Signed-off-by: Sergey Matveev <stargrave@stargrave.org>
35 files changed:
+@cindex About (russian)
+@cindex Description (russian)
+@cindex О демоне
+@cindex Описание
+@cindex Вступление
@unnumbered Подробнее о демоне GoVPN
GoVPN это простой демон виртуальных частных сетей, код которого нацелен
@unnumbered Подробнее о демоне GoVPN
GoVPN это простой демон виртуальных частных сетей, код которого нацелен
+@cindex About
+@cindex Description
+@cindex Introduction
+
GoVPN is simple free software virtual private network daemon,
aimed to be reviewable, secure and
@url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}/censorship-resistant.
GoVPN is simple free software virtual private network daemon,
aimed to be reviewable, secure and
@url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}/censorship-resistant.
+@cindex Client
+@cindex Client part
+@cindex Client configuration
+@cindex Client side
+@cindex Configuring client
+@cindex govpn-client
@section Client part
Except for common @code{-stats}, @code{-egd} options client has the
@section Client part
Except for common @code{-stats}, @code{-egd} options client has the
+@cindex Contacts
+@cindex Feedback
+@cindex Support
+@cindex Help
+@cindex Maillist
@unnumbered Contacts
Please send questions regarding the use of GoVPN, bug reports and patches to
@unnumbered Contacts
Please send questions regarding the use of GoVPN, bug reports and patches to
+@cindex CPR
+@cindex Constant Packet Rate
@subsection Constant Packet Rate
Constant Packet Rate is used to hide fact of underlying payload packets
@subsection Constant Packet Rate
Constant Packet Rate is used to hide fact of underlying payload packets
+@cindex Developer manual
+@cindex Developer
+@cindex Cryptography
@unnumbered Developer manual
Pay attention how to get @ref{Sources, development source code}.
@unnumbered Developer manual
Pay attention how to get @ref{Sources, development source code}.
+@cindex Download
+@cindex Tarball
+@cindex Prepared tarballs
@section Prepared tarballs
You can obtain releases source code prepared tarballs from the links below:
@section Prepared tarballs
You can obtain releases source code prepared tarballs from the links below:
+@cindex EGD
+@cindex Entropy Gathering Daemon
+@cindex Entropy
@subsection Entropy Gathering Daemon
Overall security mainly depends on client side:
@subsection Entropy Gathering Daemon
Overall security mainly depends on client side:
+@cindex Encryptionless
+@cindex Encryptionless mode
+@cindex Chaffing-and-Winnowing
+@cindex AONT
+@cindex All-Or-Nothing-Transformation
+@cindex OAEP
+@cindex SAEP+
@subsection Encryptionless mode
Some jurisdictions can force user to reveal his encryption keys. However
@subsection Encryptionless mode
Some jurisdictions can force user to reveal his encryption keys. However
+@cindex Example
+@cindex Example usage
+@cindex Tutorial
@section Example usage
Let's assume that there is some insecure link between your computer and
@section Example usage
Let's assume that there is some insecure link between your computer and
@strong{Prepare the client}. Generate client's verifier for Alice as an
example:
@strong{Prepare the client}. Generate client's verifier for Alice as an
example:
@verbatim
client% ./utils/newclient.sh Alice
Enter passphrase:
@verbatim
client% ./utils/newclient.sh Alice
Enter passphrase:
+@cindex FAQ (russian)
+@cindex ЧАВО
+@cindex Часто задаваемые вопросы
@unnumbered Часто задаваемые вопросы
@table @asis
@unnumbered Часто задаваемые вопросы
@table @asis
высокоэнтропийный ключ. Вам нужно доверять только себе, не аппаратному
токену или другому устройству хранения. Это удобно.
высокоэнтропийный ключ. Вам нужно доверять только себе, не аппаратному
токену или другому устройству хранения. Это удобно.
@item Почему вся настройка сети делается вручную?
Потому-что существует так много вариантов использования, конфигураций и
установок, что или я поддерживаю их всех, или использую громоздкие
@item Почему вся настройка сети делается вручную?
Потому-что существует так много вариантов использования, конфигураций и
установок, что или я поддерживаю их всех, или использую громоздкие
уровне сессии: оно не спасёт если сессионный ключ скомпрометирован из
памяти.
уровне сессии: оно не спасёт если сессионный ключ скомпрометирован из
памяти.
+@cindex Анонимность
+@cindex Анонимные клиенты
@item Что вы подразумеваете когда говорите что клиенты анонимны?
