4 GoVPN is simple secure virtual private network daemon, written entirely
5 on @url{http://golang.org/, Go programming language}.
7 Reviewability, high 128-bit security margin and
8 @url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}
9 censorship resistance in mind in free software solution are the main
10 goals for that daemon. Most modern widespread protocols and their
11 implementations in software are too complex to be reviewed, analyzed and
14 @ref{Developer manual, State off art cryptography technologies}. Strong
15 mutual authenticated key exchange is invulnerable to man-in-the middle
17 @url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy}
18 property guarantees that compromising of long-term authentication keys
19 does not lead to previously captured traffic decrypting.
20 Compromising of peers password files on server side won't allow attacker
21 to masquerade as the client, because of asymmetric @strong{verifiers}
22 usage, resistant to dictionary attacks. Rehandshaking ensures session
23 keys rotation. One-time keys MAC authentication protects against
24 @url{https://en.wikipedia.org/wiki/Replay_attack, replay attacks}.
26 Server can work with several clients simultaneously. Each client is
27 @strong{identified} by 128-bit key, that does not leak during handshake
28 and each client stays @strong{anonymous} for MiTM and DPI. All settings
29 are applied per-peer separately.
31 Optional ability to hide payload packets lengths by appending
32 @strong{noise} to them during transmission. Ability to generate constant
33 packet rate traffic (@strong{CPR}) that will hide even the fact of
34 packets appearance, their timestamps.
36 The only platform specific requirement is TAP network interface support.
37 API to that kind of device is different, OS dependent and non portable.
38 So only a few operating systems is officially supported. Author has no
39 proprietary software to work with, so currently there is lack of either
40 popular Microsoft Windows or Apple OS X support.
44 Copylefted free software: licensed under
45 @url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}.
47 Works with @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
48 network interfaces on top of either UDP or TCP entirely.
49 @item Ability to use HTTP proxies to access TCP server.
51 @url{https://www.gnu.org/, GNU}/Linux and
52 @url{http://www.freebsd.org/, FreeBSD} support.
53 @item IPv6 compatible.
54 @item Encrypted and authenticated payload transport.
55 @item Relatively fast handshake.
56 @item Password-authenticated key exchange.
57 @item Server-side password verifiers are secure against dictionary
59 @item Attacker can not masquerade a client even with password files
61 @item Replay attack protection.
62 @item Perfect forward secrecy property.
63 @item Mutual two-side authentication.
64 @item Zero knowledge authentication.
65 @item Built-in rehandshake and heartbeat features.
66 @item Several simultaneous clients support.
67 @item Per-client configuration options.
68 @item Hiding of payload packets length with noise.
69 @item Hiding of payload packets timestamps with constant packet rate
71 @item Optional built-in HTTP-server for retrieving information about
72 known connected peers in @url{http://json.org/, JSON} format.
73 @item Compatibility with @url{http://egd.sourceforge.net/, EGD} PRNGs.