written on Go programming language. It uses Diffie-Hellman Encrypted Key
Exchange (DH-EKE) for mutual zero-knowledge peers authentication and
authenticated encrypted data transport. Other features include:
-IPv4/IPv6, rehandshake, heartbeat, pre-shared keys (PSK), perfect
-forward secrecy (PFS). GNU/Linux and FreeBSD support.
+IPv4/IPv6, rehandshake, heartbeat, pre-shared authentication keys (PSK),
+perfect forward secrecy (PFS), replay attack protection.
+GNU/Linux and FreeBSD support.
Home page: http://www.cypherpunks.ru/govpn/
also available as Tor hidden service: http://vabu56j2ep2rwv3b.onion/govpn/
-You can obtain it's source code either by cloning development branches
-from Git repository: @code{git clone https://github.com/stargrave/govpn.git},
-or by downloading prepared tarballs below.
+You can obtain releases source code prepared tarballs from the links below:
@multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
@headitem Version @tab Size @tab Tarball @tab SHA256 checksum
Sourceforge.net also provides mirror for the files above:
@url{http://sourceforge.net/projects/govpn/files/}.
+
+You can obtain it's development source code either by cloning
+Git repository: @code{git clone https://github.com/stargrave/govpn.git}.
+Pay attention that it does not contain compiled documentation.
@node Installation
@unnumbered Installation
-GoVPN is written on Go programming language, But
-@url{https://www.gnu.org/software/make/, Make} program is recommended
-also to be used. @url{https://www.gnu.org/software/texinfo/, Texinfo} is
-used for building documentation. Also it depends on
-@code{golang.org/x/crypto} Go libraries.
+GoVPN is written on @url{http://golang.org/, Go programming language},
+with @code{golang.org/x/crypto} libraries dependencies.
+@url{https://www.gnu.org/software/make/, GNU Make} is recommended for
+convenient building. @url{https://www.gnu.org/software/texinfo/, Texinfo}
+is used for building documentation.
@include download.texi
their signature to be sure that you have got trusted, untampered
software. For integrity and authentication of downloaded binaries
@url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must
-download signature provided with the tarball and run for example:
+download signature provided with the tarball.
-@example
-gpg --verify govpn-1.5.tar.xz.sig govpn-1.5.tar.xz
-@end example
-
-For the very first time you must also import signing public keys. They
+For the very first time you have to import signing public keys. They
are provided below, but be sure that you are reading them from the
-trusted source. Alternatively check this page from other sources and
-look for the mailing list announcements.
+trusted source. Alternatively check this page from other sources (Tor's
+hidden service for example) and look for the mailing list announcements.
-You have to set up @code{$GOPATH} properly first. For example you can
-clone the repository or decompress tarball and set path like this:
+For example you can get tarball, set proper @code{$GOPATH} and run
+@code{make} ((that will install all necessary libraries and build
+client/server binaries) like this:
@example
% mkdir -p govpn/src
-% git clone https://github.com/stargrave/govpn.git govpn/src/govpn
-or
-% tar xfC govpn-1.5.tar.xz govpn/src && mv govpn/src/govpn-1.5 govpn/src/govpn
+% set -e
+% wget http://www.cypherpunks.ru/govpn/download/govpn-2.3.tar.xz
+% wget http://www.cypherpunks.ru/govpn/download/govpn-2.3.tar.xz.sig
+% gpg --verify govpn-2.3.tar.xz.sig govpn-2.3.tar.xz
+% tar xfC govpn-2.3.tar.xz govpn/src
+% mv govpn/src/govpn-2.3 govpn/src/govpn
% export GOPATH=$(pwd)/govpn:$GOPATH
-@end example
-
-After that you can just type @code{make} and all necessary Go libraries
-will be installed and client/server binaries are built in the current
-directory:
-
-@example
-% cd govpn/src/govpn
-% make
-[or gmake under FreeBSD]
+% gmake -C govpn/src/govpn all
@end example
@include pubkey.texi
All packets captured on network interface are encrypted, authenticated
and sent to remote server, that writes them to his interface, and vice
versa. Client and server use pre-shared authentication key (PSK) and
-128-bit identification key.
-
-Because of stateless UDP nature, after some timeout of inactivity peers
-forget about each other and have to retry handshake process again,
-therefore background heartbeat process will be ran.
+128-bit identification key. There are heartbeat packets used to prevent
+session termination because of peers inactivity.
Handshake is used to mutually authenticate peers, exchange common secret
per-session encryption key and check UDP transport availability.
@node User manual
@unnumbered User manual
+Announcements about updates and new releases can be found in
+@ref{Reporting bugs}.
+
GoVPN is split into two pieces: client and server. Each of them work on
top of UDP and TAP virtual network interfaces. Client and server have
several common configuration command line options:
heartbeats each other every third part of heartbeat. Also this timeout
is the time when server purge his obsolete handshake and peers states.
@item Allowable nonce difference
-To prevent replay attacks we just remembers
-latest received nonce number from the remote peer and drops those who
-has lower ones. Because UDP packets can be reordered during: that
-behaviour can lead to dropping of not replayed ones. This options gives
-ability to create some window of allows difference. That opens the door
-for replay attacks for narrow time interval.
+To prevent replay attacks we just remember latest received nonce number
+from the remote peer and drop those who has lower ones. Because UDP
+packets can be reordered: that behaviour can lead to dropping of not
+replayed ones. This option gives ability to create some window of
+allowable difference. That opens the door for replay attacks for narrow
+time interval.
@item MTU
-Maximum transmission unit.
+Maximum transmission unit, maximum frame size that is acceptable on TAP
+interface.
@end table
Client needs to know his identification, path to the authentication key,