@node О демоне
+@cindex About (russian)
+@cindex Description (russian)
+@cindex О демоне
+@cindex Описание
+@cindex Вступление
@unnumbered Подробнее о демоне GoVPN
GoVPN это простой демон виртуальных частных сетей, код которого нацелен
+@cindex About
+@cindex Description
+@cindex Introduction
+
GoVPN is simple free software virtual private network daemon,
aimed to be reviewable, secure and
@url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}/censorship-resistant.
@node Client
+@cindex Client
+@cindex Client part
+@cindex Client configuration
+@cindex Client side
+@cindex Configuring client
+@cindex govpn-client
@section Client part
Except for common @code{-stats}, @code{-egd} options client has the
@node Contacts
+@cindex Contacts
+@cindex Feedback
+@cindex Support
+@cindex Help
+@cindex Maillist
@unnumbered Contacts
Please send questions regarding the use of GoVPN, bug reports and patches to
@node CPR
+@cindex CPR
+@cindex Constant Packet Rate
@subsection Constant Packet Rate
Constant Packet Rate is used to hide fact of underlying payload packets
@node Developer
+@cindex Developer manual
+@cindex Developer
+@cindex Cryptography
@unnumbered Developer manual
Pay attention how to get @ref{Sources, development source code}.
@node Tarballs
+@cindex Download
+@cindex Tarball
+@cindex Prepared tarballs
@section Prepared tarballs
You can obtain releases source code prepared tarballs from the links below:
@node EGD
+@cindex EGD
+@cindex Entropy Gathering Daemon
+@cindex Entropy
@subsection Entropy Gathering Daemon
Overall security mainly depends on client side:
@node Encless
+@cindex Encryptionless
+@cindex Encryptionless mode
+@cindex Chaffing-and-Winnowing
+@cindex AONT
+@cindex All-Or-Nothing-Transformation
+@cindex OAEP
+@cindex SAEP+
@subsection Encryptionless mode
Some jurisdictions can force user to reveal his encryption keys. However
@node Example
+@cindex Example
+@cindex Example usage
+@cindex Tutorial
@section Example usage
Let's assume that there is some insecure link between your computer and
@strong{Prepare the client}. Generate client's verifier for Alice as an
example:
+@cindex newclient.sh
+
@verbatim
client% ./utils/newclient.sh Alice
Enter passphrase:
@node ЧАВО
+@cindex FAQ (russian)
+@cindex ЧАВО
+@cindex Часто задаваемые вопросы
@unnumbered Часто задаваемые вопросы
@table @asis
высокоэнтропийный ключ. Вам нужно доверять только себе, не аппаратному
токену или другому устройству хранения. Это удобно.
+@cindex Настройка сети
@item Почему вся настройка сети делается вручную?
Потому-что существует так много вариантов использования, конфигураций и
установок, что или я поддерживаю их всех, или использую громоздкие
уровне сессии: оно не спасёт если сессионный ключ скомпрометирован из
памяти.
+@cindex Анонимность
+@cindex Анонимные клиенты
@item Что вы подразумеваете когда говорите что клиенты анонимны?
Что третьей лицо не может отличить одного клиента от другого, смотря на
трафик (транспортный или рукопожатия).
+@cindex Цензуроустойчивость
@item Что вы подразумеваете под цензуроустойчивостью?
Невозможность определить GoVPN ли это трафик или просто
@code{cat /dev/urandom | nc somehost}. Если вы не можете отличить один
@node FAQ
+@cindex FAQ
+@cindex Frequently Asked Questions
@unnumbered Frequently Asked Questions
@table @asis
+@cindex TLS
@item Why do not you use TLS?
It is complicated protocol. It uses Authenticate-then-Encrypt ordering
of algorithms -- it is not secure. Moreover its libraries are huge and
hard to read, review and analyze.
+@cindex SSH
@item Why do not you use SSH?
Its first protocol versions used A-a-E ordering, however later ones
supports even ChaCha20-Poly1305 algorithms. But its source code is not
so trivial and rather big to read and review. OpenSSH does not support
strong zero-knowledge password authentication.
+@cindex IPsec
@item Why do not you use IPsec?
It is rather good protocol, supported by all modern OSes. But it lacks
strong zero-knowledge password authentication and, again, its code is
authentication, high cryptographic protocol security, and most of this
software is written in C -- it is hard to write right on it.
+@cindex Why Go
+@cindex Go
@item Why GoVPN is written on Go?
Go is very easy to read, review and support. It makes complex code
writing a harder task. It provides everything needed to the C language:
You need to trust only yourself, not hardware token or some other
storage device. It is convenient.
+@cindex Network configuration
@item Why all network configuration must be done manually?
Because there are so many use-cases and setups, so many various
protocols, that either I support all of them, or use complicated
protocol setups like PPP, or just give right of the choice to the
administrator. VPN is only just a layer.
+@cindex Windows
+@cindex Microsoft Windows
+@cindex Apple OS X
+@cindex OS X
@item Why there is no either OS X or Windows support?
