Skip to content

Kodachi Terminal Server Version

Kodachi Terminal Server Edition

A minimal, terminal-only live ISO based on Debian 13 (Trixie) crafted for two critical missions: bulletproof testing of the full Kodachi toolchain and operating as a dedicated SOCKS proxy gateway for your network. Built for power users, hardened servers, and elegant headless deployments.

Production Hardened Multi-Protocol Proxy-Ready Hardware Optimized

Download & Installation First Release: 30 October 2025 9.0.1 | Terminal last updated 11 November 2025 - build #6

Download ISO

Direct Download

Latest

Download the latest Kodachi Terminal Server ISO directly. One-click access to the current release.

9.0.1-amd64 2.4GB
Download ISO

Browse All Files

Access the complete archive of Kodachi releases, checksums, and documentation on SourceForge.

Open SourceForge
ISO Integrity Verification

Verify the downloaded ISO file integrity using the SHA256 checksum below to ensure secure installation:

SHA256 Checksum: 5d30abf3c5fab61fcede6d7673d32a490c7335e581abecf1f8d5c5bd09768d2d

Verification Command:
sha256sum linux-kodachi-terminal-9.0.1-amd64.iso

GPG Signature Verification Available

SourceForge also provides GPG signature files for cryptographic verification. Download the signature files from the same location:

  • linux-kodachi-terminal-9.0.1-amd64.iso.sig - GPG signature file
  • linux-kodachi-terminal-9.0.1-amd64.iso.sig.info - Signature information

Installation Methods

  1. Live USB - Boot from USB drive (no installation, portable, leaves no traces)
  2. Virtual Machine - Run in VMware/VirtualBox/QEMU (isolated testing environment)
  3. Bare Metal - Install on dedicated hardware (maximum performance as proxy server)
  4. Persistent Storage - Enable persistence for configuration retention across reboots

Create Bootable USB

Linux (Recommended Method) 

# Find USB device
lsblk

# Write ISO to USB (replace /dev/sdX with your USB device)
sudo dd if=linux-kodachi-terminal-9.0.1-amd64.iso of=/dev/sdX bs=4M status=progress oflag=sync

Rufus (Windows) - Link: https://rufus.ie/ - Description: Industry-standard tool for creating bootable USB drives. Select ISO file, select USB drive, write in DD mode or ISO mode.

Etcher (Windows/macOS/Linux) - Link: https://www.balena.io/etcher/ - Description: Simple, cross-platform tool for writing ISO images to USB drives. Clean interface and reliable performance.

Ventoy (Multiboot) - Link: https://www.ventoy.net - Description: Modern tool that you install on the USB drive once. You can then just drag-and-drop multiple ISO files (Windows, Linux, etc.) directly onto the drive, and it will give you a boot menu to select from.

YUMI (Your Universal Multiboot Installer) - Link: https://www.pendrivelinux.com/yumi-multiboot-usb-creator/ - Description: Popular tool for creating a multiboot USB drive. It allows you to add multiple operating systems and utilities to a single USB, one at a time.

Universal USB Installer (UUI) - Link: https://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/ - Description: Simple, reliable tool from the makers of YUMI, but designed to create a bootable USB for a single operating system.

macOS 

# Find disk identifier
diskutil list

# Unmount disk
diskutil unmountDisk /dev/diskN

# Write ISO
sudo dd if=linux-kodachi-terminal-9.0.1-amd64.iso of=/dev/rdiskN bs=4m

Technical Specifications Dashboard

Core System Specifications
Component Details
Base SystemDebian 13 (Trixie)
Architectureamd64 (x86_64)
ISO Size2.4GB (lightweight, no GUI bloat)
Total Packages1,181 packages (2025-10-24 build manifest)
Terminal Packages247 terminal-specific packages
Base Common43 shared base packages
Firmware Packages30+ packages (WiFi, Ethernet, Bluetooth, GPU)
Kodachi Binaries16 core security binaries pre-installed
InterfaceTerminal-only (no GUI)
Boot SupportBIOS + UEFI compatible
Login CredentialsUsername: kodachi / Password: r@@t00
Sudo AccessPasswordless sudo enabled

Pre-Installed Kodachi Binaries

All 16 core security binaries are pre-installed at /home/kodachi/dashboard/hooks/. Launch the toolkit instantly without additional setup.

deps-checker dns-leak dns-switch global-launcher health-control integrity-check ip-fetch logs-hook oniux online-auth online-info-switch permission-guard routing-switch tor-switch tun2socks-linux-amd64 workflow-manager

Package Categories Breakdown

Package Categories Breakdown
Category Count Signature Packages
Hardware Firmware30+firmware-iwlwifi, firmware-realtek, firmware-atheros, broadcom-sta-dkms
VPN / Anonymity15+tor, openvpn, wireguard, shadowsocks-libev, v2ray, xray, hysteria, mieru
Network Tools20+nmap, tcpdump, tshark, whatweb, netcat, socat, proxychains4
DNS Management8+dnscrypt-proxy, dnsutils, bind9-dnsutils, resolvconf
Firewalls6+iptables, nftables, ufw, iptables-persistent
Security Tooling25+cryptsetup, gnupg, openssh-client, fail2ban, apparmor
Development Stack30+git, python3, perl, build-essential, cmake, gcc
System Monitoring15+htop, iotop, nethogs, sysstat, lm-sensors
File Systems20+btrfs-progs, xfsprogs, ntfs-3g, exfat-utils, squashfs-tools
Terminal Multiplexers4+tmux, screen, byobu
Base System1000+Debian core utilities, libraries, and base packages

Supported Routing Protocols

Kodachi Terminal Server ships with 12+ routing protocols via the routing-switch binary, covering everything from battle-tested VPNs to advanced censorship-resistant transports.

Routing Protocol Coverage
Category Protocols & Features
VPN ProtocolsOpenVPN (industry-standard, AES encryption), WireGuard (modern, ChaCha20 encryption) — with kill switch and DNS leak protection
Anti-CensorshipShadowsocks (SOCKS5 + encryption), V2Ray (traffic obfuscation), Xray (enhanced V2Ray), Hysteria2 (high-performance for restrictive networks), Mieru (MITA - lightweight anti-censorship proxy)
Proxy ProtocolsSOCKS5 (standard proxy), Dante (SOCKS server), HTTP/HTTPS (proxy support), Microsocks (lightweight SOCKS5 server)
Tor IntegrationRedsocks (transparent Tor routing), SOCKS proxy configuration, TransPort routing, DNS over Tor, System-wide torrification (can run on top of any existing VPN service: WireGuard, OpenVPN, Hysteria2, Shadowsocks, V2Ray, Xray, Mieru)
Multi-LayerVPN + Tor (double encryption), protocol chaining for enhanced anonymity, traffic obfuscation layers

Protocol Documentation

For detailed protocol configuration and usage, see the routing-switch documentation.

