keligrubb/kestrelos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
a4996e7c91d91e5ab8cd244f2a45f8b9d671f5d1
kestrelos/docs/atak-itak.md
Madison Grubb a4996e7c91
All checks were successful
ci/woodpecker/pr/pr Pipeline was successful
Details
get rid of ambiguous unicode chars
2026-02-17 11:28:47 -05:00

2.8 KiB
Raw Blame History

ATAK and iTAK

KestrelOS acts as a TAK Server. ATAK (Android) and iTAK (iOS) connect on port 8089 (CoT). Devices relay positions to each other and appear on the KestrelOS map.

Connection

Host: KestrelOS hostname/IP
Port: 8089 (CoT)
SSL: Enable if server uses TLS (.dev-certs/ or production cert)

Authentication:

  • Username: KestrelOS identifier
  • Password: Login password (local) or ATAK password (OIDC; set in Account)

ATAK (Android)

  1. SettingsNetworkConnections → Add TAK Server
  2. Set Host and Port (8089)
  3. Enable Use Authentication, enter username/password
  4. Save and connect

iTAK (iOS)

Option A - QR code (easiest):

  1. KestrelOS SettingsTAK Server → Scan QR with iTAK
  2. Enter username/password when prompted

Option B - Manual:

  1. SettingsNetwork → Add TAK Server
  2. Set Host, Port (8089), enable SSL if needed
  3. Enable Use Authentication, enter username/password
  4. Save and connect

Self-Signed Certificate (iTAK)

If server uses self-signed cert (.dev-certs/):

Upload server package:

  1. KestrelOS SettingsTAK ServerDownload server package (zip)
  2. Transfer to iPhone (AirDrop, email, Safari)
  3. iTAK: SettingsNetworkServers+Upload server package
  4. Enter username/password

Or use plain TCP:

  1. Stop KestrelOS, remove .dev-certs/, restart
  2. Add server with SSL disabled

ATAK (Android): Download trust store from https://your-server/api/cot/truststore, import .p12 (password: kestrelos), or use server package/plain TCP.

OIDC Users

OIDC users must set an ATAK password first:

  1. Sign in with OIDC
  2. AccountATAK / device password → set password
  3. Use KestrelOS username + ATAK password in TAK client

Configuration

Variable Default Description
COT_PORT 8089 CoT server port
COT_TTL_MS 90000 Device timeout (~90s)
COT_REQUIRE_AUTH true Require authentication
COT_SSL_CERT .dev-certs/cert.pem TLS cert path
COT_SSL_KEY .dev-certs/key.pem TLS key path

Troubleshooting

"Error authenticating" with no [cot] logs:

  • Connection not reaching server (TLS handshake failed or firewall blocking)
  • Check server logs show [cot] CoT server listening on 0.0.0.0:8089
  • Verify port 8089 (not 3000) and firewall allows it
  • For TLS: trust cert (server package) or use plain TCP

"Error authenticating" with [cot] logs:

  • Username must be KestrelOS identifier
  • Password must match (local: login password; OIDC: ATAK password)

Devices not on map: They appear only while sending updates; drop off after TTL (~90s).

Reference in New Issue View Git Blame Copy Permalink