@node FAQ @unnumbered Frequently Asked Questions @table @asis @item Why do not you use TLS? It is complicated protocol. It uses Authenticate-then-Encrypt ordering of algorithms -- it is not secure. Moreover its libraries are huge and hard to read, review and analyze. @item Why do not you use SSH? Its first protocol versions used A-a-E ordering, however later ones supports even ChaCha20-Poly1305 algorithms. But its source code is not so trivial and rather big to read and review. OpenSSH does not support strong zero-knowledge password authentication. @item Why do not you use IPsec? It is rather good protocol, supported by all modern OSes. But it lacks strong zero-knowledge password authentication and, again, its code is hard to read. @item Why do not you use XXX? For the same reasons: most of software do not provide strong password authentication, high cryptographic protocol security, and most of this software is written in C -- it is hard to write right on it. @item Why GoVPN is written on Go? Go is very easy to read, review and support. It makes complex code writing a harder task. It provides everything needed to the C language: array bounds checking, garbage collection and concurrency primitives. It provides lesser performance (however my setup on the notebook gives more than 750 Mbps of throughput), but higher reliability and much fewer lines of code. @item Why do you authenticate with passphrases? Human is capable of memorizing rather long passphrases (not passwords): 100-200 characters, that gives ability to use it as a high-entropy key. You need to trust only yourself, not hardware token or some other storage device. It is convenient. @item Why all network configuration must be done manually? Because there are so many use-cases and setups, so many various protocols, that either I support all of them, or use complicated protocol setups like PPP, or just give right of the choice to the administrator. VPN is only just a layer. @item Why there is no either OS X or Windows support? Any closed source proprietary systems do not give ability to control the computer. You can not securely use cryptography-related stuff without controlling the underlying computing device. Choose another operating system. @item What do you mean by perfect forward secrecy? You can not decrypt previously saved traffic by compromising long-lived keys. PFS property is per-session level: it won't protect from leaking the session key from the memory. @item What do you mean by saying that clients are anonymous? That third-party can not differentiate one client from another looking at the traffic (transport and handshake). @item What do you mean by censorship resistance? Unability to distinguish either is it GoVPN-traffic is passing by, or just @code{cat /dev/urandom | nc somehost}. If you can not differentiate one kind of traffic from another, then your only option is to forbid all kinds of it. @item When should I use @ref{Encless, encryptionless mode}? If you are operating under jurisdiction where courts can either sue you for encryption usage or force you to somehow reveal you encryption keys (however new session encryption keys are generated each session). Those courts can not demand for authentication and signing keys in most cases. @strong{Do not} let mode's name to confuse you: it still provides confidentiality and authenticity of transmitted data! But pay attention that this mode is traffic and resource hungry and currently operate only in TCP mode. @item When should I use @ref{Noise, noise} option? In most cases you won't need it without @ref{CPR, constant packer rate} turned on. Without CPR and noise options GoVPN traffic (like TLS, IPsec, SSH and other VPN protocols) leaks underlying interface's packets timestamps and sizes. You can run traffic analysis and predict what is going on in the network. With CPR option enabled you can tell either somebody is online, or not -- nothing less, nothing more. @item Can I DoS (denial of service) the daemon? Each transport packet is authenticated first with the very fast UMAC algorithm -- in most cases resource consumption of TCP/UDP layers will be higher then UMAC verifying. Each handshake message is processed only when an encrypted client's @ref{Identity, identity} is found: it uses fast PRP without any entropy usage. @end table