Torrification Capability

Kodachi Terminal supports system-wide torrification that can run on top of any existing VPN service. This means you can layer Tor routing on top of WireGuard, OpenVPN, Hysteria2, Shadowsocks, V2Ray, or Xray connections for enhanced anonymity. Use sudo tor-switch torrify-system-nftables-dns (preferred) or sudo tor-switch torrify-system-iptables-dns to torrify your entire system regardless of your underlying VPN connection. To disable, use sudo tor-switch detorrify-system-nftables or sudo tor-switch detorrify-system-iptables.

Security Models & Layered Anonymity

Kodachi Terminal includes 92+ pre-built security workflows and supports unlimited custom workflows via the workflow-manager binary. Below are 18 example workflows organized by anonymity levels with diverse protocol coverage (WireGuard, OpenVPN, Shadowsocks, Hysteria2, V2Ray, Xray, Mita). Workflows 1-3 (Triple VPN + Tor) provide maximum anonymity for extreme threat models. Workflows 4-8 (Double VPN + Tor) offer ultra anonymity with host+guest configurations. Workflows 9-11 (Single VPN + Double Tor) provide very high anonymity. Workflows 12-18 balance security with performance for various use cases. All profiles are located in /home/kodachi/dashboard/hooks/config/profiles/. Users can create, modify, and chain workflows using workflow-manager to build custom security configurations.

Workflow Comparison Matrix

01

Router VPN → Host Mullvad → VM Kodachi WireGuard → Torrified

Chain: ISP → Router VPN → Host Mullvad VPN → Kodachi WireGuard (VM NAT) → Torrified System → Tor DNS

Anonymity: Ultra++ (6/6 - Triple VPN) Speed: Slowest

Ideal for: Ultimate anonymity, extreme threat models, maximum deniability, state-level adversaries.

sudo routing-switch connect wireguard sudo tor-switch torrify-system-nftables-dns
02

Router VPN → Host ProtonVPN → VM Kodachi OpenVPN → Torrified

Chain: ISP → Router VPN → Host ProtonVPN → Kodachi OpenVPN (VM NAT) → Torrified System → Tor DNS

Anonymity: Ultra++ (6/6 - Triple VPN) Speed: Slowest

Ideal for: Whistleblowing, state-level adversaries, journalist protection, maximum operational security.

sudo routing-switch connect openvpn sudo tor-switch torrify-system-nftables-dns
03

Router VPN → Host NordVPN → VM Kodachi Shadowsocks → Torrified

Chain: ISP → Router VPN → Host NordVPN → Kodachi Shadowsocks (VM NAT) → Torrified System → Tor DNS

Anonymity: Ultra++ (6/6 - Triple VPN) Speed: Very Slow

Ideal for: Maximum obfuscation, defeating DPI in hostile networks, evading advanced surveillance.

sudo routing-switch connect shadowsocks sudo tor-switch torrify-system-nftables-dns
04

Host Mullvad → VM Kodachi OpenVPN → Torrified + Tor DNS

Chain: ISP → Normal Router → Host Mullvad → Kodachi OpenVPN (VM NAT) → Torrified → Tor DNS

Anonymity: Ultra (5/5) Speed: Slow

Ideal for: Different VPN providers, avoiding single-point surveillance, investigative journalism.

sudo routing-switch connect openvpn sudo tor-switch torrify-system-nftables-dns
05

Host ProtonVPN → VM Kodachi Shadowsocks → Torrified + Tor DNS

Chain: ISP → Normal Router → Host ProtonVPN → Kodachi Shadowsocks (VM NAT) → Torrified → Tor DNS

Anonymity: Ultra (5/5) Speed: Slow

Ideal for: Censorship bypass with double VPN + Tor, evading DPI, hostile network environments.

sudo routing-switch connect shadowsocks sudo tor-switch torrify-system-nftables-dns
06

Host NordVPN → VM Kodachi V2Ray → Torrified + Tor DNS

Chain: ISP → Normal Router → Host NordVPN → Kodachi V2Ray (VM NAT) → Torrified → Tor DNS

Anonymity: Ultra (5/5) Speed: Moderate

Ideal for: Traffic obfuscation, triple anonymity layer, defeating advanced network analysis.

sudo routing-switch connect v2ray sudo tor-switch torrify-system-nftables-dns
07

Host ExpressVPN → VM Kodachi Hysteria2 → Torrified + Tor DNS

Chain: ISP → Normal Router → Host ExpressVPN → Kodachi Hysteria2 (VM NAT) → Torrified → Tor DNS

Anonymity: Ultra (5/5) Speed: Moderate

Ideal for: High-performance with maximum anonymity, restrictive network circumvention.

sudo routing-switch connect hysteria2 sudo tor-switch torrify-system-nftables-dns
08

Anonymous VPN → Tor → Torrified System + Tor DNS

Chain: ISP → Kodachi VPN (anonymous node) → Tor → Torrified System → Tor DNS

Anonymity: Ultra (5/5) Speed: Slow

Ideal for: Investigative journalism, activist operations, secure communications.

sudo routing-switch connect openvpn sudo tor-switch torrify-system-nftables-dns
09

Forced Xray → Torrified System + Tor DNS

Chain: ISP → Kodachi Xray (forced traffic) → Torrified System → Tor DNS

Anonymity: Very High (4.5/5) Speed: Very Slow

Ideal for: Extreme anonymity requirements, .onion operations, dark web access.

sudo routing-switch connect xray sudo tor-switch torrify-system-nftables-dns
10

WireGuard → Torrified System + Tor DNS

Chain: ISP → Kodachi WireGuard → Torrified System → Tor DNS

Anonymity: Very High (4.5/5) Speed: Slow

Ideal for: Dark web research, sensitive communications, enhanced privacy.

sudo routing-switch connect wireguard sudo tor-switch torrify-system-nftables-dns
11

Router VPN → VM WireGuard → Tor (Single Tor)

Chain: ISP → Router VPN → Kodachi WireGuard (VM via NAT) → Torified System → Tor DNS

Anonymity: Very High (4.5/5) Speed: Slow

Ideal for: Maximum deniability with physical isolation, secure operations.

sudo routing-switch connect wireguard sudo tor-switch torrify-system-nftables-dns
12

Host Mullvad → VM Kodachi Shadowsocks → DNScrypt

Chain: ISP → Normal Router → Host Mullvad → Kodachi Shadowsocks (VM NAT) → DNScrypt

Anonymity: High (4/5) Speed: Good

Ideal for: Censorship bypass with double VPN layer, evading DPI.

