1 GoVPN is simple free software virtual private network daemon,
2 aimed to be reviewable, secure and
3 @url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}/censorship-resistant.
8 Copylefted free software: licenced under
9 @url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}.
12 Fast strong @ref{PAKE, passphrase authenticated} augmented
13 @ref{Handshake, key agreement protocol} with zero-knowledge mutual peers
14 authentication (PAKE DH A-EKE (Diffie-Hellman Augmented Encrypted Key
18 @ref{Verifier structure, Augmented authentication tokens} resistant to
19 offline dictionary attacks. They use CPU and memory hardened hashing
20 algorithm. An attacker can not masquerade a client even with server
21 passphrase verifiers compromising.
24 Encrypted and authenticated @ref{Transport, payload transport}
25 with 128-bit @ref{Developer, security margin} state-of-the-art
29 Optional @ref{Encless, encryptionless mode} of operation: no encryption
30 functions are applied for outgoing traffic, but still confidentiality
31 preserving encoding. Jurisdictions and courts can not either force you
32 to reveal encryption keys or sue for encryption usage.
35 Censorship resistant handshake and transport messages: fully
36 indistinguishable from the noise with optionally hidden packets length.
39 @url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy}
43 Replay attack protection (using one-time MACs).
46 Built-in rehandshake (session key rotation) and heartbeat features.
49 Ability to hide packets length with the @ref{Noise, noise} data.
52 Ability to hide payload timestamps with @ref{CPR, constant packet rate}
56 Compatible with @url{http://egd.sourceforge.net/, EGD} (entropy
57 gathering daemon) PRNGs.
60 Several simultaneous clients support with per-client configuration
61 options. Clients have pre-established @ref{Identity, identity} invisible
62 for third-parties (they are anonymous).
65 Uses @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
66 underlying network interfaces.
69 Can use @ref{Network, UDP and TCP} or HTTP @ref{Proxy, proxies}
70 for accessing the server.
73 Fully IPv4 and IPv6 compatible.
76 Optional built-in HTTP-server for retrieving real-time
77 @ref{Stats, statistics} information about known connected peers in
78 @url{http://json.org/, JSON} format.
81 Server is configured through the @url{http://yaml.org/, YAML} file.
84 Written on @url{https://golang.org/, Go} programming language with
85 simple code that can be read and reviewed.
88 @url{https://www.gnu.org/, GNU}/Linux and
89 @url{https://www.freebsd.org/, FreeBSD} support.