kytan: High Performance Peer-to-Peer VPN in Rust

Last update: Dec 31, 2022

Overview

kytan: High Performance Peer-to-Peer VPN

kytan is a high performance peer to peer VPN written in Rust. The goal is to to minimize the hassle of configuration and deployment with a goal of multi-platform support.

Supported Platforms

Linux
macOS (Client mode only)

Installation

Currently, precompiled kytan binaries are available for Linux and macOS. You can download them from releases.

Alternatively, you can compile it from source if your machine is installed with Rust.

$ git clone https://github.com/changlan/kytan.git
$ cd kytan
$ cargo build --release

Running `kytan`

For complete information:

$ sudo ./kytan -h

Server Mode

Like any other VPN server, you need to configure iptables as following to make sure IP masquerading (or NAT) is enabled, which should be done only once. In the future, kytan will automate these steps. You may change <INTERFACE> to the interface name on your server (e.g. eth0):

$ sudo iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o <INTERFACE> -j MASQUERADE

To run kytan in server mode and listen on UDP port 9527 with password hello:

$ sudo ./kytan server -k hello

If you want open log display (info is log level, you can change it by your idea)

$ sudo RUST_LOG=info ./kytan server -k hello

Client Mode

To run kytan in client mode and connect to the server <SERVER>:9527 using password hello:

$ sudo ./kytan client -s <SERVER> -p 9527 -k hello

if you want open log display (info is log level, you can change it by your idea)

$ sudo RUST_LOG=info ./kytan client -s <SERVER> -p 9527 -k hello

License

Apache 2.0

Comments

你这个程序在解决被污染的域名方面有问题

我在linux vps和mac机器上，都成功安装了kytan,但是按readme里的内容,两边都运行了 kytan:

root@yms:# ps aux|grep kytan root 304 0.0 0.2 12728 2224 pts/0 S+ 13:13 0:00 grep kytan root 32758 0.0 0.2 17856 2560 ? Ss 13:12 0:00 /root/kytan/target/release/kytan --mode s -p 9527 --secret my-password root@yms:#

在mac上： yudeMacBook-Air:release brite$ sudo ./kytan --mode c -h my-vps-ip -p 9527 --secret my-password Password: add host my-vps-ip: gateway 192.168.1.1 delete net default add net default: gateway 10.10.10.1

然后我在火狐浏览器里访问显示ip的网站https://www.ipaddress.com/ ，它显示了我服务器的ip,但是访问被封的网站时，火狐浏览器的左下角显示looking up some-blocked-domain.com , 网站打不开，显示： The connection was reset

可见你这个程序在解决被污染的域名方面有问题，所以翻墙失败。怎么解决？谢谢回复

这个程序exodus，（https://github.com/LuoZijun/exodus）跟你的很像，它解决了被污染的域名的问题： https://github.com/LuoZijun/exodus/issues/13

你可参考该项目改进一下你这个程序吗？非常感谢回复
invalid

opened by luckypoem 10
编译ring,遇错，怎么解决？

hi. git clone https://github.com/changlan/kytan.git cd kytan cargo build --release 显示： ... Compiling ring v0.12.1 error[E0583]: file not found for module montgomery --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/ring-0.12.1/src/arithmetic/arithmetic.rs:15:9 | 15 | pub mod montgomery; | ^^^^^^^^^^ | = help: name the file either arithmetic/montgomery.rs or arithmetic/montgomery/mod.rs inside the directory "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/ring-0.12.1/src/arithmetic". error: aborting due to previous error error: Could not compile ring. To learn more, run the command again with --verbose. root@RegalMusty-VM:~/kytan#

opened by luckypoem 9
change args parser and add a set_dns function
use rust-2018 version grammar

change getopts to the more modern clap

add dns information to Struct Response, then we can specify a dns server to client.

Then I will add KCP support to kytan 😁
opened by attenuation 4
Cannot build Kytan under macOS.

I install Rust on my MacBook Pro. And this is what I did: git clone https://github.com/changlan/kytan.git cd kytan cargo build --release --verbose

This is what I got:

error[E0432]: unresolved import bincode::Infinite --> src/network.rs:21:39 | 21 | use bincode::{serialize, deserialize, Infinite}; | ^^^^^^^^ no Infinite in the root

error[E0061]: this function takes 1 parameter but 2 parameters were supplied --> src/network.rs:81:41 | 81 | let encoded_req_msg: Vec = try!(serialize(&req_msg, Infinite).map_err(|e| e.to_string())); | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expected 1 parameter

error[E0061]: this function takes 1 parameter but 2 parameters were supplied --> src/network.rs:199:39 | 199 | let encoded_msg = serialize(&msg, Infinite).unwrap(); | ^^^^^^^^^^^^^^^^^^^^^^^^^ expected 1 parameter

error[E0061]: this function takes 1 parameter but 2 parameters were supplied --> src/network.rs:293:49 | 293 | let encoded_reply = serialize(&reply, Infinite).unwrap(); | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ expected 1 parameter

error[E0061]: this function takes 1 parameter but 2 parameters were supplied --> src/network.rs:351:47 | 351 | let encoded_msg = serialize(&msg, Infinite).unwrap(); | ^^^^^^^^^^^^^^^^^^^^^^^^^ expected 1 parameter

error: aborting due to 5 previous errors

error: Could not compile kytan.