sudo routing-switch connect shadowsocks sudo dns-switch switch --names dnscrypt-cloudflare health-control net-check
13

Host ProtonVPN → VM Kodachi Hysteria2 → DNScrypt

Chain: ISP → Normal Router → Host ProtonVPN → Kodachi Hysteria2 (VM NAT) → DNScrypt

Anonymity: High (4/5) Speed: Very Good

Ideal for: High-performance double VPN for restrictive networks, streaming with privacy.

sudo routing-switch connect hysteria2 sudo dns-switch switch --names dnscrypt-quad9 ip-fetch
14

Host ExpressVPN → VM Kodachi Xray-VLESS-Reality → DNScrypt

Chain: ISP → Normal Router → Host ExpressVPN → Kodachi Xray-VLESS-Reality (VM NAT) → DNScrypt

Anonymity: High (4/5) Speed: Good

Ideal for: Advanced anti-detection with Xray Reality, defeating sophisticated censorship.

sudo routing-switch connect xray sudo dns-switch switch --names dnscrypt-quad9 health-control security-score
15

Forced Hysteria2 → Torrified System + Tor DNS

Chain: ISP → Kodachi Hysteria2 (forced traffic) → Torrified System → Tor DNS

Anonymity: Moderate-High (3.5/5) Speed: Moderate

Ideal for: Hostile network environments, censorship bypass with good performance.

sudo routing-switch connect hysteria2 sudo tor-switch torrify-system-nftables-dns
16

V2Ray → Torrified System + Tor DNS

Chain: ISP → Kodachi V2Ray → Torrified System → Tor DNS

Anonymity: Moderate-High (3.5/5) Speed: Moderate

Ideal for: General privacy and anonymous browsing, traffic obfuscation.

sudo routing-switch connect v2ray sudo tor-switch torrify-system-nftables-dns
17

Anonymous Shadowsocks → Tor + Tor DNS

Chain: ISP → Kodachi Shadowsocks (anonymous node) → Tor → Tor DNS

Anonymity: Moderate-High (3.5/5) Speed: Moderate

Ideal for: Daily privacy operations, secure communications, DPI evasion.

sudo routing-switch connect shadowsocks sudo tor-switch start-tor-dns-nftables
18

Forced OpenVPN → DNScrypt (Fast Performance)

Chain: ISP → Kodachi OpenVPN (forced traffic) → DNScrypt

Anonymity: Moderate (3/5) Speed: Fast

Ideal for: Online banking, shopping, business email, general secure browsing.

sudo routing-switch connect openvpn sudo dns-switch switch --names dnscrypt-quad9 health-control net-check

Protocol-Specific Initial Setup Workflows

Kodachi Terminal Server includes ready-to-use initial setup profiles for multiple routing protocols:

VPN Protocols:

  • initial_terminal_setup_openvpn_only - OpenVPN connection setup
  • initial_terminal_setup_wireguard_only - WireGuard connection setup

Anti-Censorship Protocols:

  • initial_terminal_setup_shadowsocks_only - Shadowsocks proxy setup
  • initial_terminal_setup_v2ray_only - V2Ray traffic obfuscation
  • initial_terminal_setup_xray_vless_only - Xray VLESS protocol
  • initial_terminal_setup_xray_trojan_only - Xray Trojan protocol
  • initial_terminal_setup_xray_vless_reality_only - Xray VLESS Reality
  • initial_terminal_setup_hysteria2_only - Hysteria2 high-performance

Proxy Servers:

  • initial_terminal_setup_dante_only - Dante SOCKS5 server
  • initial_terminal_setup_mita_only - Microsocks lightweight SOCKS5

Tor Combinations:

  • initial_terminal_setup_tor_only - Tor-only setup
  • initial_terminal_setup_wireguard_torrify - WireGuard + Tor torrification
  • initial_terminal_setup_auth_torrify_only - Authentication + Tor torrification

Execute with: sudo workflow-manager run <profile-name>

Workflow Selection Guide - Organized by Anonymity Tiers

TIER 1: Maximum Anonymity - Triple VPN + Tor (Workflows 01-03) - Anonymity Level: Ultra++ (6/6) - Triple VPN protection with Tor torrification - Best for: Ultimate anonymity, extreme threat models, state-level adversaries, whistleblowing, maximum deniability - Configuration: Router VPN → Host VPN (Mullvad/ProtonVPN/NordVPN) → Kodachi VPN (WireGuard/OpenVPN/Shadowsocks) → Torrified System → Tor DNS - Speed: Slowest to Very Slow

TIER 2: Ultra Anonymity - Double VPN + Tor (Workflows 04-08) - Anonymity Level: Ultra (5/5) - Double VPN with Tor torrification - Best for: Different VPN providers, avoiding single-point surveillance, investigative journalism, activist operations, censorship bypass with maximum protection - Configuration: Normal Router → Host VPN (Mullvad/ProtonVPN/NordVPN/ExpressVPN) → Kodachi VPN (OpenVPN/Shadowsocks/V2Ray/Hysteria2) → Torrified System → Tor DNS - Speed: Slow to Moderate

TIER 3: Very High Anonymity - Single VPN + Double Tor (Workflows 09-11) - Anonymity Level: Very High (4.5/5) - Double Tor circuits or Router + Guest VPN + Tor - Best for: Extreme anonymity requirements, .onion operations, dark web research, sensitive communications, maximum deniability - Configuration: Kodachi VPN (Xray/WireGuard) → Torrified → Double Tor Circuits OR Router VPN → Kodachi VPN → Torrified System - Speed: Very Slow to Slow

TIER 4: High Anonymity - Double VPN without Tor (Workflows 12-14) - Anonymity Level: High (4/5) - Double VPN layer - Best for: Censorship bypass, DPI evasion, advanced anti-detection, high-performance with strong privacy - Configuration: Normal Router → Host VPN (Mullvad/ProtonVPN/ExpressVPN) → Kodachi VPN (Shadowsocks/Hysteria2/Xray-VLESS-Reality) → DNScrypt - Speed: Good to Very Good

TIER 5: Moderate-High Anonymity - Single VPN + Tor (Workflows 15-17) - Anonymity Level: Moderate-High (3.5/5) - Single VPN with Tor - Best for: Hostile network environments, general privacy, anonymous browsing, daily privacy operations, secure communications - Configuration: Kodachi VPN (Hysteria2/V2Ray/Shadowsocks) → Torrified System → Tor DNS - Speed: Moderate

TIER 6: Moderate Anonymity - Single VPN Only (Workflow 18) - Anonymity Level: Moderate (3/5) - Single VPN with encrypted DNS - Best for: Online banking, shopping, business email, general secure browsing, fast performance requirements - Configuration: Kodachi VPN (OpenVPN) → DNScrypt - Speed: Fast

Create Custom Workflows using workflow-manager for: Multi-protocol chains, adaptive failover, custom threat models, automated security responses, and specialized use cases.

