diff --git a/README.md b/README.md
index a653c7a2ac017de4346eb0928da2f4ae51d86740..41528dc7eb13df30461ecd1837477e1c85361f22 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,10 @@
 # DHTNet - Lightweight Peer-to-Peer Communication Library
 
-![DHTNet Logo]()
+<!-- ![DHTNet Logo]() -->
 
 DHTNet is a C++17 library designed to serve as a network overlay that provides an IP network abstraction. Its main objective is to establish secure peer-to-peer connections using public-key authentication.
 
-DHTnet allows you to connect with a device simply by knowing its public key and efficiently manages peer discovery and connectivity establishment, including NAT traversal.
+DHTNet allows you to connect with a device simply by knowing its public key and efficiently manages peer discovery and connectivity establishment, including NAT traversal.
 
 ## Features
 
@@ -23,64 +23,6 @@ For detailed information on using DHTNet, consult our documentation:
 
 - [ConnectionManager Wiki](https://docs.jami.net/en_US/developer/jami-concepts/connection-manager.html)
 
-
-## Getting Started using dhtnet package
-
-You can download latest and/or stable builds from https://dhtnet.sfl.io.  
-To install .deb, you can use `apt install dhtnet-xxx.deb`, and .rpm can be installed using `dnf install dhtnet_xxx.rpm`.  
-On fedora, you may require to install EPEL using `dnf install epel-release`.  
-On Redhat / Almalinux, EPEL may also be required, look at each distribution to find the installation command.  
-
-
-### Setup instructions for server:
-
-1. Create a server config and keys using `dhtnet-crtmgr --interactive` (run as root or with sudo is required).
-2. Choose **server** and then use default configuration, or tweak values if you prefer.
-3. If you want to review or edit configuration (to enable verbose mode for exemple), open `/etc/dhtnet/dnc.yaml`.
-4. When ready, turn your server ON using `systemctl start dnc`. You can verify status using `systemctl status dnc`.
-
-Your **server ID** (needed for clients to connect at you) is printed during the `dhtnet-crtmgr` setup, and is printed at start of logs when starting server with `systemctl start dnc`.
-If needed, you can get it anytime using `dhtnet-crtmgr -a -c /etc/dhtnet/id/id-server.crt -p /etc/dhtnet/id/id-server.pem`.
-
-
-### Setup instructions for client:
-
-1. Create a client config and keys using `dhtnet-crtmgr --interactive` (run as your user is preffered).
-2. Choose **client** for the first answer (default)
-3. When asked to use server CA, answer depend on your use case:
-   - If server and client are setup on same host, answer **yes** is possible.
-   - If you are installing only the client, then answer **no**.
-   - If you want to enforce security but server is on different host, answer **no** and change keys later (see `anonymous` below).
-4. Continue using default configuration or by changing values when wanted.
-5. If you want to review or edit configuration (to enable verbose mode for example), open `$HOME/.dnc/config.yml`.
-
-To connect, you can use `dnc -d $HOME/.dnc/config.yml <server ID>`.  
-If you answered **yes** at question about setting up ssh for you, then you can use `ssh <user>@dnc/<server ID>` to reach SSH on server using DNC layer.  
-
-
-### About security and `anonymous` setting:
-
-By default, server allow anyone to establish connection on your server. This is why server don't start by default, and only SSH is allowed.
-In server setting, you will find `anonymous` boolean. If you host a public host, keeping `true` is a good choice, but if only a set of device
-are allowed to connect to your server, then setting `false` is a better security.
-For client, in order to reach a server with `anonymous: false`, it require the client key to be signed by server CA certificate.
-Here is how to do it:
-
-1. Get server CA certificate by going in `/etc/dhtnet/CA/` and copy `ca-server.crt` and `ca-server.pem`.
-2. Generate a key in `MYPATH` using server certificate :`dhtnet-crtmgr -o MYPATH -c ca-server.crt -p ca-server.pem`
-3. Copy the key generated in `MYPATH` in the client folder, for example `$HOME/.dnc/certificate.crt` and `$HOME/.dnc/certificate.pem`
-4. If using a different path than example at step 3, edit `$HOME/.dnc/config.yml` to replace `certificate: MYPATH/certificate.crt` and `privateKey: MYPATH/certificate.pem`.
-
-Don't forget to turn `anonymous` to `false` and restart server to take effect using `systemctl restart dnc`
-
-Another security config is the `authorized_services` configuration on server, associated with `ip` and `port` on client.
-When DNC establish a connection to remote host, it then try to reach `ip:port` **from this remote host**.
-To enable accessing HTTP server running on server host, allow `127.0.0.1:80` on server and use `--port 80` on client for example.
-
-
----
-
-
 ## Getting Started with library
 
