All packets captured on network interface are encrypted, authenticated
and sent to remote server, that writes them to his interface, and vice
versa. Client and server use pre-shared authentication key (PSK) and
-128-bit identification key.
-
-Because of stateless UDP nature, after some timeout of inactivity peers
-forget about each other and have to retry handshake process again,
-therefore background heartbeat process will be ran.
+128-bit identification key. There are heartbeat packets used to prevent
+session termination because of peers inactivity.
Handshake is used to mutually authenticate peers, exchange common secret
per-session encryption key and check UDP transport availability.
@itemize @bullet
@item
+Copylefted free software: licensed under
+@url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}
+@item
Works with @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
network interfaces on top of UDP entirely
@item
@url{https://www.gnu.org/, GNU}/Linux and
@url{http://www.freebsd.org/, FreeBSD} support
@item IPv6 compatible
-@item Encrypted and authenticated transport
+@item Encrypted and authenticated payload transport
@item Relatively fast handshake
@item
@url{https://en.wikipedia.org/wiki/Replay_attack, Replay attack} protection
the peers, not even it's hash value)
@item Built-in rehandshake and heartbeat features
@item Several simultaneous clients support
+@item Optional noise-appending for concealing underlying packet's length
+@item Optional built-in HTTP-server for retrieving information about
+known connected peers in @url{http://json.org/, JSON} format
@end itemize