NOT Recommended: Tor → VPN

Avoid Configuration: Your Computer → Tor → VPN → Internet

This configuration is widely discouraged; it blocks .onion access, lets the guard see your real IP, makes Tor usage detectable, degrades performance, and shifts trust to the VPN.

Why this is dangerous: Entry nodes see your real IP • ISP detects Tor usage • NO access to .onion sites • Severely degraded performance • VPN provider can see your activity

Evidence: For detailed analysis, read the Tor Project's official documentation on Tor+VPN configurations.

Source Information

Based on Privacy Guides 2025 recommendations, Tor Project official documentation, and Kodachi security research. These workflows represent comprehensive threat modeling from maximum anonymity to secure financial operations.

Hardware Support Matrix

Kodachi Terminal Server bundles 30+ firmware packages to deliver broad WiFi, Ethernet, Bluetooth, GPU, and microcode coverage out of the box.

Hardware Support Matrix
Hardware Type Supported Chipsets & Manufacturers
WiFiIntel (all generations), Broadcom (modern + legacy wl driver), Atheros/Qualcomm, Realtek, MediaTek, Marvell, TI, Atmel
EthernetBroadcom (bnx2, bnx2x), Cavium, Myricom, Netronome, QLogic, Realtek
BluetoothBlueZ firmware, miscellaneous nonfree firmware
GPU / GraphicsAMD (amdgpu for terminal console), Intel (microcode)
MicrocodeIntel CPU microcode updates, AMD CPU microcode updates

Broadcom Wireless Support - Pre-Installed

Broadcom b43 and b43legacy firmware is pre-installed in the ISO at /lib/firmware/b43/ and /lib/firmware/b43legacy/.

Supported chipsets:

  • b43legacy: BCM4301, BCM4303, BCM4306/2 (very old cards)
  • b43: BCM4311, BCM4312, BCM4313, BCM4321-BCM4360 (modern cards)

Drivers included:

  • b43 kernel driver (open-source, loaded automatically)
  • b43legacy kernel driver (for BCM4301-4306/2)
  • broadcom-sta-dkms (wl proprietary driver, alternative for some cards)
  • b43-fwcutter tool (if you need to extract different firmware versions)

No post-boot installation required - firmware is ready to use immediately.

SOCKS Proxy Server Setup (Primary Use Case)

One of Kodachi Terminal's primary use cases is running as a dedicated SOCKS proxy server for your entire network. This allows all devices (phones, tablets, computers) to route traffic through a single anonymized gateway.

Step-by-Step Server Setup

1. Boot Kodachi Terminal Server on dedicated hardware or VM

# Login credentials
# Username: kodachi
# Password: r@@t00

2. Configure network routing

sudo routing-switch connect wireguard              # Connect to VPN
sudo tor-switch torrify-system-nftables-dns       # Torrify system + Tor DNS
sudo dns-switch switch --names dnscrypt-quad9      # Privacy-focused DNS

3. Start SOCKS proxy server (choose one)

Option A: V2Ray SOCKS5 proxy (recommended for performance) 

# Configure V2Ray with SOCKS5 inbound
v2ray run -config /path/to/config.json
# Default SOCKS5 port: 10808

Option B: Microsocks lightweight proxy 

microsocks -i 0.0.0.0 -p 30050  # Listen on all interfaces, port 30050

Option C: Dante SOCKS server (enterprise-grade) 

sudo apt install dante-server
sudo systemctl start danted
# Configure /etc/danted.conf for your network

4. Configure client devices

Point all devices on your network to use: - SOCKS5 Server: <Kodachi-Terminal-Server-IP>:30050 (or your chosen port) - Protocol: SOCKS5

5. Verify proxy is working

sudo ip-fetch                 # Check exit IP
health-control net-check      # Verify no leaks
sudo dns-leak test            # DNS leak test

Managing the Proxy Server

# Monitor active proxy connections
sudo netstat -tulpn | grep microsocks

# Configure firewall to restrict proxy access to trusted IPs
sudo iptables -A INPUT -p tcp --dport 30050 -s TRUSTED_IP -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 30050 -j DROP

Use Case Examples

Example 1: V2Ray Proxy Server for Network

Boot Kodachi Terminal Server on old laptop → Connect to VPN → Start V2Ray SOCKS5 server → Configure all home devices to use proxy → Entire household anonymized

Example 2: VMware Testing Environment

Run Kodachi Terminal Server in VMware Workstation/Fusion → Test all 16 binaries safely → Snapshot before testing → Roll back after experiments → No impact on host system

Example 3: Dedicated Proxy Server Hardware

Old desktop/laptop → Boot Kodachi Terminal Server → Enable persistent storage → Configure routing protocols → Run 24/7 as network proxy gateway → Centralized anonymity for all devices

Example 4: Internet Café/Public Computer

Boot from USB → No installation required → Use Kodachi binaries for secure browsing → Shut down → No traces left on host machine

Example 5: Travel & Hotels

Boot Kodachi Terminal Server on travel laptop → Connect to hotel WiFi → Enable VPN + Tor → Access sensitive accounts securely → Bypass local censorship/monitoring

Example 6: Corporate/Educational Testing

Security researchers → Test Kodachi binaries in isolated VM → Learn CLI commands → Verify routing configurations → Safe environment for experimentation

Boot Menu Overview

Kodachi Terminal Server groups every boot entry by security tier so you can pick the right hardening profile without hunting through every submenu. Use the comparison table for a quick overview, then drop into the guidance below to narrow the choice.

