5 GoVPN is simple free software virtual private network daemon,
6 aimed to be reviewable, secure and
7 @url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}/censorship-resistant.
12 Copylefted free software: licenced under
13 @url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}.
16 Fast strong @ref{PAKE, passphrase authenticated} augmented
17 @ref{Handshake, key agreement protocol} with zero-knowledge mutual peers
18 authentication (PAKE DH A-EKE (Diffie-Hellman Augmented Encrypted Key
22 @ref{Verifier structure, Augmented authentication tokens} resistant to
23 offline dictionary attacks. They use CPU and memory hardened hashing
24 algorithm. An attacker can not masquerade a client even with server
25 passphrase verifiers compromising.
28 Encrypted and authenticated @ref{Transport, payload transport}
29 with 128-bit @ref{Developer, security margin} state-of-the-art
33 Optional @ref{Encless, encryptionless mode} of operation: no encryption
34 functions are applied for outgoing traffic, but still confidentiality
35 preserving encoding. Jurisdictions and courts can not either force you
36 to reveal encryption keys or sue for encryption usage.
39 Censorship resistant handshake and transport messages: fully
40 indistinguishable from the noise with optionally hidden packets length.
43 @url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy}
47 Replay attack protection (using one-time MACs and optional time
48 synchronization requirement).
51 Built-in rehandshake (session key rotation) and heartbeat features.
54 Ability to hide packets length with the @ref{Noise, noise} data.
57 Ability to hide payload timestamps with @ref{CPR, constant packet rate}
61 Compatible with @url{http://egd.sourceforge.net/, EGD} (entropy
62 gathering daemon) PRNGs.
65 Several simultaneous clients support with per-client configuration
66 options. Clients have pre-established @ref{Identity, identity} invisible
67 for third-parties (they are anonymous).
70 Uses @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
71 underlying network interfaces.
74 Can use @ref{Network, UDP and TCP} or HTTP @ref{Proxy, proxies}
75 for accessing the server.
78 Fully IPv4 and IPv6 compatible.
81 Optional built-in HTTP-server for retrieving real-time
82 @ref{Stats, statistics} information about known connected peers in
83 @url{http://json.org/, JSON} format.
86 Server is configured through the @url{http://yaml.org/, YAML} file.
89 Written on @url{https://golang.org/, Go} programming language with
90 simple code that can be read and reviewed.
93 @url{https://www.gnu.org/, GNU}/Linux and
94 @url{https://www.freebsd.org/, FreeBSD} support.