doc/overview.texi

   1 @node Overview
   2 @unnumbered Overview
   3
   4 GoVPN is simple secure virtual private network daemon, written entirely
   5 on @url{http://golang.org/, Go programming language}.
   6
   7 Reviewability, high 128-bit security margin and
   8 @url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}
   9 resistance in mind in free software solution are the main goals
  10 for that daemon.
  11
  12 State off art cryptography technologies include:
  13 @url{http://cr.yp.to/snuffle.html, Salsa20} stream encryption,
  14 @url{http://143.53.36.235:8080/tea.htm, XTEA} block encryption,
  15 @url{http://cr.yp.to/mac.html, Poly1305} message authentication,
  16 @url{https://en.wikipedia.org/wiki/Encrypted_key_exchange, Diffie-Hellman Encrypted Key Exchange}
  17 (DH-EKE) powered by @url{http://cr.yp.to/ecdh.html, Curve25519}.
  18 Strong
  19 @url{https://en.wikipedia.org/wiki/Zero-knowledge_password_proof, zero-knowledge}
  20 mutual authentication with key exchange stage is invulnerable
  21 to man-in-the-middle attacks.
  22 @url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy}
  23 property guarantee that compromising of long-term authentication
  24 pre-shared key can not lead to previously captured traffic decrypting.
  25 Rehandshaking ensures session keys rotation. MAC authentication with
  26 one-time keys protects against
  27 @url{https://en.wikipedia.org/wiki/Replay_attack, replay attacks}.
  28
  29 Server can work with several clients simultaneously. Each client is
  30 @strong{identified} by 128-bit key, that does not leak during handshake
  31 and each client stays @strong{anonymous} for MiTM and DPI.
  32
  33
  34 The only platform specific requirement is TAP network interface support.
  35 API to that kind of device is different, OS dependent and non portable.
  36 So only a few operating systems is officially supported. Author has no
  37 proprietary software to work with, so currently there is lack of either
  38 popular Microsoft Windows or Apple OS X support.
  39
  40 @itemize @bullet
  41 @item
  42 Copylefted free software: licensed under
  43 @url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}
  44 @item
  45 Works with @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
  46 network interfaces on top of UDP entirely
  47 @item
  48 @url{https://www.gnu.org/, GNU}/Linux and
  49 @url{http://www.freebsd.org/, FreeBSD} support
  50 @item IPv6 compatible
  51 @item Encrypted and authenticated payload transport
  52 @item Relatively fast handshake
  53 @item Replay attack protection
  54 @item Perfect forward secrecy property
  55 @item Mutual two-side authentication
  56 @item Zero knowledge authentication
  57 @item Built-in rehandshake and heartbeat features
  58 @item Several simultaneous clients support
  59 @item Hiding of payload packets length by noise appending
  60 @item Optional built-in HTTP-server for retrieving information about
  61 known connected peers in @url{http://json.org/, JSON} format
  62 @end itemize