doc/overview.texi

   1 @node Overview
   2 @unnumbered Overview
   3
   4 GoVPN is simple secure virtual private network daemon, written entirely
   5 on @url{http://golang.org/, Go programming language}.
   6
   7 Reviewability, high 128-bit security margin and
   8 @url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}
   9 censorship resistance in mind in free software solution are the main
  10 goals for that daemon. Most modern widespread protocols and their
  11 implementations in software are too complex to be reviewed, analyzed and
  12 modified.
  13
  14 State off art cryptography technologies include:
  15 @url{http://cr.yp.to/snuffle.html, Salsa20} stream encryption,
  16 @url{http://143.53.36.235:8080/tea.htm, XTEA} PRP,
  17 @url{http://cr.yp.to/mac.html, Poly1305} message authentication,
  18 @url{https://en.wikipedia.org/wiki/Encrypted_key_exchange, Diffie-Hellman Encrypted Key Exchange}
  19 (DH-EKE) powered by @url{http://cr.yp.to/ecdh.html, Curve25519}.
  20 Strong
  21 @url{https://en.wikipedia.org/wiki/Zero-knowledge_password_proof, zero-knowledge}
  22 mutual authentication with key exchange stage is invulnerable
  23 to man-in-the-middle attacks.
  24 @url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy}
  25 property guarantee that compromising of long-term authentication
  26 pre-shared key can not lead to previously captured traffic decrypting.
  27 Rehandshaking ensures session keys rotation. MAC authentication with
  28 one-time keys protects against
  29 @url{https://en.wikipedia.org/wiki/Replay_attack, replay attacks}.
  30
  31 Server can work with several clients simultaneously. Each client is
  32 @strong{identified} by 128-bit key, that does not leak during handshake
  33 and each client stays @strong{anonymous} for MiTM and DPI. All settings
  34 are applied per-peer separately.
  35
  36 Optional ability to hide payload packets lengths by appending
  37 @strong{noise} to them during transmission. Ability to generate constant
  38 packet rate traffic (@strong{CPR}) that will hide even the fact of
  39 packets appearance.
  40
  41 The only platform specific requirement is TAP network interface support.
  42 API to that kind of device is different, OS dependent and non portable.
  43 So only a few operating systems is officially supported. Author has no
  44 proprietary software to work with, so currently there is lack of either
  45 popular Microsoft Windows or Apple OS X support.
  46
  47 @itemize @bullet
  48 @item
  49 Copylefted free software: licensed under
  50 @url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}
  51 @item
  52 Works with @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
  53 network interfaces on top of UDP entirely
  54 @item
  55 @url{https://www.gnu.org/, GNU}/Linux and
  56 @url{http://www.freebsd.org/, FreeBSD} support
  57 @item IPv6 compatible
  58 @item Encrypted and authenticated payload transport
  59 @item Relatively fast handshake
  60 @item Replay attack protection
  61 @item Perfect forward secrecy property
  62 @item Mutual two-side authentication
  63 @item Zero knowledge authentication
  64 @item Built-in rehandshake and heartbeat features
  65 @item Several simultaneous clients support
  66 @item Per-client configuration options
  67 @item Hiding of payload packets length with noise
  68 @item Hiding of payload packets appearance with constant packet rate traffic
  69 @item Optional built-in HTTP-server for retrieving information about
  70 known connected peers in @url{http://json.org/, JSON} format
  71 @end itemize