Any closed source proprietary systems do not give ability to control the
computer. You can not securely use cryptography-related stuff without
keys. PFS property is per-session level: it won't protect from leaking
the session key from the memory.
+@cindex Anonymity
+@cindex Anonymous clients
@item What do you mean by saying that clients are anonymous?
That third-party can not differentiate one client from another looking
at the traffic (transport and handshake).
+@cindex Censorship
+@cindex Censorship resistance
+@cindex Censorship resistant
+@cindex DPI resistant
+@cindex DPI resistance
+@cindex DPI
@item What do you mean by censorship resistance?
Unability to distinguish either is it GoVPN-traffic is passing by, or
just @code{cat /dev/urandom | nc somehost}. If you can not differentiate
going on in the network. With CPR option enabled you can tell either
somebody is online, or not -- nothing less, nothing more.
+@cindex DoS
@item Can I DoS (denial of service) the daemon?
Each transport packet is authenticated first with the very fast UMAC
algorithm -- in most cases resource consumption of TCP/UDP layers will
* In the media: Media.
* TODO::
* Copying conditions::
+* Concept index::
@end menu
@include about.ru.texi
@insertcopying
@verbatiminclude fdl.txt
+
+@node Concept index
+@unnumbered Concept index
+
+@printindex cp
+
@bye
@node Handshake
+@cindex Handshake
+@cindex Handshake protocol
+@cindex Diffie-Hellman
+@cindex ed25519
+@cindex curve25519
+@cindex Elligator
+@cindex Perfect Forward Secrecy
+@cindex PFS
+@cindex IDtag
+@cindex Shared key
+@cindex DH-EKE
+@cindex DH
+@cindex EKE
+@cindex A-EKE
+@cindex DH-A-EKE
@section Handshake protocol
@verbatiminclude handshake.utxt
@node Identity
+@cindex Client identity
+@cindex Identity
@subsection Identity
Client's identity is 128-bit string. It is not secret, so can be
@node Installation
+@cindex Installation
+@cindex Getting GoVPN
+@cindex Requirements
+@cindex Dependencies
+@cindex Ports
+@cindex Packages
+@cindex FreeBSD
+@cindex AUR
+@cindex Texinfo
@unnumbered Installation
Possibly GoVPN already exists in your distribution:
@node Integrity
+@cindex Integrity
+@cindex Tarball integrity
+@cindex PGP
+@cindex Public key
@section Tarballs integrity check
You @strong{have to} verify downloaded archives integrity and check
@node Media
+@cindex In the media
+@cindex Articles
@unnumbered In the media
@itemize
@node MTU
+@cindex MTU
+@cindex Maximum Transmission Unit
@subsection Maximum Transmission Unit
MTU option tells what maximum transmission unit is expected to get from
@node Network
+@cindex Transport
+@cindex Network transport
+@cindex TCP
+@cindex UDP
@subsection Network transport
You can use either UDP or TCP underlying network transport protocols.
@node News
+@cindex Releases
+@cindex News
@unnumbered News
@table @strong
@item Release 5.1
+@cindex Release 5.1
@itemize
@item Server is configured using @url{http://yaml.org/, YAML} file. It
is very convenient to have comments and templates, comparing to JSON.
@end itemize
@item Release 5.0
+@cindex Release 5.0
@itemize
@item New optional @ref{Encless, encryptionless mode} of operation.
Technically no encryption functions are applied for outgoing packets, so
@end itemize
@item Release 4.2
+@cindex Release 4.2
@itemize
@item Fixed non-critical bug when server may fail if up-script is not
executed successfully.
@end itemize
@item Release 4.1
+@cindex Release 4.1
@itemize
@item @url{https://password-hashing.net/#argon2, Argon2d} is used instead
of PBKDF2 for password verifier hashing.
@end itemize
@item Release 4.0
+@cindex Release 4.0
@itemize
@item Handshake messages can be noised: their messages lengths are
hidden. Now they are indistinguishable from transport messages.
@end itemize
@item Release 3.5
+@cindex Release 3.5
@itemize
@item Ability to use @ref{Network, TCP} network transport.
Server can listen on both UDP and TCP sockets.
@end itemize
@item Release 3.4
+@cindex Release 3.4
@itemize
@item Ability to use external @ref{EGD}-compatible PRNGs. Now you are
able to use GoVPN even on systems with the bad @code{/dev/random},
@end itemize
@item Release 3.3
+@cindex Release 3.3
@itemize
@item Compatibility with an old GNU Make 3.x. Previously only BSD Make
and GNU Make 4.x were supported.
@end itemize
@item Release 3.2
+@cindex Release 3.2
@itemize
@item
Deterministic building: dependent libraries source code commits are
@end itemize
@item Release 3.1
+@cindex Release 3.1
@itemize
@item
Diffie-Hellman public keys are encoded with Elligator algorithm when
@end itemize
@item Release 3.0
+@cindex Release 3.0
@itemize
@item
EKE protocol is replaced by Augmented-EKE and static symmetric (both
@end itemize
@item Release 2.4
+@cindex Release 2.4
@itemize
@item
Added ability to optionally run built-in HTTP-server responding with
@end itemize
@item Release 2.3
+@cindex Release 2.3
@itemize
@item
Handshake packets became indistinguishable from the random.
