# Kaya

![Kaya Dashboard](repo/4fa5ff31-c9d5-4aa5-bea6-97b81f3daf78.png)

[![Build
status](https://github.com/yggdrasil-network/yggdrasil-go/actions/workflows/ci.yml/badge.svg)](https://github.com/yggdrasil-network/yggdrasil-go/actions/workflows/ci.yml)

------------------------------------------------------------------------

## Introduction

Kaya is an enhanced implementation of a fully end-to-end encrypted IPv6
mesh network.

It is lightweight, self-arranging, multi-platform, and allows any
IPv6-capable application to communicate securely with other Kaya nodes.
Kaya does **not** require native IPv6 Internet connectivity --- it works
over IPv4 as well.

This repository extends the baseline behavior with significant
improvements in:

-   Observability\
-   Runtime control\
-   Performance\
-   Transport efficiency\
-   Operator UX

------------------------------------------------------------------------

## Supported Platforms

-   Linux\
-   macOS\
-   Windows\
-   FreeBSD / OpenBSD\
-   OpenWrt\
-   Ubiquiti EdgeRouter\
-   VyOS

------------------------------------------------------------------------

# Building

Requires **Go 1.22 or later**.

``` bash
go build -o kaya ./cmd/yggdrasil
go build -o kayactl ./cmd/yggdrasilctl
```

Cross-compile example:

``` bash
GOOS=windows GOARCH=amd64 go build -o kaya.exe ./cmd/yggdrasil
```

------------------------------------------------------------------------

# Running

## Generate Configuration

``` bash
./kaya -genconf > /path/to/kaya.conf
```

``` bash
./kaya -genconf -json > /path/to/kaya.conf
```

## Start Kaya

``` bash
./kaya -useconffile /path/to/kaya.conf
```

``` bash
./kaya -autoconf
```

Kaya requires permission to create TUN/TAP interfaces.\
On Linux, run under `sudo` or grant `CAP_NET_ADMIN`.

------------------------------------------------------------------------

# Extended Features

## Built-in Operator Dashboard

-   Live telemetry (identity, routing, peers, flows, tree)
-   Real-time bandwidth visualization
-   Peer traffic control
-   Optional authentication
-   Public read-only mode (`--public-interface`)

## Runtime Control & Hardening

-   `--threads`
-   `--max-threads`
-   `--sandbox` (no-new-privileges, non-dumpable, core dump suppression)

## Enhanced CLI (`kayactl`)

-   Improved peer listings
-   Clear topology tree
-   Integrated traffic control

## Performance & Transport Improvements

-   Reduced timer churn
-   Optimized peer snapshots
-   Faster authorization lookups
-   QUIC and TCP dialing improvements
-   TLS correctness fixes

------------------------------------------------------------------------

## Practical Outcome

-   Better operator visibility\
-   Stronger runtime control\
-   Lower CPU and memory overhead\
-   Safer production deployments

------------------------------------------------------------------------

## Topics / Tags

`go` `golang` `ipv6` `mesh-network` `p2p` `overlay-network`
`encrypted-network`\
`networking` `distributed-systems` `quic` `tcp` `websocket` `linux`\
`freebsd` `openbsd` `macos` `windows` `openwrt`\
`cli` `dashboard` `observability` `performance` `security` `sandbox`\
`rust` `c` `systems-programming` `infrastructure` `devops`

------------------------------------------------------------------------

## License

LGPLv3 with linking exception. See LICENSE for details.