konduit/konduit-public
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

init: initial public repo with README and LICENSE

Browse Source
This commit is contained in:
Eugen Kaparulin
2026-06-06 16:32:50 +03:00
commit 852b6a0cd8
2 changed files with 191 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
README.md Normal file
View File

@@ -0,0 +1,108 @@
<div align="center">
# Konduit
**TCP-Native VPN. Works Where UDP Doesn't.**
[![License: Proprietary](https://img.shields.io/badge/license-Proprietary-red)](LICENSE)
[![Platform](https://img.shields.io/badge/platform-Linux%20%7C%20macOS%20%7C%20Android%20%7C%20iOS-lightgrey)]()
[![Status](https://img.shields.io/badge/status-Beta-orange)]()
</div>
---
Konduit is a modern VPN built around a single principle: **TCP transport that works when UDP is blocked.**
WireGuard is excellent — until your ISP throttles or blocks UDP. Konduit solves that without the complexity of OpenVPN or the fragility of UDP-wrapping hacks. It runs fully in userspace, requires no elevated privileges, and gets out of your way.
## Why Konduit?
Most VPNs treat TCP as a fallback. Konduit is designed for TCP from the ground up, which means:
- No HEAD-OF-LINE blocking from tunneling UDP into TCP
- Reliable behaviour on restrictive corporate and mobile networks
- WireGuard-level simplicity without the UDP dependency
## Features
- **TCP-native protocol** — designed for TCP, not retrofitted
- **Server-controlled routing** — administrators enforce routing policy; clients cannot bypass it
- **Userspace implementation** — no kernel modules, no root required
- **Hot config reload** — update server configuration without dropping connections
- **QR code provisioning** — scan once, connect instantly
- **Cross-platform** — Linux, macOS, Android, iOS
- **Modern cryptography** — X25519 key exchange, ChaCha20-Poly1305 data channel
- **Stealth mode** — port 443 deployment with decoy proxy for hostile network environments
- **Memory safe** — written entirely in Rust
## Download
Releases are published on the [Releases](../../releases) page.
### Linux (CLI)
```bash
# Download konduit-cli from the Releases page, then:
chmod +x konduit-cli
./konduit-cli connect --server vpn.example.com:443 --peer-id mydevice --psk YOUR_PSK
```
### macOS · Android · iOS
Coming soon.
## Architecture
```
Flutter UI (Dart)
flutter_rust_bridge (FFI)
Konduit engine (Rust)
├── TUN device (userspace)
├── TCP tunnel protocol
├── Key exchange (X25519)
└── Route manager
```
| Layer | Technology |
|---|---|
| UI | Flutter / Dart |
| Core engine | Rust (Tokio async) |
| FFI bridge | flutter_rust_bridge |
| Cryptography | ring / rustls |
| TUN device | tun crate (userspace) |
## Openness Model
The Konduit **client library** (`konduit-client`) is published here for transparency and security audit. It is licensed under the [PolyForm Noncommercial License 1.0.0](LICENSE) — free to read, study, and use for noncommercial purposes.
The VPN server, management UI, and stealth-mode protocol are proprietary. Keeping stealth mechanisms private makes automated DPI fingerprinting significantly harder. Source review under NDA is available for enterprise partners.
## Security
**No UDP dependency:** Konduit does not require UDP at any layer.
**Key storage:** Private keys are stored in the OS secure enclave on every platform (iOS Keychain, macOS Keychain, Android Keystore). They are never written to disk in plaintext.
**Stealth mode:** On port 443, failed or unrecognized handshakes are proxied transparently to a configurable decoy service. From the outside, the server is indistinguishable from a standard HTTPS endpoint.
## Support
**Bug reports:** Use the in-app reporting feature or open an issue in this repository.
**Security vulnerabilities:** Do not open a public issue. Contact the maintainer directly at the address shown in the application's About screen.
**Contributing:** Core development is handled internally. We do not currently accept external pull requests.
---
## About
Created by **Eugen Kaparulin**.
Official binaries distributed by **Konduit Oy**.
© Eugen Kaparulin. All rights reserved.
`konduit-client` is published under the [PolyForm Noncommercial License 1.0.0](LICENSE).
All other parts of Konduit are proprietary.