Что третьей лицо не может отличить одного клиента от другого, смотря на
трафик (транспортный или рукопожатия).
@item Что вы подразумеваете когда говорите что клиенты анонимны?
Что третьей лицо не может отличить одного клиента от другого, смотря на
трафик (транспортный или рукопожатия).
+@cindex Цензуроустойчивость
@item Что вы подразумеваете под цензуроустойчивостью?
Невозможность определить GoVPN ли это трафик или просто
@code{cat /dev/urandom | nc somehost}. Если вы не можете отличить один
@item Что вы подразумеваете под цензуроустойчивостью?
Невозможность определить GoVPN ли это трафик или просто
@code{cat /dev/urandom | nc somehost}. Если вы не можете отличить один
+@cindex FAQ
+@cindex Frequently Asked Questions
@unnumbered Frequently Asked Questions
@table @asis
@unnumbered Frequently Asked Questions
@table @asis
@item Why do not you use TLS?
It is complicated protocol. It uses Authenticate-then-Encrypt ordering
of algorithms -- it is not secure. Moreover its libraries are huge and
hard to read, review and analyze.
@item Why do not you use TLS?
It is complicated protocol. It uses Authenticate-then-Encrypt ordering
of algorithms -- it is not secure. Moreover its libraries are huge and
hard to read, review and analyze.
@item Why do not you use SSH?
Its first protocol versions used A-a-E ordering, however later ones
supports even ChaCha20-Poly1305 algorithms. But its source code is not
so trivial and rather big to read and review. OpenSSH does not support
strong zero-knowledge password authentication.
@item Why do not you use SSH?
Its first protocol versions used A-a-E ordering, however later ones
supports even ChaCha20-Poly1305 algorithms. But its source code is not
so trivial and rather big to read and review. OpenSSH does not support
strong zero-knowledge password authentication.
@item Why do not you use IPsec?
It is rather good protocol, supported by all modern OSes. But it lacks
strong zero-knowledge password authentication and, again, its code is
@item Why do not you use IPsec?
It is rather good protocol, supported by all modern OSes. But it lacks
strong zero-knowledge password authentication and, again, its code is
authentication, high cryptographic protocol security, and most of this
software is written in C -- it is hard to write right on it.
authentication, high cryptographic protocol security, and most of this
software is written in C -- it is hard to write right on it.
+@cindex Why Go
+@cindex Go
@item Why GoVPN is written on Go?
Go is very easy to read, review and support. It makes complex code
writing a harder task. It provides everything needed to the C language:
@item Why GoVPN is written on Go?
Go is very easy to read, review and support. It makes complex code
writing a harder task. It provides everything needed to the C language:
You need to trust only yourself, not hardware token or some other
storage device. It is convenient.
You need to trust only yourself, not hardware token or some other
storage device. It is convenient.
+@cindex Network configuration
@item Why all network configuration must be done manually?
Because there are so many use-cases and setups, so many various
protocols, that either I support all of them, or use complicated
protocol setups like PPP, or just give right of the choice to the
administrator. VPN is only just a layer.
@item Why all network configuration must be done manually?
Because there are so many use-cases and setups, so many various
protocols, that either I support all of them, or use complicated
protocol setups like PPP, or just give right of the choice to the
administrator. VPN is only just a layer.
+@cindex Windows
+@cindex Microsoft Windows
+@cindex Apple OS X
+@cindex OS X
@item Why there is no either OS X or Windows support?
Any closed source proprietary systems do not give ability to control the
computer. You can not securely use cryptography-related stuff without
@item Why there is no either OS X or Windows support?
Any closed source proprietary systems do not give ability to control the
computer. You can not securely use cryptography-related stuff without
keys. PFS property is per-session level: it won't protect from leaking
the session key from the memory.
keys. PFS property is per-session level: it won't protect from leaking
the session key from the memory.
+@cindex Anonymity
+@cindex Anonymous clients
@item What do you mean by saying that clients are anonymous?
That third-party can not differentiate one client from another looking
at the traffic (transport and handshake).
@item What do you mean by saying that clients are anonymous?
That third-party can not differentiate one client from another looking
at the traffic (transport and handshake).
+@cindex Censorship
+@cindex Censorship resistance
+@cindex Censorship resistant
+@cindex DPI resistant
+@cindex DPI resistance
+@cindex DPI
@item What do you mean by censorship resistance?
Unability to distinguish either is it GoVPN-traffic is passing by, or
just @code{cat /dev/urandom | nc somehost}. If you can not differentiate
@item What do you mean by censorship resistance?
