1 GoVPN is simple free software virtual private network daemon,
2 aimed to be reviewable, secure and
3 @url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}/censorship-resistant.
5 See also this page @ref{О демоне, on russian}.
10 @url{https://www.gnu.org/philosophy/pragmatic.html, Copylefted}
11 @url{https://www.gnu.org/philosophy/free-sw.html, free software}:
12 licenced under @url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}.
15 Fast strong @ref{PAKE, passphrase authenticated} augmented
16 @ref{Handshake, key agreement protocol} with zero-knowledge mutual peers
17 authentication (PAKE DH A-EKE (Diffie-Hellman Augmented Encrypted Key
21 @ref{Verifier structure, Augmented authentication tokens} resistant to
22 offline dictionary attacks. They use CPU and memory hardened hashing
23 algorithm. An attacker can not masquerade a client even with server
24 passphrase verifiers compromising.
27 Encrypted and authenticated @ref{Transport, payload transport}
28 with 128-bit @ref{Developer, security margin} state-of-the-art non-NIST
32 Optional @ref{Encless, encryptionless mode} of operation: no encryption
33 functions are applied for outgoing traffic, but still confidentiality
34 preserving encoding. Jurisdictions and courts can not either force you
35 to reveal encryption keys or sue for encryption usage.
38 Censorship resistant handshake and transport messages: fully
39 indistinguishable from the noise with optionally hidden packets length.
42 @url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy}
46 Replay attack protection (using one-time MACs and optional
47 @ref{Timesync, time synchronization} requirement).
50 Built-in rehandshake (session key rotation) and heartbeat features.
53 Ability to hide packets length with the @ref{Noise, noise} data.
56 Ability to hide payload timestamps with @ref{CPR, constant packet rate}
60 Compatible with @url{http://egd.sourceforge.net/, EGD} (entropy
61 gathering daemon) PRNGs.
64 Several simultaneous clients support with per-client configuration
65 options. Clients have pre-established @ref{Identity, identity} invisible
66 for third-parties (they are anonymous).
69 Uses @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TUN/TAP}
70 underlying network interfaces.
73 Can use @ref{Network, UDP and TCP} or HTTP @ref{Proxy, proxies}
74 for accessing the server.
77 Fully IPv4 and IPv6 compatible.
80 Optional built-in HTTP-server for retrieving real-time
81 @ref{Stats, statistics} information about known connected peers in
82 @url{http://json.org/, JSON} format.
85 Server is configured through the @url{http://yaml.org/, YAML} file.
88 Ability to use syslog for logging.
91 Written on @url{https://golang.org/, Go} programming language with
92 simple code that can be read and reviewed.
95 @url{https://www.gnu.org/, GNU}/Linux and
96 @url{https://www.freebsd.org/, FreeBSD} support.