+## 示例
+
+首先你需要:
+
+- 有一个独立的网络.可以自建服务端或者使用社区服务器
+- 在网关 (Gateway) 上部署 Candy 并成功加入自己创建的网络
+
+以 LAN A 为例解释表格含义.
+
+- 局域网 (Network) 地址为 `172.16.1.0/24`, 这个地址不能与 B,C 冲突
+- 网关 (Gateway) 可以是路由器,也可以是局域网中任意一台 Linux 系统,但需要能够部署 Candy 客户端,假设它在局域网中的地址是 `172.16.1.1`. 通过给局域网中的设备配置路由,确保流量能够进入网关
+- Candy 客户端部署在网关上,它在虚拟网络中的地址是 `192.168.202.1`
+
+| LAN | A | B | C |
+| :------ | :------------ | :------------ | :------------ |
+| Network | 172.16.1.0/24 | 172.16.2.0/24 | 172.16.3.0/24 |
+| Gateway | 172.16.1.1 | 172.16.2.1 | 172.16.3.1 |
+| Candy | 192.168.202.1 | 192.168.202.2 | 192.168.202.3 |
+
+当 `172.16.1.0/24` 的设备访问 `172.16.2.0/24` 的设备时,希望流量可以通过以下方式送达:
+
+```txt
+172.16.1.0/24 <=> 172.16.1.1 <=> 192.168.202.1 <=> 192.168.202.2 <=> 172.16.2.1 <=> 172.16.2.0/24
+```
+
+### 流量转发到网关 (172.16.1.0/24 => 172.16.1.1)
+
+如果网关是路由器,不需要任何操作,流量就应该能够进入网关.否则需要在非网关设备上配置流量转发到网关的路由.
+
+给 172.16.1.0/24 的设备配置路由:
+
+- dst: 172.16.2.0/24; gw: 172.16.1.1
+- dst: 172.16.3.0/24; gw: 172.16.1.1
+
+需要用同样的方式给另外两个局域网做配置.
+
+### 允许网关转发流量 (172.16.1.1 <=> 192.168.202.1)
+
+#### Linux
+
+如果你的网关是路由器,应该能够轻易的配置出允许转发.否则需要手动添加转发相关的配置.
+
+开启内核流量转发功能
+
+```bash
+sysctl -w net.ipv4.ip_forward=1
+```
+
+开启动态伪装并接受转发报文.
+
+```bash
+iptables -t nat -A POSTROUTING -j MASQUERADE
+iptables -A FORWARD -j ACCEPT
+```
+
+#### Windows
+
+查看的网卡名,应该与配置文件中写的名称相同,对于 GUI 版本客户端的默认配置网卡名应该为 `candy`
+
+```ps
+Get-NetAdapter
+```
+
+允许转发,注意要把网卡名替换成上一步查出来的网卡名
+
+```ps
+Set-NetIPInterface -ifAlias 'candy' -Forwarding Enabled
+```
+
+#### macOS
+
+应该不会有人拿 macOS 做网关吧, Windows 应该都没有多少人,有需要再补充这部分文档
+
+### 创建虚拟链路 (172.16.1.0/24 <=> 172.16.2.0/24)
+
+所有 Candy 客户端 `192.168.202.0/24` 收到发往 `172.16.1.0/24` 的 IP 报文时,将其转发到 `192.168.202.1`;
+所有 Candy 客户端 `192.168.202.0/24` 收到发往 `172.16.2.0/24` 的 IP 报文时,将其转发到 `192.168.202.2`;
+所有 Candy 客户端 `192.168.202.0/24` 收到发往 `172.16.3.0/24` 的 IP 报文时,将其转发到 `192.168.202.3`;
+
+策略会发下给属于 `192.168.202.0/24` 网络的客户端,上面的配置下发给了虚拟网络中的所有设备,能够满足大部分用户场景.
+
+此外支持更细粒度的控制供用户选择,例如 `192.168.202.1/32` 就表示仅把路由策略下发给 `192.168.202.1` 这台设备.
+
+#### Cacao 配置
+
+如果你在使用 Cacao 服务端(例如社区服务端),配置如下.
+
+
+
+#### Candy 配置
+
+如果在使用命令行版本的 Candy 服务端,等效配置如下.
+
+```ini
+sdwan = "192.168.202.0/24,172.16.1.0/24,192.168.202.1;192.168.202.0/24,172.16.2.0/24,192.168.202.2;192.168.202.0/24,172.16.3.0/24,192.168.202.3;"
+```
+
+### 测试
+
+此时局域网设备之间应当可以相互 ping 通.
+
+## 常见问题
+
+### 能 ping 通网关,但 ping 不通网关下的目标设备
+
+- 检查 iptables 配置的动态伪装是否生效.如果生效,抓包可以看到发往目标设备的源地址已经改成了网关地址
+- 检查目标设备防火墙.例如 Windows 系统防火墙默认禁止 ping, 此时直接尝试访问 Windows 提供出的服务,例如远程桌面, SSH, Web 服务等
+
+### 能 ping 通目标设备,但不能访问服务
+
+- 检查 iptables 配置的动态伪装是否生效.动态伪装不生效的情况下,某种路由配置规则也可以实现 ping 通目标设备,但是防火墙会拦截对应报文.
