diff --git a/cmd/frpp/shared/cmd.go b/cmd/frpp/shared/cmd.go
index ce6342e..1d94819 100644
--- a/cmd/frpp/shared/cmd.go
+++ b/cmd/frpp/shared/cmd.go
@@ -35,6 +35,8 @@ type CommonArgs struct {
 	ApiPort   *int
 	ApiScheme *string
 	JoinToken *string
+
+	Ephemeral *bool
 }
 
 func BuildCommand(fs embed.FS) *cobra.Command {
@@ -68,6 +70,7 @@ func AddCommonFlags(commonCmd *cobra.Command) {
 	commonCmd.Flags().String("rpc-url", "", "rpc url, master rpc url, scheme can be grpc/ws/wss://hostname:port")
 	commonCmd.Flags().String("api-url", "", "api url, master api url, scheme can be http/https://hostname:port")
 	commonCmd.Flags().StringP("join-token", "j", "", "your token from master, auto join with out webui")
+	commonCmd.Flags().Bool("ephemeral", true, "auto join with join-token, whether the client is ephemeral, change flag to --ephemeral=false to disable")
 
 	// deprecated start
 	commonCmd.Flags().StringP("app", "a", "", "app secret")
@@ -122,6 +125,10 @@ func GetCommonArgs(cmd *cobra.Command) CommonArgs {
 		commonArgs.JoinToken = &joinToken
 	}
 
+	if ephemeral, err := cmd.Flags().GetBool("ephemeral"); err == nil {
+		commonArgs.Ephemeral = &ephemeral
+	}
+
 	return commonArgs
 }
 
@@ -572,7 +579,7 @@ func JoinMaster(cfg conf.Config, joinArgs CommonArgs) (*pb.Client, error) {
 		logger.Logger(c).Infof("client [%s] not found, try to init client", clientID)
 
 		// 创建短期client
-		initResp, err := rpc.InitClient(cfg, clientID, *joinArgs.JoinToken, true)
+		initResp, err := rpc.InitClient(cfg, clientID, *joinArgs.JoinToken, joinArgs.Ephemeral)
 		if err != nil {
 			logger.Logger(c).Errorf("init client failed: %s", err.Error())
 			return nil, err
diff --git a/docs/en/wireguard.md b/docs/en/wireguard.md
index 22e4682..ae347a9 100644
--- a/docs/en/wireguard.md
+++ b/docs/en/wireguard.md
@@ -35,7 +35,7 @@ In the diagram, the two boxes represent two clients sharing the `10.10.0.0/24` n
 Left client:
 
 - Has a **device** `wg0` (virtual NIC) with virtual IP `10.10.0.1`.
-- Device `wg0` binds an **endpoint** `10.10.0.1:51820` (public IP + port).
+- Device `wg0` binds an **endpoint** `1.1.1.1:51820` (public IP + port).
 - Device `wg0` joins the **network** `10.10.0.0/24`.
 - Device `wg0` can talk to other devices in the `10.10.0.0/24` network.
 
diff --git a/docs/wireguard.md b/docs/wireguard.md
index 92a9b45..680070d 100644
--- a/docs/wireguard.md
+++ b/docs/wireguard.md
@@ -35,12 +35,14 @@ frp-panel 目前内置了 wiregaurd-go 用于实现组网功能。并且实现
 图中，两个框代表了两个 Client。他们处于 `10.10.0.0/24` 这个相同的网络
 
 左侧的Client：
+
 - 拥有一个**设备** wg0 (虚拟网卡)，设备的虚拟IP是 `10.10.0.1`
-- 设备 wg0 绑定了一个**端点** `10.10.0.1:51820`，这个端点是公网IP+端口
+- 设备 wg0 绑定了一个**端点** `1.1.1.1:51820`，这个端点是公网IP+端口
 - 设备 wg0 加入了一个**网络** `10.10.0.0/24`
 - 设备 wg0 可以与其他设备在网络 `10.10.0.0/24` 中互通
 
 右侧的Client：
+
 - 拥有一个**设备** wg0 (虚拟网卡)，设备的虚拟IP是 `10.10.0.2`
 - 设备 wg0 加入了一个**网络** `10.10.0.0/24`
 - 设备 wg0 可以与其他设备在网络 `10.10.0.0/24` 中互通
@@ -53,13 +55,16 @@ frp-panel 目前内置了 wiregaurd-go 用于实现组网功能。并且实现
 由于组网依赖操作系统中已有的一些功能，因此需要首先检查环境是否满足要求。
 
 打开终端，如果你的 Linux 系统拥有 `/etc/sysctl.d` 文件夹, 使用:
+
 ```bash
 echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-frp-panel.conf
 echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-frp-panel.conf
 echo 'net.ipv4.ping_group_range = 0 2147483647' | sudo tee -a /etc/sysctl.d/99-frp-panel.conf
 sudo sysctl -p /etc/sysctl.d/99-frp-panel.conf
 ```
+
 否则, 使用 `/etc/sysctl.conf` 文件:
+
 ```bash
 echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
 echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
@@ -103,6 +108,7 @@ ACL 是 JSON 格式，`action` 可以是 `allow` 或 `deny`，`src` 和 `dst` 
 ### 3. 创建端点（非公网节点可跳过）
 
 点击组网侧边菜单栏中的**端点**，然后点击按钮**新建端点**，按照以下要求填写
+
 - **客户端**：选择一个公网客户端
 - **主机名称**：填写节点的公网IP地址或域名，例如 `1.1.1.1` 或 `example.com`；
 - **端口**：填写节点可对外访问的公网端口，例如 `51820`；
diff --git a/services/rpc/master.go b/services/rpc/master.go
index 4f469a6..cd6e86d 100644
--- a/services/rpc/master.go
+++ b/services/rpc/master.go
@@ -15,6 +15,7 @@ import (
 	"github.com/VaalaCat/frp-panel/utils/logger"
 	"github.com/VaalaCat/frp-panel/utils/wsgrpc"
 	"github.com/imroc/req/v3"
+	"github.com/samber/lo"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/protobuf/proto"
@@ -114,14 +115,18 @@ func GetClientCert(appInstance app.Application, clientID, clientSecret string, c
 	return resp.Cert
 }
 
-func InitClient(cfg conf.Config, clientID, joinToken string, ephemeral bool) (*pb.InitClientResponse, error) {
+func InitClient(cfg conf.Config, clientID, joinToken string, ephemeral *bool) (*pb.InitClientResponse, error) {
 	apiEndpoint := conf.GetAPIURL(cfg)
 
 	c := httpCli()
 
+	if ephemeral == nil {
+		ephemeral = lo.ToPtr(true) // default to ephemeral
+	}
+
 	rawReq, err := proto.Marshal(&pb.InitClientRequest{
 		ClientId:  &clientID,
-		Ephemeral: &ephemeral,
+		Ephemeral: ephemeral,
 	})
 	if err != nil {
 		return nil, err