Main Boot Entries

Mode Tier Hotkey Persistence RAM footprint Boot speed Best for
Kodachi Full Hardening Tier 5 H No persistence Medium Slowest boot High-threat environments, maximum kernel security, adversarial scenarios
Kodachi Forensics Mode Tier 5 F No persistence High (runs fully in RAM) Fast Evidence collection, volatile data analysis, anti-forensics operations
Kodachi Secure Boot Mode Tier 4 S No persistence Medium Moderate UEFI Secure Boot systems, module signing enforcement, trusted boot chains
Kodachi Maximum Privacy Tier 4 M No persistence High (runs fully in RAM) Fast Privacy-focused tasks, anonymity operations, anti-tracking measures
Kodachi CPU Hardened Tier 3 C No persistence Medium Slowest boot Vulnerable CPUs (Spectre/Meltdown), speculative execution protection
Encrypted Persistence Tier 3 E LUKS Medium Moderate Long-term use with encrypted storage, password-protected data volumes
Kodachi Persistent Tier 2 P Yes Low Fast Personal devices, trusted environments, everyday privacy usage
Kodachi Live Tier 1 L No persistence Low Fast Quick testing, compatibility verification, hardware diagnostics

Choosing a Profile

  • Tier 5 — Maximum lockdown
  • H · Kodachi Full Hardening — every mitigation enabled for hostile environments.
  • F · Kodachi Forensics Mode — boots fully in RAM so volatile evidence never touches disk.
  • Tier 4 — Secure Boot & privacy
  • S · Kodachi Secure Boot Mode — signed modules and lockdown policies for UEFI Secure Boot.
  • M · Kodachi Maximum Privacy — RAM-only session with debug hooks disabled and memory wiped on shutdown.
  • Tier 3 — Hardened persistence choices
  • C · Kodachi CPU Hardened — prioritizes speculative-execution mitigations on legacy or cloud hardware.
  • E · Encrypted Persistence — keeps long-term data in a LUKS volume without sacrificing daily usability.
  • Tier 2 / Tier 1 — Everyday & disposable boots
  • P · Kodachi Persistent — saves changes on trusted hardware without the overhead of encryption.
  • L · Kodachi Live — fastest throwaway session for diagnostics, demos, or compatibility checks.

Advanced Menu Highlights

Tap A at the boot screen to open the advanced menu and pick from:

  • Security add-ons · DMA-guarded variants, RAM-only toggles, and CPU microcode helpers.
  • Hardware fallbacks · nomodeset, noapic, legacy NIC naming, GPU compatibility modes.
  • Installer workflows · Text-based installer, OEM setup, or unattended deployments.
  • Diagnostics & utilities · Memtest86+, media integrity checks, chain-loading the first disk.

First Boot Experience

Automatic Welcome Screen

On first login, Kodachi Terminal Server automatically performs:

  • Binary Deployment Verification - Validates 6 essential core binaries (health-control, ip-fetch, tor-switch, online-auth, dns-switch, global-launcher)
  • DNSCrypt Auto-Configuration - Enables encrypted DNS on first run (creates marker file)
  • Online Authentication - Authenticates user session with Kodachi services for premium features and account verification
  • System Status Collection - Fetches IP, geolocation, network info, security score
  • Interactive Menu Display - Multi-level menu with 13 main options and 4 submenus (25+ configuration choices)
  • Auto-Refresh System - Updates all information every 10 minutes automatically

Note: 16 total binaries available in hooks directory. Full deployment verification via global-launcher verify checks symlink integrity.

System Status Dashboard

The welcome screen displays comprehensive real-time status information with auto-refresh every 10 minutes:

Category Information Displayed
System Type Live ISO / Installed-Encrypted / Installed-Unencrypted
Security Score 0-100 rating (PARANOID/EXCELLENT/GOOD/MODERATE/WEAK)
Network Status Connected protocol (WireGuard, OpenVPN, etc.) or "No VPN"
Torrification Active Tor routing or Direct connection
DNS Config DNSCrypt, Tor DNS, or Direct DNS servers
Geolocation Current IP address, Country, City
System Info Hostname, MAC address, Timezone
Crypto Prices BTC, ETH, XMR, AZERO current USD prices (fetched from VPS)
Latest News Security and privacy news headlines (fetched from VPS)
Status Indicators [GDeploy:+/-/N/A] Global deployment | [Auth:+/-/⊘] Authentication | [TSync:+/~/⊘] Time sync | [SDNS:*] DNS status | [Net:+] Network | [PermG:+/-] Permission guard

Offline Mode: If internet connectivity is not available, the welcome screen operates in offline mode. Online data (crypto prices, news, authentication) will show placeholder values, and local DNS configuration will be used. All local features remain fully functional.

Interactive Menu System

The welcome screen presents a multi-level menu system with 13 main options organized into 3 sections, plus 4 interactive submenus:

SECTION 1: VPN PROTOCOLS (Options 1-4)

[1] WireGuard

Executes: initial_terminal_setup_wireguard_only

Auth Check → Network Verification → Security Hardening → DNSCrypt Setup → Tor Conflict Check → routing-switch connect wireguard → Connection Validation → Auto-Recovery → Status Report

[2] OpenVPN

Executes: initial_terminal_setup_openvpn_only

Auth Check → Network Verification → Security Hardening → DNSCrypt Setup → Tor Conflict Check → routing-switch connect openvpn → Connection Validation → Auto-Recovery → Status Report

[3] V2Ray

Executes: initial_terminal_setup_v2ray_only

Auth Check → Network Verification → Security Hardening → DNSCrypt Setup → Tor Conflict Check → routing-switch connect v2ray → Connection Validation → Auto-Recovery → Status Report

[4] More VPN Protocols... → Opens VPN Submenu

Access 7 additional VPN protocols: Xray-VLESS-Reality, Xray-VLESS, Xray-Trojan, Shadowsocks, Hysteria2, Mita, Dante SOCKS5

SECTION 2: TOR/PRIVACY & DNS (Options 5-9)

[5] Torrify: Round-Robin

Executes: torrify-balance-nftables-roundrobin

Auth → Network Check → Round-Robin Tor Load Balancing → Verification

[6] Torrify: Consistent-Hash

Executes: torrify-balance-nftables-consistent

Auth → Network Check → Consistent-Hash Tor Routing → Verification

[7] Torrify: Weighted

Executes: torrify-balance-nftables-weighted

Auth → Network Check → Weighted Tor Load Balancing → Verification

[8] WireGuard + Torrify RR

Executes: Combined workflow (WireGuard + Round-Robin Torrify)

Auth → WireGuard Connection → Torrification → Verification

[9] More Tor Options... → Opens Tor Submenu

Access 8 advanced Tor operations: DNSCrypt, Tor DNS, Random DNS servers, DNS fallback, Remote Tor, Single node, Restart instances, List IPs/Countries

SECTION 3: NETWORK & SYSTEM (Options 10-13)

[10] Disconnect Routing

Executes: routing-disconnect-clean

Disconnect all VPN/Tor connections → Clean routing tables → Reset to direct connection

[11] Detorrify System

Executes: detorrify-complete-verify

Remove all Tor routing → Verify clean state → Restore direct connection

[12] Emergency Network Recovery

Executes: recovery-master-complete

Detorrify → Disconnect All → Network Recovery → Reset Configuration → Full Verification

[13] More System Options... → Opens System Submenu

Access 8 system operations: Security score, Integrity check, DNS leak test, Check releases, Flush firewall, Reboot, Shutdown, Exit to shell

VPN PROTOCOLS SUBMENU [Option 4]

