racks/kaya-go
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Enhanced fork of Yggdrasil with a built-in dashboard, runtime hardening, improved CLI/traffic control, and performance optimizations.
2 commits 1 branch 0 tags 236 KiB
Find a file
Racks f5ad49facb push
2026-03-01 17:29:18 +01:00
cmd push 2026-03-01 17:01:47 +01:00
misc push 2026-03-01 17:01:47 +01:00
repo push 2026-03-01 17:29:18 +01:00
src push 2026-03-01 17:01:47 +01:00
CHANGELOG.md push 2026-03-01 17:01:47 +01:00
clean push 2026-03-01 17:01:47 +01:00
go.mod push 2026-03-01 17:01:47 +01:00
go.sum push 2026-03-01 17:01:47 +01:00
LICENSE push 2026-03-01 17:01:47 +01:00
README.md push 2026-03-01 17:29:18 +01:00

README.md

Kaya

Kaya Dashboard

Build status

Introduction

Kaya is an enhanced implementation of a fully end-to-end encrypted IPv6 mesh network.

It is lightweight, self-arranging, multi-platform, and allows any IPv6-capable application to communicate securely with other Kaya nodes. Kaya does not require native IPv6 Internet connectivity --- it works over IPv4 as well.

This repository extends the baseline behavior with significant improvements in:

  • Observability\
  • Runtime control\
  • Performance\
  • Transport efficiency\
  • Operator UX

Supported Platforms

  • Linux\
  • macOS\
  • Windows\
  • FreeBSD / OpenBSD\
  • OpenWrt\
  • Ubiquiti EdgeRouter\
  • VyOS

Building

Requires Go 1.22 or later.

go build -o kaya ./cmd/yggdrasil
go build -o kayactl ./cmd/yggdrasilctl

Cross-compile example:

GOOS=windows GOARCH=amd64 go build -o kaya.exe ./cmd/yggdrasil

Running

Generate Configuration

./kaya -genconf > /path/to/kaya.conf

./kaya -genconf -json > /path/to/kaya.conf

Start Kaya

./kaya -useconffile /path/to/kaya.conf

./kaya -autoconf

Kaya requires permission to create TUN/TAP interfaces.
On Linux, run under sudo or grant CAP_NET_ADMIN.

Extended Features

Built-in Operator Dashboard

  • Live telemetry (identity, routing, peers, flows, tree)
  • Real-time bandwidth visualization
  • Peer traffic control
  • Optional authentication
  • Public read-only mode (--public-interface)

Runtime Control & Hardening

  • --threads
  • --max-threads
  • --sandbox (no-new-privileges, non-dumpable, core dump suppression)

Enhanced CLI (kayactl)

  • Improved peer listings
  • Clear topology tree
  • Integrated traffic control

Performance & Transport Improvements

  • Reduced timer churn
  • Optimized peer snapshots
  • Faster authorization lookups
  • QUIC and TCP dialing improvements
  • TLS correctness fixes

Practical Outcome

  • Better operator visibility\
  • Stronger runtime control\
  • Lower CPU and memory overhead\
  • Safer production deployments

Topics / Tags

go golang ipv6 mesh-network p2p overlay-network encrypted-network
networking distributed-systems quic tcp websocket linux
freebsd openbsd macos windows openwrt
cli dashboard observability performance security sandbox
rust c systems-programming infrastructure devops

License

LGPLv3 with linking exception. See LICENSE for details.