 Get started with DHTNet by building and installing the library:
@@ -107,6 +49,11 @@ DHTNet depends on the following libraries:
 
 ## See also
 
+### [DHTNet package](tools/README.md)
+
+The DHTNet package includes binaries for the tools listed below, along with automation scripts designed to simplify the creation of your own dnc server and dnc client.
+The DHTNet package is available for download from the [DHTNet website](https://dhtnet.sfl.io).
+
 ### [Dnc: Distributed nc](tools/dnc/README.md)
 
 dnc is a command-line program that provides network connectivity between peers in a Distributed Hash Table (DHT) network. It allows peers to establish connections with other peers and create a TCP socket on a remote devices, similar to the behavior of the traditional nc utility.
@@ -115,7 +62,6 @@ dnc is a command-line program that provides network connectivity between peers i
 
 dsh is a Distributed Shell command-line program that enables peers to establish connections with other peers in a Distributed Hash Table (DHT) network and execute a binary on the remote target.
 
-
 ### [Dvpn: Distributed VPN](tools/dvpn/README.md)
 
 dvpn is a VPN tool built on the foundation of the DHTNet library. dvpn supports both server and client modes, offering flexibility in deployment sceanrios.
@@ -123,9 +69,8 @@ dvpn is a VPN tool built on the foundation of the DHTNet library. dvpn supports
 ### [Dhtnet-crtmgr:  DHTNet Certificate Manager](tools/dhtnet_crtmgr/README.md)
 dhtnet-crtmgr is a command-line tool designed to manage certificates for the DHTNet network. It provides functionality for generating and signing certificates.
 
-### Using Different Certificates
-
-If the client and server are on the same machine, they should use different certificates for authentication, so make sure to specify different identity file paths for the client and server. This ensures that they use separate certificates.
+**Note**: 
+When using any of the tools mentioned above, ensure that the client and server on the same machine use different certificates for authentication.
 
