konduit/konduit-public
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
278bc0d27455eb813be95f423de89380ca07f397
konduit-public/README.md
Eugen Kaparulin 278bc0d274 docs: link konduit-platform from README
2026-06-08 09:12:39 +03:00

144 lines
5.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<div align="center">
<img src="logo-horizontal.svg" alt="Konduit" height="52"/>
<br/><br/>
**TCP-Native VPN. Works Where UDP Doesn't.**
[![License: Proprietary](https://img.shields.io/badge/license-Proprietary-red)](LICENSE)
[![Platform](https://img.shields.io/badge/platform-Linux%20%7C%20macOS%20%7C%20Android%20%7C%20iOS-lightgrey)]()
[![Status](https://img.shields.io/badge/status-Beta-orange)]()
</div>
---
Konduit is a modern VPN built around a single principle: **TCP transport that works when UDP is blocked.**
WireGuard is excellent — until your ISP throttles or blocks UDP. Konduit solves that without the complexity of OpenVPN or the fragility of UDP-wrapping hacks. It runs fully in userspace, requires no elevated privileges, and gets out of your way.
## Why Konduit?
Most VPNs treat TCP as a fallback. Konduit is designed for TCP from the ground up, which means:
- No HEAD-OF-LINE blocking from tunneling UDP into TCP
- Reliable behaviour on restrictive corporate and mobile networks
- WireGuard-level simplicity without the UDP dependency
## Features
- **TCP-native protocol** — designed for TCP, not retrofitted
- **Server-controlled routing** — administrators enforce routing policy; clients cannot bypass it
- **Userspace implementation** — no kernel modules, no root required
- **Hot config reload** — update server configuration without dropping connections
- **QR code provisioning** — scan once, connect instantly
- **Cross-platform** — Linux, macOS, Android, iOS
- **Modern cryptography** — X25519 key exchange, ChaCha20-Poly1305 data channel
- **Stealth mode** — port 443 deployment with decoy proxy for hostile network environments
- **Memory safe** — written entirely in Rust
## Download
Releases are published on the [Releases](../../releases) page.
### Linux (CLI)
```bash
# Download konduit-cli from the Releases page, then:
chmod +x konduit-cli
./konduit-cli connect --server vpn.example.com:443 --peer-id mydevice --psk YOUR_PSK
```
### macOS · Android · iOS
Coming soon.
## Architecture
```
Flutter UI (Dart)
flutter_rust_bridge (FFI)
Konduit engine (Rust)
├── TUN device (userspace)
├── TCP tunnel protocol
├── Key exchange (X25519)
└── Route manager
```
| Layer | Technology |
|---|---|
| UI | Flutter / Dart |
| Core engine | Rust (Tokio async) |
| FFI bridge | flutter_rust_bridge |
| Cryptography | ring / rustls |
| TUN device | tun crate (userspace) |
## Openness Model
The [`konduit-platform`](./konduit-platform) crate is published here for transparency and security audit. It contains the cryptographic primitives, connection statistics, and platform networking layer (TUN device, DNS, routes) — everything an auditor needs to verify what runs on your machine. It is licensed under the [PolyForm Noncommercial License 1.0.0](LICENSE) — free to read, study, and use for noncommercial purposes.
The VPN server, management UI, and stealth-mode protocol are proprietary. Keeping stealth mechanisms private makes automated DPI fingerprinting significantly harder. Source review under NDA is available for enterprise partners.
## Security
**No UDP dependency:** Konduit does not require UDP at any layer.
**Key storage:** Private keys are stored in the OS secure enclave on every platform (iOS Keychain, macOS Keychain, Android Keystore). They are never written to disk in plaintext.
**Stealth mode:** On port 443, failed or unrecognized handshakes are proxied transparently to a configurable decoy service. From the outside, the server is indistinguishable from a standard HTTPS endpoint.
## Support
**Bug reports:** Use the in-app reporting feature or open an issue in this repository.
**Security vulnerabilities:** Do not open a public issue. Contact the maintainer directly at the address shown in the application's About screen.
**Contributing:** Core development is handled internally. We do not currently accept external pull requests.
---
## Brand
### Logo
The Konduit mark is a geometric K built from flat filled polygons. An acid-green arrowhead (`>`) is embedded at the junction of the two K arms — it communicates data routing direction and doubles as the middle stroke of the letter E (founder's initials, E·K).
| File | Use |
|---|---|
| `logo.svg` | Mark only — light backgrounds |
| `logo-dark.svg` | Mark only — dark backgrounds |
| `logo-horizontal.svg` | Mark + wordmark — light backgrounds |
| `logo-horizontal-dark.svg` | Mark + wordmark — dark backgrounds |
### Colour Palette
| Role | Hex |
|---|---|
| Primary (mark) | `#111111` |
| Accent (arrow) | `#A3E635` |
| On dark (mark) | `#FFFFFF` |
The acid green `#A3E635` is the signature colour. It appears exclusively as the arrowhead accent and must not be changed between light and dark variants.
### Typography
Wordmark: **Inter** (or Helvetica Neue / SF Pro as system fallback), weight 600, letter-spacing 0.04em, all lowercase.
### Design Language
Flat, geometric, no gradients or shadows. Swiss modernist influence — precision over decoration. The mark works at 24px and scales to billboard size without modification.
---
## About
Created by **Eugen Kaparulin**.
Official binaries distributed by **Konduit Oy**.
© Eugen Kaparulin. All rights reserved.
[`konduit-platform`](./konduit-platform) is published under the [PolyForm Noncommercial License 1.0.0](LICENSE).
All other parts of Konduit are proprietary.
Reference in New Issue View Git Blame Copy Permalink