[1] Xray-VLESS-Reality

Executes: initial_terminal_setup_xray_vless_reality_only

Auth Check → Network Verification → Security Hardening → DNSCrypt Setup → Tor Conflict Check → routing-switch connect xray-vless-reality → Connection Validation → Auto-Recovery → Status Report

[2] Xray-VLESS

Executes: initial_terminal_setup_xray_vless_only

Auth Check → Network Verification → Security Hardening → DNSCrypt Setup → Tor Conflict Check → routing-switch connect xray-vless → Connection Validation → Auto-Recovery → Status Report

[3] Xray-Trojan

Executes: initial_terminal_setup_xray_trojan_only

Auth Check → Network Verification → Security Hardening → DNSCrypt Setup → Tor Conflict Check → routing-switch connect xray-trojan → Connection Validation → Auto-Recovery → Status Report

[4] Shadowsocks

Executes: initial_terminal_setup_shadowsocks_only

Auth Check → Network Verification → Security Hardening → DNSCrypt Setup → Tor Conflict Check → routing-switch connect shadowsocks → Connection Validation → Auto-Recovery → Status Report

[5] Hysteria2

Executes: initial_terminal_setup_hysteria2_only

Auth Check → Network Verification → Security Hardening → DNSCrypt Setup → Tor Conflict Check → routing-switch connect hysteria2 → Connection Validation → Auto-Recovery → Status Report

[6] Mita

Executes: initial_terminal_setup_mita_only

Auth Check → Network Verification → Security Hardening → DNSCrypt Setup → Tor Conflict Check → routing-switch connect mita → Connection Validation → Auto-Recovery → Status Report

[7] Dante SOCKS5

Executes: initial_terminal_setup_dante_only

Auth Check → Network Verification → Security Hardening → DNSCrypt Setup → Tor Conflict Check → routing-switch connect dante → Connection Validation → Auto-Recovery → Status Report

[0] Back to Main Menu

Return to the main menu

TOR OPTIONS SUBMENU [Option 9]

[1] Enable DNSCrypt

Executes: dns-dnscrypt-enable workflow

Stop Tor DNS → Enable DNSCrypt encrypted DNS → Verification

[2] Enable Tor DNS

Executes: tor-dns-nftables-full workflow

Start Tor DNS service → Configure nftables rules → Full DNS verification

[3] Set Random Reputable Servers

Executes: dns-switch random

Select random DNS servers from curated list of privacy-respecting providers

[4] Set DNS Fallback

Executes: dns-switch fallback

Configure fallback DNS servers for reliability

[5] Remote Tor via RedSocks

Executes: initial_terminal_setup_tor_only

Configure Tor routing via RedSocks proxy → Full torrification

[6] Torrify Single Default Node

Executes: initial_terminal_setup_auth_torrify_only

Auth → Single Tor node torrification → Verification

[7] Restart All Tor Instances

Executes: tor-switch restart-all-instances

Restart all running Tor daemon instances → Verify new circuits

[8] List Tor Instances (IPs & Countries)

Executes: tor-switch list-instances-with-ip

Display all active Tor instances with exit IPs and countries

[0] Back to Main Menu

Return to the main menu

SYSTEM OPTIONS SUBMENU [Option 13]

[1] Check Security Score

Executes: health-control security-score

Comprehensive security analysis with detailed breakdown of all security modules (0-100 score)

[2] System Integrity Check

Executes: integrity-check check-all

Verify binary signatures → Check file integrity → Validate system components

[3] Test DNS Leaks

Executes: dns-leak test

Comprehensive DNS leak detection → Test multiple DNS queries → Report results

[4] Check Releases

Executes: online-info-switch releases

Query VPS for latest Kodachi version information and update availability

[5] Flush iptables and nftables

Executes: tor-switch flush-iptables + tor-switch flush-nftables

Clear all firewall rules → Reset to default policy → Clean state

[6] Reboot System

Executes: sudo reboot

Immediate system reboot

[7] Shutdown System

Executes: sudo shutdown -h now

Immediate system shutdown

[8] Exit (skip to shell)

Exit the welcome menu and access bash shell. Type kodachi to return to menu

[0] Back to Main Menu

Return to the main menu

Post-Workflow Execution: After executing any workflow, you'll see navigation options: - [Enter] - Refresh all system data and display menu (recommended - updates IP, security score, network status) - [s] - Skip refresh and display menu immediately (faster but uses cached data) - [Ctrl+C] - Exit to shell

Submenu Navigation: - Select option number (1-8) to execute that option - Press [0] to return to the previous menu - All menu selections are immediate (no confirmation required)

Auto-Refresh System: - The welcome screen automatically refreshes all data every 10 minutes - Refreshes: IP geolocation, network status, security score, crypto prices, news headlines - Timeout is configurable by editing line 99 in /etc/profile.d/kodachi-welcome.sh

DNS Auto-Configuration

First Boot Setup: On first login, the welcome script automatically: 1. Detects if DNSCrypt has been configured (checks for marker file results/dns-configured in hooks directory) 2. If not found, initiates DNSCrypt auto-configuration 3. Attempts configuration up to 3 times with 5-second delays between attempts 4. Creates marker file results/dns-configured to prevent reconfiguration on subsequent logins 5. Auto-recovery from systemd-resolved conflicts (detects hijacking and restores DNSCrypt)

Force Reconfiguration: 

# Force DNSCrypt setup even if marker exists
kodachi-welcome.sh --force-dns-setup

DNSCrypt Verification: The script continuously verifies: - DNSCrypt service is running - DNSCrypt is the active DNS resolver (not hijacked by systemd-resolved) - DNS queries are encrypted - Fallback to direct DNS if DNSCrypt fails after authentication errors

System Initialization

Binary Deployment: The welcome script automatically: 1. Detects hooks directory location (installed system vs. live session) 2. Searches multiple paths: /home/kodachi/dashboard/hooks/, local directories 3. Verifies all 16 core binaries are present and executable 4. Calls global-launcher verify for comprehensive deployment validation 5. Falls back gracefully if binaries are not found

Network Initialization: 1. Waits 5 seconds for network interfaces to initialize 2. Checks internet connectivity via health-control net-check --domain-only 3. If online: Attempts authentication with online-auth check-login 4. If offline: Operates in offline mode (skips authentication, online data fetching)

GRUB Theme Management (Installed Systems Only): 1. Checks if system is installed (not live ISO) 2. Verifies /boot/grub/live-theme/theme.txt exists 3. If missing, automatically runs /usr/local/bin/kodachi-apply-grub-theme 4. Silent operation on live sessions

Configuration Options

Command-Line Flags: 

# Force DNSCrypt reconfiguration
kodachi-welcome.sh --force-dns-setup

Environment Variables: 

# Skip welcome screen permanently
export KODACHI_SKIP_WELCOME=1

# Add to ~/.bashrc for persistent skip
echo 'export KODACHI_SKIP_WELCOME=1' >> ~/.bashrc

Auto-Refresh Timeout: Edit line 99 in /etc/profile.d/kodachi-welcome.sh: 

AUTO_REFRESH_TIMEOUT=600  # Default: 10 minutes (600 seconds)
# Change to desired value (e.g., 300 for 5 minutes, 1200 for 20 minutes)

Installation Location: The welcome script is installed at: 

/etc/profile.d/kodachi-welcome.sh
It auto-runs on every interactive shell login.