 ## Report issues
 
diff --git a/tools/README.md b/tools/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..c7fc7b14d0b0432ea475b7deb5c2618ec88cac2e
--- /dev/null
+++ b/tools/README.md
@@ -0,0 +1,90 @@
+# Getting Started using DHTNet package
+
+The `DHTNet` package includes binaries for multiple tools developed using the DHTNet library, along with automation scripts designed to simplify the creation of your own `dnc server` and `dnc client`.
+
+Below, we provide instructions on how to use the `dnc tool` included in the DHTNet package. For more detailed information about the functionality of `dnc`, please refer to [dnc documentation](dnc/README.md) .
+
+## Prerequisites
+You can download latest and/or stable builds from https://dhtnet.sfl.io.  
+To install .deb, you can use `apt install dhtnet-xxx.deb`, and .rpm can be installed using `dnf install dhtnet_xxx.rpm`.  
+On fedora, you may require to install EPEL using `dnf install epel-release`.  
+On Redhat / Almalinux, EPEL may also be required, look at each distribution to find the installation command.  
+
+## Setup instructions for dnc server:
+1. Create a server config and keys using `dhtnet-crtmgr --interactive` (run as root or with sudo is required).
+2. Choose **server** and then use default configuration, or tweak values if you prefer.
+3. If you want to review or edit configuration (to enable verbose mode for exemple), open `/etc/dhtnet/dnc.yaml`.
+4. When ready, turn your server ON using `systemctl start dnc`. You can verify status using `systemctl status dnc`.
+
+Your **server ID** (needed for clients to connect at you) is printed during the `dhtnet-crtmgr` setup, and is printed at start of logs when starting server with `systemctl start dnc`.
+If needed, you can get it anytime using `dhtnet-crtmgr -a -c /etc/dhtnet/id/id-server.crt -p /etc/dhtnet/id/id-server.pem`.
+
+
+## Setup instructions for dnc client:
+
+1. Create a client configuration and keys using `dhtnet-crtmgr --interactive` (preferably run as your user).
+2. Select **client** for the first prompt (default).
+3. When prompted to use the server CA to sign the client keys, choose based on your setup:
+    - If the server and client are on the same host, you can answer **yes**.
+    - If you are setting up only the client, answer **no**.
+    - If the server is on a different host and you want to enforce security, answer **no** and update the keys later (see `anonymous` section below).
+4. Proceed with the default configuration or adjust values as needed.
+5. To review or modify the configuration (e.g., to enable verbose mode), open `$HOME/.dnc/config.yml`.
+
+To connect, you can use `dnc -d $HOME/.dnc/config.yml <server ID>`.  
+If you answered **yes** at question about setting up ssh for you, then you can use `ssh <user>@dnc/<server ID>` to reach SSH on server using dnc layer.  
+
+For exemple:
+```sh
+ssh mypeer@dnc/2f4975e7b11a0908bd400b27130fe9a496d0f415
+```
+
+
+## Security Settings
+
+### `anonymous` setting
+By default, the server allows connections from any client. To modify this behavior, adjust the `anonymous` setting in the server configuration.
+
+The `anonymous` setting is a boolean value that controls access permissions:
+- **`true`** (default): Allows open access to all clients (recommended for public servers).
+- **`false`**: Restricts access to only authorized clients (recommended for secure environments).
+
+#### Configuring Client Access for `anonymous: false`
+When `anonymous` is set to `false`, clients must authenticate using a key signed by the server’s CA certificate. Follow these steps to generate and configure the client key:
+
+1. Retrieve the server's CA certificate:
+   ```bash
+   cd /etc/dhtnet/CA/
+   cp ca-server.crt ca-server.pem ~/client-certificates/
+   ```
+2. Generate a client key in `$HOME/.dnc/` using the server’s certificate:
+   ```bash
+   dhtnet-crtmgr -o `$HOME/.dnc/` -c ~/client-certificates/ca-server.crt -p ~/client-certificates/ca-server.pem
+   ```
+3. If the certificate and key are stored in a different location than `$HOME/.dnc/`, update `$HOME/.dnc/config.yml` accordingly:
+   ```yaml
+   certificate: MYPATH/certificate.crt  
+   privateKey: MYPATH/certificate.pem
+   ```
+---
+
+### `authorized_services` setting
+Another critical security setting is `authorized_services`, which is configured on the server and defines the `ip` and `port` that the client can access.
+
+When the dnc client establishes a connection to a remote dnc server, it attempts to reach `ip:port` **from that remote server**. 
+
+To allow access to an HTTP server running on the server host, for example:
+
+- Allow `127.0.0.1:80` on the server in the configuration file `$HOME/.dnc/config.yml`.
+- On the client, specify the corresponding port using:
+  ```bash
+  --port 80
+  ```
+
+This ensures that only authorized services can be accessed through the connection.
+
+## Restarting the Server
+After making any changes to the security settings, restart the server to apply the updates:
+```bash
+systemctl restart dnc
+```
\ No newline at end of file
diff --git a/tools/dnc/README.md b/tools/dnc/README.md
index 159b86891bd62f95e4191af2015a0ae2466e2af0..fed21ebfbeea791bd38f0eb8a44b4828780dd600 100644
--- a/tools/dnc/README.md
+++ b/tools/dnc/README.md
@@ -49,7 +49,7 @@ Note: If anonymous mode is off, the server's CA must be shared with the client.
 The authorized services `<ip>:<port>` can only be specified in the YAML configuration file. If none are specified, the server will accept all connections.
 
 ## Establishing SSH Connections
-To facilitate SSH connections to a remote device, dnc establishes a DHT network connection followed by socket creation on port 22 by default, assuming an OpenSSH server is operational.
+To facilitate SSH connections to a remote device, dnc client establishes a DHT network connection followed by socket creation request on port 22 by default, assuming an OpenSSH server is operational.
 
 ### Prerequisites
 - **OpenSSH Installation**