@end itemize
@item Release 2.2
+@cindex Release 2.2
@itemize
@item Fixed several possible channel deadlocks.
@end itemize
@item Release 2.1
+@cindex Release 2.1
@itemize
@item Fixed Linux-related building.
@end itemize
@item Release 2.0
+@cindex Release 2.0
@itemize
@item Added clients identification.
@item Simultaneous several clients support by server.
@end itemize
@item Release 1.5
+@cindex Release 1.5
@itemize
@item Nonce obfuscation/encryption.
@end itemize
@item Release 1.4
+@cindex Release 1.4
@itemize
@item Performance optimizations.
@end itemize
@item Release 1.3
+@cindex Release 1.3
@itemize
@item Heartbeat feature.
@item Rehandshake feature.
@end itemize
@item Release 1.1
+@cindex Release 1.1
@itemize
@item FreeBSD support.
@end itemize
@item Release 1.0
+@cindex Release 1.0
@itemize
@item Initial stable release.
@end itemize
@node Noise
+@cindex Noise
+@cindex Timestamps
@subsection Noise
So-called noise is used to hide underlying payload packets length.
@node PAKE
+@cindex Password Authenticated Key Agreement
+@cindex PAKE
@subsection Password Authenticated Key Agreement
GoVPN uses strong password authentication. That means that it uses human
@node Precautions
+@cindex Dangers
+@cindex Precautions
@unnumbered Precautions
@enumerate
@item
-We use password (passphrase) authentication, so overall security fully
-depends on its strength. You @strong{should} use long, high-entropy
-passphrases. Also remember to keep passphrase in temporary file and read
-it securely as described in @ref{Verifier, verifier}.
+We use passphrase authentication, so overall security fully depends on
+its strength. You @strong{should} use long, high-entropy passphrases.
+Also remember to keep passphrase in temporary file and read it securely
+as described in @ref{Verifier, verifier}.
@item
You must @strong{never} use the same key for multiple clients.
@node Proxy
+@cindex Proxy
+@cindex HTTP proxy
+@cindex HTTP authentication
+@cindex CONNECT
+@cindex HTTP
@subsection Proxy
You can proxy your requests through HTTP using CONNECT method. This can
@node Server
+@cindex Server
+@cindex Server part
+@cindex Server configuration
+@cindex Server side
+@cindex govpn-server
@section Server part
Except for common @code{-stats}, @code{-egd} options server has the
@end table
+@cindex YAML
+@cindex YAML configuration
+@cindex Configuration file
Configuration file is YAML file with following example structure:
@verbatim
For example up-script can be just @code{echo tap10}, or more advanced
like the following one:
+@cindex up-script
+
@example
#!/bin/sh
$tap=$(ifconfig tap create)
@node Sources
+@cindex Sources
+@cindex Source code
+@cindex Development source code
+@cindex Git
+@cindex Repository
+@cindex Mirrors
@section Development source code
Development source code contains the latest version of the code. It may
@node Stats
+@cindex Stats
+@cindex Statistics
@subsection Statistics
Both client and server has ability to show statistics about known
@node Thanks
+@cindex Thanks
@unnumbered Thanks
Thanks for contributions and suggestions to:
@node Timeout
+@cindex Timeout
@subsection Timeout
Because of stateless UDP nature there is no way to reliably know if
@node TODO
+@cindex TODO
@unnumbered TODO
@itemize
@node Transport
+@cindex Transport
+@cindex Transport protocol
+@cindex Salsa20
+@cindex PRP
+@cindex Nonce
+@cindex Poly1305
+@cindex XTEA
+@cindex Serial
@section Transport protocol
@verbatim
@node User
+@cindex User
+@cindex User manual
@unnumbered User manual
-Announcements about updates and new releases can be found in @ref{Contacts}.
+Announcements about updates and new releases can be found in
+@ref{Contacts, contacts}.
GoVPN is split into two pieces: @ref{Client} and @ref{Server}. Each of
them work on top of @ref{Network, UDP/TCP} and TAP virtual network
nothing more. All you IP-related network management is not touched by
VPN at all. You can automate it using up and down shell scripts.
+@cindex Performance
What network performance can user expect? For example single
@emph{Intel i5-2450M 2.5 GHz} core on @emph{FreeBSD 10.2 amd64}
with @emph{Go 1.5.1} gives 786 Mbps (UDP transport) throughput.
@node Verifier
+@cindex Verifier
+@cindex storekey.sh
+@cindex govpn-verifier
@subsection Verifier
Verifier is created using @code{govpn-verifier} utility. But currently
@node Verifier structure
+@cindex Verifier structure
+@cindex Argon2
+@cindex Argon2d
+@cindex Salt
@section Verifier structure
Verifier is a derivative of the password. It is resistant to