Manual Command Usage

After exiting the menu (System Options → [8] Exit), run commands manually:

# Explore all available commands with -e flag
health-control -e              # 50+ health control commands
routing-switch -e              # All routing and protocol commands
workflow-manager list          # List all 92+ workflow profiles
tor-switch -e                  # Tor management commands
dns-switch -e                  # DNS configuration commands
global-launcher -e             # Binary deployment commands
online-auth -e                 # Authentication commands
integrity-check -e             # System verification commands
dns-leak -e                    # DNS leak detection commands
permission-guard -e            # Permission management commands
logs-hook -e                   # Logging system commands
deps-checker -e                # Dependency checking commands
online-info-switch -e          # Online information commands

# Quick status checks
health-control security-score  # Comprehensive security analysis (0-100)
ip-fetch --json                # Current IP and geolocation (JSON format)
dns-leak test                  # DNS leak detection
routing-switch status          # Network connection status
tor-switch which-is-active     # Active Tor configuration
dns-switch status              # Current DNS configuration

# Network operations (commands used by submenus)
dns-switch random              # Set random reputable DNS servers
dns-switch fallback            # Set fallback DNS servers
tor-switch restart-all-instances         # Restart all Tor instances
tor-switch list-instances-with-ip        # List Tor IPs and countries
tor-switch flush-iptables      # Flush iptables firewall rules
tor-switch flush-nftables      # Flush nftables firewall rules
integrity-check check-all      # Full system integrity verification
online-info-switch releases    # Check latest Kodachi releases

# Start SOCKS5 proxy server
routing-switch microsocks-enable -u USERNAME -p PASSWORD

Running Custom Workflows

Execute any of the 92+ pre-built profiles directly:

# List all available workflows (92+ profiles)
workflow-manager list

# Run specific VPN protocol workflows
sudo workflow-manager run initial_terminal_setup_wireguard_only
sudo workflow-manager run initial_terminal_setup_openvpn_only
sudo workflow-manager run initial_terminal_setup_v2ray_only
sudo workflow-manager run initial_terminal_setup_xray_vless_reality_only
sudo workflow-manager run initial_terminal_setup_shadowsocks_only
sudo workflow-manager run initial_terminal_setup_hysteria2_only
sudo workflow-manager run initial_terminal_setup_dante_only
sudo workflow-manager run initial_terminal_setup_mita_only

# Run Tor/Torrification workflows
sudo workflow-manager run torrify-balance-nftables-roundrobin
sudo workflow-manager run torrify-balance-nftables-consistent
sudo workflow-manager run torrify-balance-nftables-weighted
sudo workflow-manager run initial_terminal_setup_tor_only
sudo workflow-manager run initial_terminal_setup_auth_torrify_only

# Run DNS workflows
sudo workflow-manager run dns-dnscrypt-enable
sudo workflow-manager run tor-dns-nftables-full

# Run system/recovery workflows
sudo workflow-manager run routing-disconnect-clean
sudo workflow-manager run detorrify-complete-verify
sudo workflow-manager run recovery-master-complete

# Create custom workflow
workflow-manager create my-custom-workflow

Workflow Profiles Accessible from Menu: The welcome menu provides access to 25+ specific workflows. All menu options execute workflows via workflow-manager run <profile_id>. Use workflow-manager list to see the complete list of 92+ available profiles.

Bypassing Welcome Screen

To skip the interactive menu on login:

# Set environment variable before login
export KODACHI_SKIP_WELCOME=1

# Or add to ~/.bashrc to skip permanently
echo 'export KODACHI_SKIP_WELCOME=1' >> ~/.bashrc

# Skip just once
KODACHI_SKIP_WELCOME=1 bash

Re-Running Welcome Screen

To manually trigger the welcome screen:

# Source the welcome script directly
source /etc/profile.d/kodachi-welcome.sh

# Or type the shortcut command (if configured)
kodachi

# With force DNS reconfiguration
kodachi-welcome.sh --force-dns-setup

VM and Boot Methods

VMware Workstation/Fusion - 4GB+ RAM recommended - 20GB+ disk (if enabling persistence) - Network adapter: NAT or Bridged - Boot from ISO

VirtualBox - Enable EFI (for UEFI boot) - 4GB+ RAM - Network: NAT or Bridged - Attach ISO to virtual optical drive

QEMU/KVM 

qemu-system-x86_64 -cdrom linux-kodachi-terminal-9.0.1-amd64.iso -m 4096 -enable-kvm

Physical Hardware - Boot from USB drive - BIOS: Set USB as first boot device - UEFI: Select USB from boot menu

Advanced Configuration

Persistent Storage & Encrypted Persistence

Automatic Persistence Setup (Recommended)

Most USB creation tools handle persistence automatically! When creating your bootable USB, select the persistence option in these tools:

  • Rufus (Windows) - Select "Persistent partition size" slider when writing the ISO
  • UUI (Universal USB Installer) - Check "Persistent file size for storing changes" option
  • YUMI (Multiboot) - Supports persistent storage configuration during setup

See the Create Bootable USB section above for tool downloads and setup.

No manual commands needed - The tools will automatically create and configure the persistent partition for you!

Boot Options: - live-persist - Enable persistent storage (standard) - live-persist-encrypted - Enable encrypted persistent storage (recommended for security)

health-control Persistence Management:

For advanced users, health-control provides automated persistence creation:

# Create encrypted persistence (recommended)
sudo health-control create-persistence --encrypted

# Custom size (8GB)
sudo health-control create-persistence --encrypted --size 8192

# Safety check device first
sudo health-control list-storage-devices
sudo health-control usb-safety-check --device /dev/sdX

See Also

For complete documentation of persistence management, encrypted containers, storage encryption, and safety features, see the health-control documentation.

