doc/overview.texi

   1 @node Overview
   2 @unnumbered Overview
   3
   4 GoVPN is simple secure virtual private network daemon, written entirely
   5 on @url{http://golang.org/, Go programming language}.
   6
   7 Reviewability, high 128-bit security margin and
   8 @url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}
   9 resistance in mind in free software solution are the main goals
  10 for that daemon.
  11
  12 State off art cryptography technologies include:
  13 @url{http://cr.yp.to/snuffle.html, Salsa20} stream encryption,
  14 @url{http://143.53.36.235:8080/tea.htm, XTEA} block encryption,
  15 @url{http://cr.yp.to/mac.html, Poly1305} message authentication,
  16 @url{https://en.wikipedia.org/wiki/Encrypted_key_exchange, Diffie-Hellman Encrypted Key Exchange}
  17 (DH-EKE) powered by @url{http://cr.yp.to/ecdh.html, Curve25519}.
  18 Strong
  19 @url{https://en.wikipedia.org/wiki/Zero-knowledge_password_proof, zero-knowledge}
  20 mutual authentication with key exchange stage is invulnerable
  21 to man-in-the-middle attacks.
  22 @url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy}
  23 property guarantee that compromising of long-term authentication
  24 pre-shared key can not lead to previously captured traffic decrypting.
  25 Rehandshaking ensures session keys rotation. MAC authentication with
  26 one-time keys protects against
  27 @url{https://en.wikipedia.org/wiki/Replay_attack, replay attacks}.
  28
  29 Server can work with several clients simultaneously. Each client is
  30 @strong{identified} by 128-bit key, that does not leak during handshake
  31 and each client stays @strong{anonymous} for MiTM and DPI.
  32
  33 Optional ability to hide payload packets lengths by appending
  34 @strong{noise} to them during transmission. Ability to generate constant
  35 packet rate traffic (@strong{CPR}) that will hide even the fact of
  36 packets appearance.
  37
  38 The only platform specific requirement is TAP network interface support.
  39 API to that kind of device is different, OS dependent and non portable.
  40 So only a few operating systems is officially supported. Author has no
  41 proprietary software to work with, so currently there is lack of either
  42 popular Microsoft Windows or Apple OS X support.
  43
  44 @itemize @bullet
  45 @item
  46 Copylefted free software: licensed under
  47 @url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}
  48 @item
  49 Works with @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
  50 network interfaces on top of UDP entirely
  51 @item
  52 @url{https://www.gnu.org/, GNU}/Linux and
  53 @url{http://www.freebsd.org/, FreeBSD} support
  54 @item IPv6 compatible
  55 @item Encrypted and authenticated payload transport
  56 @item Relatively fast handshake
  57 @item Replay attack protection
  58 @item Perfect forward secrecy property
  59 @item Mutual two-side authentication
  60 @item Zero knowledge authentication
  61 @item Built-in rehandshake and heartbeat features
  62 @item Several simultaneous clients support
  63 @item Hiding of payload packets length by noise appending
  64 @item Hiding of payload packets appearance with constant packet rate traffic
  65 @item Optional built-in HTTP-server for retrieving information about
  66 known connected peers in @url{http://json.org/, JSON} format
  67 @end itemize