diff --git a/README.md b/README.md
index c3b6c42..0216c53 100644
--- a/README.md
+++ b/README.md
@@ -8,10 +8,64 @@ This repository configures WireGuard VPN tunnel between a mail server (client) a
 * Mail server can use public static IP
 * Incoming emails and web portal access are forwarded to the client
 
-## Security Considerations
+### Explanation
+
+*   **Server Configuration (`wg0.conf`):**
+
+    *   **PrivateKey**: The server's private key; keep this secure.
+
+    *   **Address**: The VPN interface IP; `10.0.0.1/24` is the server's VPN IP.
+
+    *   **ListenPort**: The port WireGuard listens on; default is `51820`.
+
+    *   **PostUp/PostDown**: Commands executed when the interface is brought up or down:
+
+        *   **Enable IP forwarding** to allow the server to route packets between interfaces.
+
+        *   **Set up NAT (MASQUERADE)** so that VPN clients can access the internet.
+
+        *   **Configure `iptables`** to forward SMTP (port `25`) and HTTP (port `80`) traffic to the client.
+
+*   **Client Configuration (`wg0.conf`):**
+
+    *   **PrivateKey**: The client's private key.
+
+    *   **Address**: The client's VPN IP; `10.0.0.2/24`.
+
+    *   **DNS**: Optional; sets a DNS server for the client.
+
+    *   **PublicKey**: The server's public key.
+
+    *   **Endpoint**: The server's public IP and listening port.
+
+    *   **AllowedIPs**: `0.0.0.0/0` routes all traffic through the VPN.
+
+    *   **PersistentKeepalive**: Prevents the VPN connection from timing out due to NAT devices.
+
+### Additional Considerations
+
+*   **Firewall Rules:**
+
+    *   Ensure that your server's firewall allows UDP traffic on port `51820`.
+
+    *   Adjust `iptables` rules if your external interface is not `eth0`.
+
+*   **Mail Server Configuration:**
+
+    *   The mail server should listen on `10.0.0.2`.
+
+    *   Ensure that any firewall on the client allows incoming SMTP (port `25`) and HTTP (port `80`) traffic.
+
+*   **Multiple Ports:**
+
+    *   If additional ports need to be forwarded, add corresponding `iptables` rules in the `PostUp` section.
+
+*   **Security:**
+
+    *   Keep private keys secure and do not share them.
+
+    *   Regularly update your systems to patch security vulnerabilities.
 
-* Keep private keys secure and do not share them.
-* Regularly update your systems to patch security vulnerabilities.
 
 ## License