konduit/konduit-public
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Update examples

Browse Source
This commit is contained in:
E. Kaparulin
2026-06-09 08:30:41 +03:00
parent 1e08ba34f0
commit 10def914ab
5 changed files with 104 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -65,10 +65,12 @@ echo "your secret mantra" | ./konduit-ctl bootstrap -l vpn.example.com:443 -p -
Coming soon. Coming soon.
## Server Setup ## Setup
- [Client Quickstart](docs/client-quickstart.md) — download, configure, connect, run as a systemd service
- [Server Quickstart](docs/server-quickstart.md) — install, provision, NAT setup for iptables and firewalld - [Server Quickstart](docs/server-quickstart.md) — install, provision, NAT setup for iptables and firewalld
- [Stealth Mode Setup](docs/stealth-setup.md) — HAProxy TCP passthrough + camouflage configuration - [Stealth Mode Setup](docs/stealth-setup.md) — HAProxy TCP passthrough + camouflage configuration
- [systemd units](docs/systemd/) — service files for konduit-server, konduit (client), and konduit-admin-ui
## Architecture ## Architecture

59
docs/client-quickstart.md Normal file
View File

@@ -0,0 +1,59 @@
# Konduit CLI Client Quickstart
## 1. Download
Download the `konduit` binary from the [Releases](../../releases) page and make it executable:
```bash
chmod +x konduit
sudo cp konduit /opt/konduit/konduit
```
## 2. Get a client config
Your server administrator will provide a `client.toml` generated by `konduit-ctl add-client`. Transfer it to the client machine:
```bash
sudo cp client.toml /opt/konduit/client.toml
sudo chmod 600 /opt/konduit/client.toml
```
If your server runs in stealth mode, the config already points to port 443. No additional client-side configuration is needed.
## 3. Connect
```bash
/opt/konduit/konduit -c /opt/konduit/client.toml
```
A successful connection looks like:
```
→ resolving vpn.example.com ok
→ tcp handshake X25519 ok
→ tun device konduit0 up
→ routes applied by server policy ok
connected · no udp, no root, port 443
```
## 4. Run as a systemd service
To connect automatically on boot, use the provided systemd unit:
```bash
sudo cp /opt/konduit/docs/systemd/konduit.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable --now konduit
```
The unit runs as root (required for TUN device creation) and restarts automatically on failure.
## 5. Capabilities (alternative to root)
To run without root, grant the binary the required capability instead:
```bash
sudo setcap cap_net_admin=+ep /opt/konduit/konduit
```
Then change `User=root` to your user account in the systemd unit before enabling it.

7
docs/server-quickstart.md
View File

@@ -62,7 +62,12 @@ Without this, konduit picks the first available `tunN`, which shifts if other VP
./konduit-server --config server.toml ./konduit-server --config server.toml
``` ```
For persistent operation, use the provided systemd unit (`setup/server/konduit-server.service`). For persistent operation, use the provided systemd units in [docs/systemd/](systemd/). Copy `konduit-server.service` to `/etc/systemd/system/`, then:
```bash
sudo systemctl daemon-reload
sudo systemctl enable --now konduit-server
```
## 6. NAT / Masquerade ## 6. NAT / Masquerade

18
docs/systemd/konduit-server.service Normal file
View File

@@ -0,0 +1,18 @@
[Unit]
Description=Konduit Server
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/konduit
ExecStart=/opt/konduit/konduit-server -c /opt/konduit/server.toml
Restart=on-failure
RestartSec=5
# Optional hardening
NoNewPrivileges=true
PrivateTmp=true
[Install]
WantedBy=multi-user.target

18
docs/systemd/konduit.service Normal file
View File

@@ -0,0 +1,18 @@
[Unit]
Description=Konduit Client
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/konduit
ExecStart=/opt/konduit/konduit -c /opt/konduit/client.toml
Restart=on-failure
RestartSec=5
# Optional hardening
NoNewPrivileges=true
PrivateTmp=true
[Install]
WantedBy=multi-user.target