Network Configuration

# Configure static IP
sudo nano /etc/network/interfaces

# Restart networking
sudo systemctl restart networking

# WiFi configuration
sudo nmcli dev wifi connect "SSID" password "PASSWORD"

Firewall Configuration

# Configure firewall rules
sudo iptables -A INPUT -p tcp --dport 30050 -s TRUSTED_IP -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 30050 -j DROP

# Monitor active connections
sudo netstat -tulpn | grep microsocks

Emergency Data Destruction (Nuke Password)

What is Nuke Password?

The nuke password feature allows instant, irreversible destruction of encrypted data in emergency scenarios by destroying LUKS encryption keys, making data permanently unrecoverable.

Requirements

  • Encrypted persistent storage (live-persist-encrypted boot option)
  • LUKS-encrypted partition
  • health-control binary (Kodachi system binary)
  • cryptsetup-nuke-password package (auto-installed by health-control if missing)

The health-control binary provides a safe, automated approach to managing nuke passwords with built-in safety features:

# Step 1: Detect LUKS devices on your system
health-control luks-detect
health-control luks-detect --all-devices    # Include loop and virtual devices
health-control luks-detect --json           # JSON output for scripts

# Step 2: Configure nuke password (Interactive - Recommended)
sudo health-control luks-nuke --action configure --device /dev/sda5
# Prompts for nuke password interactively (safer method)

# OR: Configure with password (Automated - for scripts)
sudo health-control luks-nuke --action configure --device /dev/sda5 --password YOUR_NUKE_PASSWORD

# Step 3: Verify nuke password is configured
health-control luks-nuke --action status                    # Check all LUKS devices
health-control luks-nuke --action status --device /dev/sda5  # Check specific device
health-control luks-nuke --action status --json             # JSON output

# Optional: Remove nuke password
sudo health-control luks-nuke --action remove --device /dev/sda5

Safety Features

When using health-control for nuke password management, you get:

  • Automatic LUKS Validation: Verifies device is actually a LUKS partition before operations
  • Encrypted Header Backup: Creates AES-256-CBC encrypted backup of LUKS header on Desktop (timestamped)
  • Package Management: Auto-installs cryptsetup-nuke-password if not present
  • Comprehensive Logging: All operations logged to logs-hook for audit trail
  • Status Monitoring: Check nuke password status across all LUKS devices
  • JSON Support: Full JSON output for GUI/dashboard integration

Advanced/Manual Method

For advanced users who prefer direct control, you can use the underlying cryptsetup command:

# Add nuke password to existing LUKS partition (manual method)
sudo cryptsetup luksAddNuke /dev/sdX2

# You'll be prompted to:
# 1. Enter existing LUKS password
# 2. Enter new NUKE password (different from normal password)
# 3. Confirm nuke password

# <i class="fas fa-exclamation-triangle" style="color: #ff9800;"></i> WARNING: Manual method does NOT create header backups
# Consider using health-control for automated safety features

How It Works

  1. Normal Boot: Enter regular LUKS password → Data decrypted normally
  2. Emergency Activation: Enter nuke password → LUKS header destroyed instantly → Data permanently unrecoverable
  3. Result: Partition appears as random data, no forensic recovery possible

Activation Process

# During boot, when prompted for LUKS password:
# Enter NUKE password instead of normal password
# → LUKS header immediately destroyed
# → Boot fails (expected)
# → Data permanently destroyed

Use Cases

  • Border crossings / checkpoints under duress
  • Emergency situations requiring immediate data destruction
  • Physical device seizure scenarios
  • Coercive password disclosure situations

Critical Warning

Nuke password destroys ALL data on the encrypted partition permanently. There is NO recovery, NO undo, NO backup restoration. Use only in genuine emergency scenarios. Test in a non-critical environment first.

Troubleshooting

Issue: WiFi not working 

# Check WiFi hardware
lspci | grep -i wireless

# Install missing firmware (if needed)
sudo apt update
sudo apt install firmware-iwlwifi firmware-realtek
sudo modprobe -r iwlwifi && sudo modprobe iwlwifi  # Reload driver

Issue: Shift+2 prints " instead of @ in virtual machines - QEMU CLI: add the US keymap flag when launching 

qemu-system-x86_64 \
  -m 4096 \
  -enable-kvm \
  -k en-us \
  -cdrom kodachi-live.iso \
  -boot d
- virt-manager: open the VM settings → OverviewDisplay Spice/Display VNC → set Keyboard Layout to English (US) before starting the guest. - VirtualBox: SettingsGeneralAdvanced → choose English (US) for keyboard layout, or run VBoxManage modifyvm "Kodachi VM" --keyboard-layout "English (US)".

Issue: Binary not found 

# Verify binaries exist
ls -la ~/dashboard/hooks/

# Check PATH
echo $PATH

# Run with sudo
sudo ip-fetch

Issue: VPN not connecting 

# Check VPN configuration
sudo routing-switch status

# Verify network connectivity
ping -c 4 1.1.1.1

# Check DNS resolution
nslookup check.torproject.org

# Review logs
tail -f ~/dashboard/hooks/logs/routing-switch.log

Issue: Tor not starting 

# Check Tor service status
sudo systemctl status tor

# Review Tor logs
sudo journalctl -u tor -f

# Restart Tor service
sudo tor-switch stop-tor
sudo tor-switch torrify-system-nftables-dns

Issue: DNS leaks detected 

# Switch DNS provider
sudo dns-switch switch --names dnscrypt-quad9

# Test again
sudo dns-leak test --comprehensive

# Verify DNS configuration
cat /etc/resolv.conf

Security Considerations

  1. Always verify downloaded ISOs - Check SHA256 checksums
  2. Use encrypted persistent storage - Enable live-persist-encrypted boot option
  3. Configure nuke password - For emergency data destruction
  4. Restrict proxy access - Use firewall rules to limit client IPs
  5. Regular updates - Keep system packages updated (if using persistence)
  6. Monitor logs - Review service logs for anomalies
  7. Test workflows - Verify anonymity configurations before production use
  8. Backup configurations - Export VPN/proxy configurations separately
  9. Physical security - Secure hardware running proxy server
  10. Network segmentation - Isolate proxy server on dedicated network

Summary

Kodachi Terminal Server is the perfect solution for:

Key Benefits

Network-wide proxy protection - Run as dedicated SOCKS5 server

Safe binary testing - Isolated environment for experimentation

Multi-protocol support - 12+ routing protocols included

Resource efficient - Lightweight terminal-only design (2.4GB ISO)

Production ready - Based on Debian 13 (Trixie) with comprehensive hardware support

Complete toolkit - All 16 Kodachi binaries pre-installed

Maximum compatibility - 30+ firmware packages for WiFi, Ethernet, Bluetooth

Whether you need a dedicated proxy server for your network or a safe testing environment for Kodachi binaries, Kodachi Terminal Server provides a complete, lightweight solution.