A fully decentralized, encrypted mesh network built to provide uncensorable internet access for everyone. Ordinary MikroTik routers and Linux devices become self‑organizing nodes that automatically discover each other and share connectivity — even when nationwide firewalls try to block it.
שלום — Peace, Wholeness, and Connectivity for All
handshake! embeds advanced mesh routing directly in its source code, includes a powerful web‑based management panel, and is designed to eventually run over audio, radio, DNS, and other transports that deep‑packet inspection cannot recognize.
On first run, every node generates a fresh Ed25519 key pair. The public key is hashed into a permanent IPv6 address (e.g., 200:c0de:…). This address is the node's cryptographic identity on the mesh. All traffic is end‑to‑end encrypted with forward‑secure session keys — no one, not even other mesh participants, can read packets that aren't meant for them.
The core is a decentralized spanning‑tree overlay that constantly measures link quality, builds an efficient topology, and heals automatically when peers join, leave, or fail. Routing is entirely decentralized: no servers, no central coordinators, no pre‑configured paths. The network finds the best routes on its own.
Nodes do not require manual friend‑adding. On the same LAN, they use multicast advertisements. Globally, a Distributed Hash Table (DHT) lets nodes locate remote peers without any bootstrap server. A new node only needs one reachable peer address — shared casually via a URL, QR code, or even on paper. Once connected, the full network topology propagates via gossip. No hardcoded IPs, no central bootstrap list, no developer‑owned server is ever trusted.
Every node includes a full React‑based management interface served locally on http://localhost:8080 and also on the node's IPv6 address. Monitor mesh connectivity, peer lists, and routing tables. Configure firewall, VPNs, DHCP, and internet gateway sharing. Securely manage your router from anywhere in the world via the encrypted mesh — invisible to DPI filters.
Some nodes have native internet access (e.g., a MikroTik router on Starlink). These can be configured as egress proxies, sharing connectivity with other mesh peers. handshake! includes a basic SOCKS5/HTTP proxy plus compatibility with external services like Starlink4Iran. Any node can share its internet, creating a resilient, crowdsourced access network. Traffic automatically finds the best available gateway.
handshake! doesn't just encrypt — it actively spoofs deep packet inspectors by morphing traffic to look like ordinary internet usage. The mesh can mimic HTTP/2 video streams, WebSocket chats, QUIC gaming sessions, DNS‑over‑HTTPS lookups, or even ICMP echo/reply patterns. Dynamic protocol hopping and transport polymorphism make traffic fingerprints useless: every session looks different, every packet blends in. No fixed port, no static signature, no DPI block.
To stay online even when TCP/IP is totally blocked, handshake!'s modular transport system will soon support: Audio modem (data over voice calls), Software‑defined radio (ISM bands), DNS tunnelling, and WebRTC for NAT traversal. All these plug into the same mesh overlay, giving users multiple escape routes that a censor cannot jam simultaneously.
Ordinary users, activists, journalists, and small businesses who want internet that cannot be taken away.
Neighbourhoods, villages, or city clusters can quickly build a resilient mesh using existing MikroTik hardware.
When the internet is shut down but phone lines or local radios still work, handshake! routes traffic through those channels.
With gateway sharing, no single authority controls the network's connection to the outside world.
./handshake
# Listens on :8080 for the web panel
# Optionally, set LISTEN_PORT for a peering portcurl -X POST http://localhost:8080/api/peer \
-d '{"uri":"tls://another-node.com:54321"}'
Then open your browser to http://localhost:8080 (locally) or
http://[200:…] (via the mesh) to access the management panel.
handshake! v0.1 is in active early development.
Full‑featured release with DPI spoofing across every protocol,
multi‑transport support (audio, radio, DNS, WebRTC), and automatic global peer
discovery is on the way.
Stay tuned — freedom is coming.
handshake! is built from a fusion of proven open‑source code and new transport layers. All contributions are welcome — especially those that help us move faster toward a world where no firewall can silence a voice.
No one should be cut off from the internet because of where they live.
שלום
Shalom — Peace, Wholeness, and Connectivity for All.