From dfa7b791d7e569e03259b415da36a518f8a5fb0d Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Thu, 30 Apr 2015 12:44:21 +0300 Subject: [PATCH] [DOC] Some refactoring, rewording Signed-off-by: Sergey Matveev --- README | 5 +++-- doc/download.texi | 8 +++++--- doc/installation.texi | 47 +++++++++++++++++-------------------------- doc/overview.texi | 7 ++----- doc/user.texi | 18 ++++++++++------- 5 files changed, 40 insertions(+), 45 deletions(-) diff --git a/README b/README index 6da97d6..e9b104e 100644 --- a/README +++ b/README @@ -2,8 +2,9 @@ GoVPN is simple secure free software virtual private network daemon, written on Go programming language. It uses Diffie-Hellman Encrypted Key Exchange (DH-EKE) for mutual zero-knowledge peers authentication and authenticated encrypted data transport. Other features include: -IPv4/IPv6, rehandshake, heartbeat, pre-shared keys (PSK), perfect -forward secrecy (PFS). GNU/Linux and FreeBSD support. +IPv4/IPv6, rehandshake, heartbeat, pre-shared authentication keys (PSK), +perfect forward secrecy (PFS), replay attack protection. +GNU/Linux and FreeBSD support. Home page: http://www.cypherpunks.ru/govpn/ also available as Tor hidden service: http://vabu56j2ep2rwv3b.onion/govpn/ diff --git a/doc/download.texi b/doc/download.texi index 7c78b5a..df60b24 100644 --- a/doc/download.texi +++ b/doc/download.texi @@ -1,6 +1,4 @@ -You can obtain it's source code either by cloning development branches -from Git repository: @code{git clone https://github.com/stargrave/govpn.git}, -or by downloading prepared tarballs below. +You can obtain releases source code prepared tarballs from the links below: @multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx} @headitem Version @tab Size @tab Tarball @tab SHA256 checksum @@ -25,3 +23,7 @@ or by downloading prepared tarballs below. Sourceforge.net also provides mirror for the files above: @url{http://sourceforge.net/projects/govpn/files/}. + +You can obtain it's development source code either by cloning +Git repository: @code{git clone https://github.com/stargrave/govpn.git}. +Pay attention that it does not contain compiled documentation. diff --git a/doc/installation.texi b/doc/installation.texi index f1fbf0d..5e6263e 100644 --- a/doc/installation.texi +++ b/doc/installation.texi @@ -1,11 +1,11 @@ @node Installation @unnumbered Installation -GoVPN is written on Go programming language, But -@url{https://www.gnu.org/software/make/, Make} program is recommended -also to be used. @url{https://www.gnu.org/software/texinfo/, Texinfo} is -used for building documentation. Also it depends on -@code{golang.org/x/crypto} Go libraries. +GoVPN is written on @url{http://golang.org/, Go programming language}, +with @code{golang.org/x/crypto} libraries dependencies. +@url{https://www.gnu.org/software/make/, GNU Make} is recommended for +convenient building. @url{https://www.gnu.org/software/texinfo/, Texinfo} +is used for building documentation. @include download.texi @@ -13,36 +13,27 @@ You @strong{have to} verify downloaded archives integrity and check their signature to be sure that you have got trusted, untampered software. For integrity and authentication of downloaded binaries @url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must -download signature provided with the tarball and run for example: +download signature provided with the tarball. -@example -gpg --verify govpn-1.5.tar.xz.sig govpn-1.5.tar.xz -@end example - -For the very first time you must also import signing public keys. They +For the very first time you have to import signing public keys. They are provided below, but be sure that you are reading them from the -trusted source. Alternatively check this page from other sources and -look for the mailing list announcements. +trusted source. Alternatively check this page from other sources (Tor's +hidden service for example) and look for the mailing list announcements. -You have to set up @code{$GOPATH} properly first. For example you can -clone the repository or decompress tarball and set path like this: +For example you can get tarball, set proper @code{$GOPATH} and run +@code{make} ((that will install all necessary libraries and build +client/server binaries) like this: @example % mkdir -p govpn/src -% git clone https://github.com/stargrave/govpn.git govpn/src/govpn -or -% tar xfC govpn-1.5.tar.xz govpn/src && mv govpn/src/govpn-1.5 govpn/src/govpn +% set -e +% wget http://www.cypherpunks.ru/govpn/download/govpn-2.3.tar.xz +% wget http://www.cypherpunks.ru/govpn/download/govpn-2.3.tar.xz.sig +% gpg --verify govpn-2.3.tar.xz.sig govpn-2.3.tar.xz +% tar xfC govpn-2.3.tar.xz govpn/src +% mv govpn/src/govpn-2.3 govpn/src/govpn % export GOPATH=$(pwd)/govpn:$GOPATH -@end example - -After that you can just type @code{make} and all necessary Go libraries -will be installed and client/server binaries are built in the current -directory: - -@example -% cd govpn/src/govpn -% make -[or gmake under FreeBSD] +% gmake -C govpn/src/govpn all @end example @include pubkey.texi diff --git a/doc/overview.texi b/doc/overview.texi index 9f38a81..0330d4c 100644 --- a/doc/overview.texi +++ b/doc/overview.texi @@ -10,11 +10,8 @@ authenticated encrypted data transport. It is written entirely on All packets captured on network interface are encrypted, authenticated and sent to remote server, that writes them to his interface, and vice versa. Client and server use pre-shared authentication key (PSK) and -128-bit identification key. - -Because of stateless UDP nature, after some timeout of inactivity peers -forget about each other and have to retry handshake process again, -therefore background heartbeat process will be ran. +128-bit identification key. There are heartbeat packets used to prevent +session termination because of peers inactivity. Handshake is used to mutually authenticate peers, exchange common secret per-session encryption key and check UDP transport availability. diff --git a/doc/user.texi b/doc/user.texi index 05a8cdf..dbbda98 100644 --- a/doc/user.texi +++ b/doc/user.texi @@ -1,6 +1,9 @@ @node User manual @unnumbered User manual +Announcements about updates and new releases can be found in +@ref{Reporting bugs}. + GoVPN is split into two pieces: client and server. Each of them work on top of UDP and TAP virtual network interfaces. Client and server have several common configuration command line options: @@ -12,14 +15,15 @@ remote peer is dead, but after some timeout. Client and server heartbeats each other every third part of heartbeat. Also this timeout is the time when server purge his obsolete handshake and peers states. @item Allowable nonce difference -To prevent replay attacks we just remembers -latest received nonce number from the remote peer and drops those who -has lower ones. Because UDP packets can be reordered during: that -behaviour can lead to dropping of not replayed ones. This options gives -ability to create some window of allows difference. That opens the door -for replay attacks for narrow time interval. +To prevent replay attacks we just remember latest received nonce number +from the remote peer and drop those who has lower ones. Because UDP +packets can be reordered: that behaviour can lead to dropping of not +replayed ones. This option gives ability to create some window of +allowable difference. That opens the door for replay attacks for narrow +time interval. @item MTU -Maximum transmission unit. +Maximum transmission unit, maximum frame size that is acceptable on TAP +interface. @end table Client needs to know his identification, path to the authentication key, -- 2.44.0