Unability to distinguish either is it GoVPN-traffic is passing by, or
just @code{cat /dev/urandom | nc somehost}. If you can not differentiate
going on in the network. With CPR option enabled you can tell either
somebody is online, or not -- nothing less, nothing more.
going on in the network. With CPR option enabled you can tell either
somebody is online, or not -- nothing less, nothing more.
@item Can I DoS (denial of service) the daemon?
Each transport packet is authenticated first with the very fast UMAC
algorithm -- in most cases resource consumption of TCP/UDP layers will
@item Can I DoS (denial of service) the daemon?
Each transport packet is authenticated first with the very fast UMAC
algorithm -- in most cases resource consumption of TCP/UDP layers will
* In the media: Media.
* TODO::
* Copying conditions::
* In the media: Media.
* TODO::
* Copying conditions::
@end menu
@include about.ru.texi
@end menu
@include about.ru.texi
@insertcopying
@verbatiminclude fdl.txt
@insertcopying
@verbatiminclude fdl.txt
+
+@node Concept index
+@unnumbered Concept index
+
+@printindex cp
+
+@cindex Handshake
+@cindex Handshake protocol
+@cindex Diffie-Hellman
+@cindex ed25519
+@cindex curve25519
+@cindex Elligator
+@cindex Perfect Forward Secrecy
+@cindex PFS
+@cindex IDtag
+@cindex Shared key
+@cindex DH-EKE
+@cindex DH
+@cindex EKE
+@cindex A-EKE
+@cindex DH-A-EKE
@section Handshake protocol
@verbatiminclude handshake.utxt
@section Handshake protocol
@verbatiminclude handshake.utxt
+@cindex Client identity
+@cindex Identity
@subsection Identity
Client's identity is 128-bit string. It is not secret, so can be
@subsection Identity
Client's identity is 128-bit string. It is not secret, so can be
+@cindex Installation
+@cindex Getting GoVPN
+@cindex Requirements
+@cindex Dependencies
+@cindex Ports
+@cindex Packages
+@cindex FreeBSD
+@cindex AUR
+@cindex Texinfo
@unnumbered Installation
Possibly GoVPN already exists in your distribution:
@unnumbered Installation
Possibly GoVPN already exists in your distribution:
+@cindex Integrity
+@cindex Tarball integrity
+@cindex PGP
+@cindex Public key
@section Tarballs integrity check
You @strong{have to} verify downloaded archives integrity and check
@section Tarballs integrity check
You @strong{have to} verify downloaded archives integrity and check
+@cindex In the media
+@cindex Articles
@unnumbered In the media
@itemize
@unnumbered In the media
@itemize
+@cindex MTU
+@cindex Maximum Transmission Unit
@subsection Maximum Transmission Unit
MTU option tells what maximum transmission unit is expected to get from
@subsection Maximum Transmission Unit
MTU option tells what maximum transmission unit is expected to get from
+@cindex Transport
+@cindex Network transport
+@cindex TCP
+@cindex UDP
@subsection Network transport
You can use either UDP or TCP underlying network transport protocols.
@subsection Network transport
You can use either UDP or TCP underlying network transport protocols.
+@cindex Releases
+@cindex News
@unnumbered News
@table @strong
@item Release 5.1
@unnumbered News
@table @strong
@item Release 5.1
@itemize
@item Server is configured using @url{http://yaml.org/, YAML} file. It
is very convenient to have comments and templates, comparing to JSON.
@itemize
@item Server is configured using @url{http://yaml.org/, YAML} file. It
is very convenient to have comments and templates, comparing to JSON.
@end itemize
@item Release 5.0
@end itemize
@item Release 5.0
@itemize
@item New optional @ref{Encless, encryptionless mode} of operation.
Technically no encryption functions are applied for outgoing packets, so
@itemize
@item New optional @ref{Encless, encryptionless mode} of operation.
Technically no encryption functions are applied for outgoing packets, so
@end itemize
@item Release 4.2
@end itemize
@item Release 4.2
@itemize
@item Fixed non-critical bug when server may fail if up-script is not
executed successfully.
@end itemize
@item Release 4.1
@itemize
@item Fixed non-critical bug when server may fail if up-script is not
executed successfully.
@end itemize
@item Release 4.1
@itemize
@item @url{https://password-hashing.net/#argon2, Argon2d} is used instead
of PBKDF2 for password verifier hashing.
@itemize
@item @url{https://password-hashing.net/#argon2, Argon2d} is used instead
of PBKDF2 for password verifier hashing.
