Signed-off-by: Sergey Matveev <stargrave@stargrave.org>
13 files changed:
-@section Constant Packet Rate
+@subsection Constant Packet Rate
Constant Packet Rate is used to hide fact of underlying payload packets
appearance. In this mode daemon inserts necessary dummy packets and
Constant Packet Rate is used to hide fact of underlying payload packets
appearance. In this mode daemon inserts necessary dummy packets and
This mode is turned by @code{-cpr} option, where you specify desired
outgoing traffic rate in KiB/sec (kibibytes per second). This option also
This mode is turned by @code{-cpr} option, where you specify desired
outgoing traffic rate in KiB/sec (kibibytes per second). This option also
-@strong{forces} using of the @ref{Noise}! It is turned off by default.
+@strong{forces} using of the @ref{Noise, noise}! It is turned off by default.
-@section Entropy Gathering Daemon
+@subsection Entropy Gathering Daemon
Overall security mainly depends on client side:
@ref{PAKE, good passphrase} and cryprographically good pseudo random
Overall security mainly depends on client side:
@ref{PAKE, good passphrase} and cryprographically good pseudo random
--- /dev/null
+@node Glossary
+@section Glossary
+
+@menu
+* Entropy gathering daemon: EGD.
+* Identity::
+* Password Authenticated Key Agreement: PAKE.
+* Timeout::
+* Network transport: Network.
+* Proxy::
+* Maximum Transmission Unit: MTU.
+* Statistics: Stats.
+* Noise::
+* Constant Packet Rate: CPR.
+* Verifier::
+@end menu
+
+@include egd.texi
+@include identity.texi
+@include pake.texi
+@include timeout.texi
+@include netproto.texi
+@include proxy.texi
+@include mtu.texi
+@include stats.texi
+@include noise.texi
+@include cpr.texi
+@include verifier.texi
Client's identity is 128-bit string. It is not secret, so can be
transmitted and stored in the clear. However handshake applies PRP on it
Client's identity is 128-bit string. It is not secret, so can be
transmitted and stored in the clear. However handshake applies PRP on it
-@section Maximum Transmission Unit
+@subsection Maximum Transmission Unit
MTU option tells what maximum transmission unit is expected to get from
TAP interface. It is per-user configuration. If the program gets bigger
MTU option tells what maximum transmission unit is expected to get from
TAP interface. It is per-user configuration. If the program gets bigger
-@section Network transport
+@subsection Network transport
You can use either UDP or TCP underlying network transport protocols.
You can use either UDP or TCP underlying network transport protocols.
So-called noise is used to hide underlying payload packets lengths.
Without it GoVPN provides confidentiality and authenticity of messages,
So-called noise is used to hide underlying payload packets lengths.
Without it GoVPN provides confidentiality and authenticity of messages,
-@section Password Authenticated Key Agreement
+@subsection Password Authenticated Key Agreement
Previously we used pre-shared high-entropy long-term static key for
client-server authentication. Is is secure, but not convenient for some
Previously we used pre-shared high-entropy long-term static key for
client-server authentication. Is is secure, but not convenient for some
You can proxy your requests through HTTP using CONNECT method. This can
help if you are only allowed to access outside world through HTTP proxy
You can proxy your requests through HTTP using CONNECT method. This can
help if you are only allowed to access outside world through HTTP proxy
Both client and server has ability to show statistics about known
connected peers. You retrieve them by downloading JSON from built-in
Both client and server has ability to show statistics about known
connected peers. You retrieve them by downloading JSON from built-in
Because of stateless UDP nature there is no way to reliably know if
remote peer is alive. That is why timeouts are necessary. If no packets
Because of stateless UDP nature there is no way to reliably know if
remote peer is alive. That is why timeouts are necessary. If no packets
with @emph{Go 1.5.1} gives 786 Mbps (UDP transport) throughput.
@menu
with @emph{Go 1.5.1} gives 786 Mbps (UDP transport) throughput.
@menu
-* EGD:: Entropy gathering daemon
-* Identity::
-* PAKE:: Password Authenticated Key Agreement
-* Timeout::
-* Network transport: Network.
-* Proxy::
-* MTU:: Maximum Transmission Unit
-* Stats::
-* Noise::
-* CPR:: Constant Packet Rate
-* Verifier::
* Client part: Client.
* Server part: Server.
* Example usage: Example.
@end menu
* Client part: Client.
* Server part: Server.
* Example usage: Example.
@end menu
-@include egd.texi
-@include identity.texi
-@include pake.texi
-@include timeout.texi
-@include netproto.texi
-@include proxy.texi
-@include mtu.texi
-@include stats.texi
-@include noise.texi
-@include cpr.texi
-@include verifier.texi
@include client.texi
@include server.texi
@include example.texi
@include client.texi
@include server.texi
@include example.texi
Verifier is created using @code{govpn-verifier} utility. But currently
Go does not provide native instruments to read passwords without echoing
Verifier is created using @code{govpn-verifier} utility. But currently
Go does not provide native instruments to read passwords without echoing