141 lines
3.3 KiB
Markdown
141 lines
3.3 KiB
Markdown
# Kaya
|
|
|
|
|
|
|
|
[](https://github.com/yggdrasil-network/yggdrasil-go/actions/workflows/ci.yml)
|
|
|
|
------------------------------------------------------------------------
|
|
|
|
## Introduction
|
|
|
|
Kaya is an enhanced implementation of a fully end-to-end encrypted IPv6
|
|
mesh network.
|
|
|
|
It is lightweight, self-arranging, multi-platform, and allows any
|
|
IPv6-capable application to communicate securely with other Kaya nodes.
|
|
Kaya does **not** require native IPv6 Internet connectivity --- it works
|
|
over IPv4 as well.
|
|
|
|
This repository extends the baseline behavior with significant
|
|
improvements in:
|
|
|
|
- Observability\
|
|
- Runtime control\
|
|
- Performance\
|
|
- Transport efficiency\
|
|
- Operator UX
|
|
|
|
------------------------------------------------------------------------
|
|
|
|
## Supported Platforms
|
|
|
|
- Linux\
|
|
- macOS\
|
|
- Windows\
|
|
- FreeBSD / OpenBSD\
|
|
- OpenWrt\
|
|
- Ubiquiti EdgeRouter\
|
|
- VyOS
|
|
|
|
------------------------------------------------------------------------
|
|
|
|
# Building
|
|
|
|
Requires **Go 1.22 or later**.
|
|
|
|
``` bash
|
|
go build -o kaya ./cmd/yggdrasil
|
|
go build -o kayactl ./cmd/yggdrasilctl
|
|
```
|
|
|
|
Cross-compile example:
|
|
|
|
``` bash
|
|
GOOS=windows GOARCH=amd64 go build -o kaya.exe ./cmd/yggdrasil
|
|
```
|
|
|
|
------------------------------------------------------------------------
|
|
|
|
# Running
|
|
|
|
## Generate Configuration
|
|
|
|
``` bash
|
|
./kaya -genconf > /path/to/kaya.conf
|
|
```
|
|
|
|
``` bash
|
|
./kaya -genconf -json > /path/to/kaya.conf
|
|
```
|
|
|
|
## Start Kaya
|
|
|
|
``` bash
|
|
./kaya -useconffile /path/to/kaya.conf
|
|
```
|
|
|
|
``` bash
|
|
./kaya -autoconf
|
|
```
|
|
|
|
Kaya requires permission to create TUN/TAP interfaces.\
|
|
On Linux, run under `sudo` or grant `CAP_NET_ADMIN`.
|
|
|
|
------------------------------------------------------------------------
|
|
|
|
# Extended Features
|
|
|
|
## Built-in Operator Dashboard
|
|
|
|
- Live telemetry (identity, routing, peers, flows, tree)
|
|
- Real-time bandwidth visualization
|
|
- Peer traffic control
|
|
- Optional authentication
|
|
- Public read-only mode (`--public-interface`)
|
|
|
|
## Runtime Control & Hardening
|
|
|
|
- `--threads`
|
|
- `--max-threads`
|
|
- `--sandbox` (no-new-privileges, non-dumpable, core dump suppression)
|
|
|
|
## Enhanced CLI (`kayactl`)
|
|
|
|
- Improved peer listings
|
|
- Clear topology tree
|
|
- Integrated traffic control
|
|
|
|
## Performance & Transport Improvements
|
|
|
|
- Reduced timer churn
|
|
- Optimized peer snapshots
|
|
- Faster authorization lookups
|
|
- QUIC and TCP dialing improvements
|
|
- TLS correctness fixes
|
|
|
|
------------------------------------------------------------------------
|
|
|
|
## Practical Outcome
|
|
|
|
- Better operator visibility\
|
|
- Stronger runtime control\
|
|
- Lower CPU and memory overhead\
|
|
- Safer production deployments
|
|
|
|
------------------------------------------------------------------------
|
|
|
|
## Topics / Tags
|
|
|
|
`go` `golang` `ipv6` `mesh-network` `p2p` `overlay-network`
|
|
`encrypted-network`\
|
|
`networking` `distributed-systems` `quic` `tcp` `websocket` `linux`\
|
|
`freebsd` `openbsd` `macos` `windows` `openwrt`\
|
|
`cli` `dashboard` `observability` `performance` `security` `sandbox`\
|
|
`rust` `c` `systems-programming` `infrastructure` `devops`
|
|
|
|
------------------------------------------------------------------------
|
|
|
|
## License
|
|
|
|
LGPLv3 with linking exception. See LICENSE for details.
|