@end itemize
@item Release 4.0
@end itemize
@item Release 4.0
@itemize
@item Handshake messages can be noised: their messages lengths are
hidden. Now they are indistinguishable from transport messages.
@itemize
@item Handshake messages can be noised: their messages lengths are
hidden. Now they are indistinguishable from transport messages.
@end itemize
@item Release 3.5
@end itemize
@item Release 3.5
@itemize
@item Ability to use @ref{Network, TCP} network transport.
Server can listen on both UDP and TCP sockets.
@itemize
@item Ability to use @ref{Network, TCP} network transport.
Server can listen on both UDP and TCP sockets.
@end itemize
@item Release 3.4
@end itemize
@item Release 3.4
@itemize
@item Ability to use external @ref{EGD}-compatible PRNGs. Now you are
able to use GoVPN even on systems with the bad @code{/dev/random},
@itemize
@item Ability to use external @ref{EGD}-compatible PRNGs. Now you are
able to use GoVPN even on systems with the bad @code{/dev/random},
@end itemize
@item Release 3.3
@end itemize
@item Release 3.3
@itemize
@item Compatibility with an old GNU Make 3.x. Previously only BSD Make
and GNU Make 4.x were supported.
@itemize
@item Compatibility with an old GNU Make 3.x. Previously only BSD Make
and GNU Make 4.x were supported.
@end itemize
@item Release 3.2
@end itemize
@item Release 3.2
@itemize
@item
Deterministic building: dependent libraries source code commits are
@itemize
@item
Deterministic building: dependent libraries source code commits are
@end itemize
@item Release 3.1
@end itemize
@item Release 3.1
@itemize
@item
Diffie-Hellman public keys are encoded with Elligator algorithm when
@itemize
@item
Diffie-Hellman public keys are encoded with Elligator algorithm when
@end itemize
@item Release 3.0
@end itemize
@item Release 3.0
@itemize
@item
EKE protocol is replaced by Augmented-EKE and static symmetric (both
@itemize
@item
EKE protocol is replaced by Augmented-EKE and static symmetric (both
@end itemize
@item Release 2.4
@end itemize
@item Release 2.4
@itemize
@item
Added ability to optionally run built-in HTTP-server responding with
@itemize
@item
Added ability to optionally run built-in HTTP-server responding with
@end itemize
@item Release 2.3
@end itemize
@item Release 2.3
@itemize
@item
Handshake packets became indistinguishable from the random.
@itemize
@item
Handshake packets became indistinguishable from the random.
@end itemize
@item Release 2.2
@end itemize
@item Release 2.2
@itemize
@item Fixed several possible channel deadlocks.
@end itemize
@item Release 2.1
@itemize
@item Fixed several possible channel deadlocks.
@end itemize
@item Release 2.1
@itemize
@item Fixed Linux-related building.
@end itemize
@item Release 2.0
@itemize
@item Fixed Linux-related building.
@end itemize
@item Release 2.0
@itemize
@item Added clients identification.
@item Simultaneous several clients support by server.
@itemize
@item Added clients identification.
@item Simultaneous several clients support by server.
@end itemize
@item Release 1.5
@end itemize
@item Release 1.5
@itemize
@item Nonce obfuscation/encryption.
@end itemize
@item Release 1.4
@itemize
@item Nonce obfuscation/encryption.
@end itemize
@item Release 1.4
@itemize
@item Performance optimizations.
@end itemize
@item Release 1.3
@itemize
@item Performance optimizations.
@end itemize
@item Release 1.3
@itemize
@item Heartbeat feature.
@item Rehandshake feature.
@itemize
@item Heartbeat feature.
@item Rehandshake feature.
@end itemize
@item Release 1.1
@end itemize
@item Release 1.1
@itemize
@item FreeBSD support.
@end itemize
@item Release 1.0
@itemize
@item FreeBSD support.
@end itemize
@item Release 1.0
@itemize
@item Initial stable release.
@end itemize
@itemize
@item Initial stable release.
@end itemize
+@cindex Noise
+@cindex Timestamps
@subsection Noise
So-called noise is used to hide underlying payload packets length.
@subsection Noise
So-called noise is used to hide underlying payload packets length.
