⚡
One-touch enrollment
Generate a key, approve a short pairing code, and the node gets an overlay IP, DNS name, and policy — automatically.
v0.0.1 · Pure Rust · Zero dependencies · Early development
Your devices,
Your devices,
one private network.
AkurAI VPN is a secure, one-touch mesh VPN — an encrypted overlay that connects your machines directly, with subnet, exit, and public-ingress gateways when you need them. Built in pure Rust, shipped as a single binary, with no runtime dependencies.
$ curl -fsSL https://vpn.olibuijr.com/install.sh | sh && akurai-vpn up
Early development — the overlay and installer are not live yet. This is the target experience while the v0.0.x scaffold is built in the open.
A VPN that gets out of your way
Mesh networking with the ergonomics of a single command — and explicit, auditable control over every route.
🔒
Encrypted mesh
An L3 overlay on a akurai0 TUN interface. Devices reach each other by overlay IP or internal DNS over encrypted peer paths.
🚪
Gateway modes
Advertise a LAN subnet, act as an exit node, or expose a service via public ingress — each one explicit and admin-approved.
🛡️
Fail-closed policy
Unknown node, unknown route, unapproved gateway, expired session — denied and audited by default. Nothing implicit.
🔁
Relay fallback
When a direct path can't form, traffic relays through the control plane — which only ever sees ciphertext, never your payload keys.
🦀
Single pure-Rust binary
No runtime dependencies, no container, no daemon zoo. One auditable binary per role, deployed with one command.
How it works
A small control plane assigns identity and policy; nodes form the encrypted data plane between themselves. v1 is hub-routed for one-touch reliability, then evolves to direct mesh.
control plane Enrollment, overlay IP & DNS allocation, ACLs, route approval, peer maps, audit — hosted at vpn.olibuijr.com. It never carries data-plane payloads except as an encrypted relay.
node daemon Runs on every device. Creates akurai0, applies approved routes, watches the peer map, and brings up encrypted sessions to peers.
overlay IPv4 100.88.0.0/16, IPv6 fd88:akurai::/48, MTU 1280. Each node gets a stable name like laptop.oli.akurai.
local app
→ akurai0 TUN
→ route lookup (dest overlay IP)
→ ACL check (fail-closed)
→ peer session lookup
→ direct encrypted path ✓
→ relay via vpn.olibuijr.com
if direct path fails
Roadmap
Build the core secure overlay first, then layer on gateways, direct mesh, and public ingress.
MVP 0
Planning & threat model
Architecture, protocol decision, license policy, DNS & deployment plan. In progress.
MVP 1
Single-hub internal VPN
Enrollment, TUN interface, encrypted node↔hub tunnels, overlay IPs, ACL checks.
MVP 2
Gateway routes
Subnet advertisements, admin approval, route push, exit-node opt-in, basic DNS names.
MVP 3
Direct peer mesh
Endpoint discovery, direct connection attempts, relay fallback, path-health scoring, roaming.
MVP 4
Public ingress
HTTPS ingress on the control plane, route to internal services, TLS automation, identity-aware access.
Built in the open.
AkurAI VPN is open source and under active development. Follow along, read the design, or contribute.