Caused by: process didn't exit successfully: rustc --crate-name kytan src/main.rs --crate-type bin --emit=dep-info,link -C opt-level=3 -C metadata=0478351b1c14c8a2 -C extra-filename=-0478351b1c14c8a2 --out-dir /Users/caoqing/kytan/target/release/deps -L dependency=/Users/caoqing/kytan/target/release/deps --extern rand=/Users/caoqing/kytan/target/release/deps/librand-263d08a047275420.rlib --extern transient_hashmap=/Users/caoqing/kytan/target/release/deps/libtransient_hashmap-25d9654b759cc056.rlib --extern env_logger=/Users/caoqing/kytan/target/release/deps/libenv_logger-7ae2885606dbb51c.rlib --extern ring=/Users/caoqing/kytan/target/release/deps/libring-c974d556fc8dec09.rlib --extern serde_derive=/Users/caoqing/kytan/target/release/deps/libserde_derive-5fcdce10afe346b3.dylib --extern snap=/Users/caoqing/kytan/target/release/deps/libsnap-e8f72cd5c8651672.rlib --extern serde=/Users/caoqing/kytan/target/release/deps/libserde-3b389f9d8c49f976.rlib --extern getopts=/Users/caoqing/kytan/target/release/deps/libgetopts-65cb25f4d22508fa.rlib --extern dns_lookup=/Users/caoqing/kytan/target/release/deps/libdns_lookup-5cee9a471ee423d1.rlib --extern log=/Users/caoqing/kytan/target/release/deps/liblog-b925b1969baa5d7b.rlib --extern libc=/Users/caoqing/kytan/target/release/deps/liblibc-6ee40ee96e5eeabb.rlib --extern bincode=/Users/caoqing/kytan/target/release/deps/libbincode-9d11a29915a29943.rlib --extern mio=/Users/caoqing/kytan/target/release/deps/libmio-42098908545e0b4c.rlib -L native=/Users/caoqing/kytan/target/release/build/ring-a6eba13810706b5d/out (exit code: 101)

opened by testcaoy7 2
Not working

I compiled kytan via git commit 2374a67. On server I ran "./kytan -m s -p 17115 -s pswd" On Client I ran "./kytan -m c -p 17115 -h 11.22.33.44 -s pswd"

On server (Ubuntu 16), a TUN device was created. On client (Linux Mint 18.2) there is no created TUN/TAP device.

opened by testcaoy7 1
Failure Handling in Server Mode
Unlike clients, server should try its best to recover from failures, since it might be run as a system daemon. Therefore, we should consider more carefully about panicking. Current issues are:

[x] Remove assert_eq that check the length of data. If inconsistency is found, output error message instead of panicking.

[x] Reclaim IP addresses when a client disconnects.
opened by changlan 0
User-mode NAT support

kytan 服务器依赖 Linux 内置的 iptables 作为 NAT。尽管其他的 VPN 服务器（如 OpenVPN）采用同样的安排，但是对普通用户来说，配置 iptables 在设置服务器的过程中也是一个不大不小的障碍。另外，对 iptables 的依赖限制了服务器只能运行在 Linux 上。在用户层实现 NAT 可以解决上述问题。

opened by changlan 0
Too many martian source log in kernel log

When I have just connected to the server, many martian source log display in kernel log. After a short period of time.This log appear occasionally.

172.20.10.5 was my client physical card ip

opened by attenuation 3
运行客户端命令遇错

hi.

bogon:release brite$ sudo ~/kytan/target/release/kytan --mode c -h my-vps-ip -p 9527 --secret iloveson 会显示： thread 'main' panicked at 'called Result::unwrap() on an Err value: Unspecified', src/libcore/result.rs:906:4 note: Run with RUST_BACKTRACE=1 for a backtrace. bogon:release brite$

怎么解决？

opened by luckypoem 1
Automatic DNS override

Please consider add automatic DNS override feature. A client has to change system DNS setting and flush DNS after connection made by Kytan in order to prevent DNS pollution.

It will be a lot nicer if this process can be automatically done by Kytan.

opened by testcaoy7 0
WeChat Video Obfuscation

There is a modular proxy project call "v2ray" and it implemented a unique WeChat video obfuscation feature to its KCP transport layer. By using WeChat video obfuscation, UDP transport can bypass QoS system dramatically. Since Kytan uses UDP as transport layer protocol, I believe it also take advantage through this design .

opened by testcaoy7 0