+
+### 关于源进源出
+
+通过合理的路由配置和对防火墙策略的调整,在不使用动态伪装的情况下,可以做到在目标设备看到请求的真实源地址.想要达成这个效果需要有足够的计算机网络知识储备,请自行探索.
\ No newline at end of file
diff --git a/docs/use-the-community-server.md b/docs/use-the-community-server.md
index 462acb5c..5128ba5c 100644
--- a/docs/use-the-community-server.md
+++ b/docs/use-the-community-server.md
@@ -1,44 +1,51 @@
-# 使用社区服务器
+# Use Community Server
-社区服务器支持用户级别的隔离,同时支持一个用户创建多个网络.
+**[中文文档](use-the-community-server.zh-CN.md)**
-__服务器将定期清理不活跃用户,请确保短期内至少有一台设备连接过服务器,或手动登录过服务器管理页面.__
+The community server supports user-level isolation and supports one user creating multiple networks.
-## 注册
+__The server will periodically clean up inactive users. Please ensure that at least one device has connected to the server in the short term, or manually log in to the server management page.__
-在社区服务器[注册](https://canets.org/register),示例中的用户名为 `username`.
+## Register
+
+Register on the community server [register page](https://canets.org/register). In the example, the username is `username`.
-## 使用默认网络
+## Use Default Network
-查看网络,可以注意到已经有一个名称为 @ 的默认网络,密码是 `ZrhaUcz1`
+View the network and notice that there is already a default network named `@` with password `ZrhaUcz1`.
-连接到这个网络的客户端仅需要修改以下配置,关于配置文件的位置请参考客户端安装的相关文档:
+Clients connecting to this network only need to modify the following configuration. For the location of the configuration file, please refer to the relevant documentation for client installation:
```cfg
websocket = "wss://canets.org/username"
password = "ZrhaUcz1"
```
-## 多个网络
+## Multiple Networks
-点击左上角 `Add` 可以创建多个网络,例如:
+Click `Add` in the upper left corner to create multiple networks, for example:
-这个新网络,网络名为 `netname`, 这会体现到 `websocket` 参数中; 密码为空; 网络范围是 `10.0.0.0/24`; 不允许广播; 且租期为 3 天, 即超过 3 天不活跃的客户端将被自动从网络中移除, 配置为 0 时表示不自动移除.
+This new network has:
+- Network name `netname`, which will be reflected in the `websocket` parameter
+- Empty password
+- Network range `10.0.0.0/24`
+- No broadcast allowed
+- Lease term of 3 days, meaning inactive clients will be automatically removed from the network after more than 3 days. Configuration of 0 means no automatic removal.
-客户端的配置应该为:
+The client configuration should be:
```cfg
websocket = "wss://canets.org/username/netname"
password = ""
```
-如果要给某个客户端指定静态地址 `10.0.0.1/24`, 只需要修改配置中的:
+To assign a static address `10.0.0.1/24` to a specific client, just modify the configuration:
```cfg
tun = "10.0.0.1/24"
diff --git a/docs/use-the-community-server.zh-CN.md b/docs/use-the-community-server.zh-CN.md
new file mode 100644
index 00000000..381a9409
--- /dev/null
+++ b/docs/use-the-community-server.zh-CN.md
@@ -0,0 +1,47 @@
+# 使用社区服务器
+
+**[English](use-the-community-server.md)**
+
+社区服务器支持用户级别的隔离,同时支持一个用户创建多个网络.
+
+__服务器将定期清理不活跃用户,请确保短期内至少有一台设备连接过服务器,或手动登录过服务器管理页面.__
+
+## 注册
+
+在社区服务器[注册](https://canets.org/register),示例中的用户名为 `username`.
+
+
+
+## 使用默认网络
+
+查看网络,可以注意到已经有一个名称为 @ 的默认网络,密码是 `ZrhaUcz1`
+
+
+
+连接到这个网络的客户端仅需要修改以下配置,关于配置文件的位置请参考客户端安装的相关文档:
+
+```cfg
+websocket = "wss://canets.org/username"
+password = "ZrhaUcz1"
+```
+
+## 多个网络
+
+点击左上角 `Add` 可以创建多个网络,例如:
+
+
+
+这个新网络,网络名为 `netname`, 这会体现到 `websocket` 参数中; 密码为空; 网络范围是 `10.0.0.0/24`; 不允许广播; 且租期为 3 天, 即超过 3 天不活跃的客户端将被自动从网络中移除, 配置为 0 时表示不自动移除.
+
+客户端的配置应该为:
+
+```cfg
+websocket = "wss://canets.org/username/netname"
+password = ""
+```
+
+如果要给某个客户端指定静态地址 `10.0.0.1/24`, 只需要修改配置中的:
+
+```cfg
+tun = "10.0.0.1/24"
+```