60 lines
1.5 KiB
Markdown
60 lines
1.5 KiB
Markdown
# Konduit CLI Client Quickstart
|
|
|
|
## 1. Download
|
|
|
|
Download the `konduit` binary from the [Releases](../../releases) page and make it executable:
|
|
|
|
```bash
|
|
chmod +x konduit
|
|
sudo cp konduit /opt/konduit/konduit
|
|
```
|
|
|
|
## 2. Get a client config
|
|
|
|
Your server administrator will provide a `client.toml` generated by `konduit-ctl add-client`. Transfer it to the client machine:
|
|
|
|
```bash
|
|
sudo cp client.toml /opt/konduit/client.toml
|
|
sudo chmod 600 /opt/konduit/client.toml
|
|
```
|
|
|
|
If your server runs in stealth mode, the config already points to port 443. No additional client-side configuration is needed.
|
|
|
|
## 3. Connect
|
|
|
|
```bash
|
|
/opt/konduit/konduit -c /opt/konduit/client.toml
|
|
```
|
|
|
|
A successful connection looks like:
|
|
|
|
```
|
|
→ resolving vpn.example.com ok
|
|
→ tcp handshake X25519 ok
|
|
→ tun device konduit0 up
|
|
→ routes applied by server policy ok
|
|
connected · no udp, no root, port 443
|
|
```
|
|
|
|
## 4. Run as a systemd service
|
|
|
|
To connect automatically on boot, use the provided systemd unit:
|
|
|
|
```bash
|
|
sudo cp /opt/konduit/docs/systemd/konduit.service /etc/systemd/system/
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl enable --now konduit
|
|
```
|
|
|
|
The unit runs as root (required for TUN device creation) and restarts automatically on failure.
|
|
|
|
## 5. Capabilities (alternative to root)
|
|
|
|
To run without root, grant the binary the required capability instead:
|
|
|
|
```bash
|
|
sudo setcap cap_net_admin=+ep /opt/konduit/konduit
|
|
```
|
|
|
|
Then change `User=root` to your user account in the systemd unit before enabling it.
|