+@cindex Password Authenticated Key Agreement
+@cindex PAKE
@subsection Password Authenticated Key Agreement
GoVPN uses strong password authentication. That means that it uses human
@subsection Password Authenticated Key Agreement
GoVPN uses strong password authentication. That means that it uses human
+@cindex Dangers
+@cindex Precautions
@unnumbered Precautions
@enumerate
@item
@unnumbered Precautions
@enumerate
@item
-We use password (passphrase) authentication, so overall security fully
-depends on its strength. You @strong{should} use long, high-entropy
-passphrases. Also remember to keep passphrase in temporary file and read
-it securely as described in @ref{Verifier, verifier}.
+We use passphrase authentication, so overall security fully depends on
+its strength. You @strong{should} use long, high-entropy passphrases.
+Also remember to keep passphrase in temporary file and read it securely
+as described in @ref{Verifier, verifier}.
@item
You must @strong{never} use the same key for multiple clients.
@item
You must @strong{never} use the same key for multiple clients.
+@cindex Proxy
+@cindex HTTP proxy
+@cindex HTTP authentication
+@cindex CONNECT
+@cindex HTTP
@subsection Proxy
You can proxy your requests through HTTP using CONNECT method. This can
@subsection Proxy
You can proxy your requests through HTTP using CONNECT method. This can
+@cindex Server
+@cindex Server part
+@cindex Server configuration
+@cindex Server side
+@cindex govpn-server
@section Server part
Except for common @code{-stats}, @code{-egd} options server has the
@section Server part
Except for common @code{-stats}, @code{-egd} options server has the
+@cindex YAML
+@cindex YAML configuration
+@cindex Configuration file
Configuration file is YAML file with following example structure:
@verbatim
Configuration file is YAML file with following example structure:
@verbatim
For example up-script can be just @code{echo tap10}, or more advanced
like the following one:
For example up-script can be just @code{echo tap10}, or more advanced
like the following one:
@example
#!/bin/sh
$tap=$(ifconfig tap create)
@example
#!/bin/sh
$tap=$(ifconfig tap create)
+@cindex Sources
+@cindex Source code
+@cindex Development source code
+@cindex Git
+@cindex Repository
+@cindex Mirrors
@section Development source code
Development source code contains the latest version of the code. It may
@section Development source code
Development source code contains the latest version of the code. It may
+@cindex Stats
+@cindex Statistics
@subsection Statistics
Both client and server has ability to show statistics about known
@subsection Statistics
Both client and server has ability to show statistics about known
@unnumbered Thanks
Thanks for contributions and suggestions to:
@unnumbered Thanks
Thanks for contributions and suggestions to:
@subsection Timeout
Because of stateless UDP nature there is no way to reliably know if
@subsection Timeout
Because of stateless UDP nature there is no way to reliably know if
@unnumbered TODO
@itemize
@unnumbered TODO
@itemize
+@cindex Transport
+@cindex Transport protocol
+@cindex Salsa20
+@cindex PRP
+@cindex Nonce
+@cindex Poly1305
+@cindex XTEA
+@cindex Serial
@section Transport protocol
@verbatim
@section Transport protocol
@verbatim
+@cindex User
+@cindex User manual
-Announcements about updates and new releases can be found in @ref{Contacts}.
+Announcements about updates and new releases can be found in
+@ref{Contacts, contacts}.
GoVPN is split into two pieces: @ref{Client} and @ref{Server}. Each of
them work on top of @ref{Network, UDP/TCP} and TAP virtual network
GoVPN is split into two pieces: @ref{Client} and @ref{Server}. Each of
them work on top of @ref{Network, UDP/TCP} and TAP virtual network
nothing more. All you IP-related network management is not touched by
VPN at all. You can automate it using up and down shell scripts.
nothing more. All you IP-related network management is not touched by
VPN at all. You can automate it using up and down shell scripts.
What network performance can user expect? For example single
@emph{Intel i5-2450M 2.5 GHz} core on @emph{FreeBSD 10.2 amd64}
with @emph{Go 1.5.1} gives 786 Mbps (UDP transport) throughput.
What network performance can user expect? For example single
@emph{Intel i5-2450M 2.5 GHz} core on @emph{FreeBSD 10.2 amd64}
with @emph{Go 1.5.1} gives 786 Mbps (UDP transport) throughput.
+@cindex Verifier
+@cindex storekey.sh
+@cindex govpn-verifier
@subsection Verifier
Verifier is created using @code{govpn-verifier} utility. But currently
@subsection Verifier
Verifier is created using @code{govpn-verifier} utility. But currently
+@cindex Verifier structure
+@cindex Argon2
+@cindex Argon2d
+@cindex Salt
@section Verifier structure
Verifier is a derivative of the password. It is resistant to
@section Verifier structure
Verifier is a derivative of the password. It is resistant to