diff --git a/.gitignore b/.gitignore
index 66062e3..1f6690d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,12 +3,13 @@
 certs
 acme.d
 
-*.exe
-/telebitd
-/cmd/telebitd/telebitd
 /telebit
 /cmd/telebit/telebit
-/debug
+/telebitd
+/cmd/telebitd/telebitd
+/telebit-relay
+/cmd/telebit-relay/telebit-relay
+*.exe
 
 log.txt
 *.log
diff --git a/README.md b/README.md
index 5cf7b79..d4a638e 100644
--- a/README.md
+++ b/README.md
@@ -33,11 +33,11 @@ tmp $ serve-https -p 8080 -d /tmp --servername hfc.rootprojects.org --agree-tos
 
 ```bash
 # For .env
-TELEBIT_SECRET=abcdef1234567890
+SECRET=abcdef1234567890
 ```
 
 ```bash
-node-tunnel-client $ bin/stunnel.js --locals http://hfc.rootprojects.org:8080,http://test1.hfc.rootprojects.org:8080 --stunneld wss://localhost.rootprojects.org:8443 --secret abcdef1234567890
+node-tunnel-client $ bin/stunnel.js --locals http://hfc.rootprojects.org:8080,http://test1.hfc.rootprojects.org:8080 --relay wss://localhost.rootprojects.org:8443 --secret abcdef1234567890
 ```
 
 ### Execute RVPN
diff --git a/cmd/telebitd/telebitd.go b/cmd/telebit-relay/telebit-relay.go
similarity index 100%
rename from cmd/telebitd/telebitd.go
rename to cmd/telebit-relay/telebit-relay.go
diff --git a/cmd/telebit/telebit.go b/cmd/telebit/telebit.go
index 79c4aa1..53ebd73 100644
--- a/cmd/telebit/telebit.go
+++ b/cmd/telebit/telebit.go
@@ -24,12 +24,12 @@ func init() {
 	viper.BindPFlag("locals", flag.Lookup("locals"))
 	viper.BindPFlag("domains", flag.Lookup("domains"))
 
-	flag.BoolP("insecure", "k", false, "Allow TLS connections to stunneld without valid certs")
-	flag.String("stunneld", "", "the domain (or ip address) at which the RVPN server is running")
-	flag.String("secret", "", "the same secret used by stunneld (used for JWT authentication)")
+	flag.BoolP("insecure", "k", false, "Allow TLS connections to telebit-relay without valid certs")
+	flag.String("relay", "", "the domain (or ip address) at which the RVPN server is running")
+	flag.String("secret", "", "the same secret used by telebit-relay (used for JWT authentication)")
 	flag.String("token", "", "a pre-generated token to give the server (instead of generating one with --secret)")
 	viper.BindPFlag("raw.insecure", flag.Lookup("insecure"))
-	viper.BindPFlag("raw.stunneld", flag.Lookup("stunneld"))
+	viper.BindPFlag("raw.relay", flag.Lookup("relay"))
 	viper.BindPFlag("raw.secret", flag.Lookup("secret"))
 	viper.BindPFlag("raw.token", flag.Lookup("token"))
 }
@@ -213,7 +213,7 @@ func main() {
 		}
 	}
 
-	if viper.GetString("raw.stunneld") == "" {
+	if viper.GetString("raw.relay") == "" {
 		panic("must provide remote RVPN server to connect to")
 	}
 
@@ -243,7 +243,7 @@ func main() {
 
 	config := client.Config{
 		Insecure: viper.GetBool("raw.insecure"),
-		Server:   viper.GetString("raw.stunneld"),
+		Server:   viper.GetString("raw.relay"),
 		Services: servicePorts,
 		Token:    token,
 	}