@node Overview
@unnumbered Overview

GoVPN is simple secure virtual private network daemon, written entirely
on @url{http://golang.org/, Go programming language}.

Reviewability, high 128-bit security margin and
@url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}
resistance in mind in free software solution are the main goals
for that daemon.

State off art cryptography technologies include:
@url{http://cr.yp.to/snuffle.html, Salsa20} stream encryption,
@url{http://143.53.36.235:8080/tea.htm, XTEA} block encryption,
@url{http://cr.yp.to/mac.html, Poly1305} message authentication,
@url{https://en.wikipedia.org/wiki/Encrypted_key_exchange, Diffie-Hellman Encrypted Key Exchange}
(DH-EKE) powered by @url{http://cr.yp.to/ecdh.html, Curve25519}.
Strong
@url{https://en.wikipedia.org/wiki/Zero-knowledge_password_proof, zero-knowledge}
mutual authentication with key exchange stage is invulnerable
to man-in-the-middle attacks.
@url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy}
property guarantee that compromising of long-term authentication
pre-shared key can not lead to previously captured traffic decrypting.
Rehandshaking ensures session keys rotation. MAC authentication with
one-time keys protects against
@url{https://en.wikipedia.org/wiki/Replay_attack, replay attacks}.

Server can work with several clients simultaneously. Each client is
@strong{identified} by 128-bit key, that does not leak during handshake
and each client stays @strong{anonymous} for MiTM and DPI.

Optional ability to hide payload packets lengths by appending
@strong{noise} to them during transmission. Ability to generate constant
packet rate traffic (@strong{CPR}) that will hide even the fact of
packets appearance.

The only platform specific requirement is TAP network interface support.
API to that kind of device is different, OS dependent and non portable.
So only a few operating systems is officially supported. Author has no
proprietary software to work with, so currently there is lack of either
popular Microsoft Windows or Apple OS X support.

@itemize @bullet
@item
Copylefted free software: licensed under
@url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}
@item
Works with @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
network interfaces on top of UDP entirely
@item
@url{https://www.gnu.org/, GNU}/Linux and
@url{http://www.freebsd.org/, FreeBSD} support
@item IPv6 compatible
@item Encrypted and authenticated payload transport
@item Relatively fast handshake
@item Replay attack protection
@item Perfect forward secrecy property
@item Mutual two-side authentication
@item Zero knowledge authentication
@item Built-in rehandshake and heartbeat features
@item Several simultaneous clients support
@item Hiding of payload packets length with noise
@item Hiding of payload packets appearance with constant packet rate traffic
@item Optional built-in HTTP-server for retrieving information about
known connected peers in @url{http://json.org/, JSON} format
@end itemize