2 @setfilename govpn.info
3 @documentencoding UTF-8
7 This manual is for GoVPN -- simple secure free software virtual private
8 network daemon, aimed to be reviewable, secure, DPI/censorship-resistant,
11 Copyright @copyright{} 2014-2015 @email{stargrave@@stargrave.org, Sergey Matveev}
14 Permission is granted to copy, distribute and/or modify this document
15 under the terms of the GNU Free Documentation License, Version 1.3
16 or any later version published by the Free Software Foundation;
17 with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
18 A copy of the license is included in the section entitled "Copying conditions".
25 GoVPN is simple secure free software virtual private network daemon,
26 aimed to be reviewable, secure and
27 @url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}/censorship-resistant.
31 Copylefted free software: licensed under
32 @url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}.
34 Fast strong @ref{PAKE, password authenticated} augmented key agreement
35 (PAKE DH A-EKE) @ref{Handshake protocol, handshake}.
37 Mutual two-side zero-knowledge peers authentication.
39 @ref{Verifier structure, Augmented authentication tokens} resistant to
40 offline dictionary attacks. An attacker can not masquerade a client
41 even with server password verifiers compromising.
43 Encrypted and authenticated @ref{Transport protocol, payload transport}
44 with 128-bit @ref{Developer manual, security margin} state-of-the-art
45 cryptography and censorship resistance (indistinguishability from noise).
47 @url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy}
50 Replay attack protection (using one-time MACs).
52 Built-in rehandshake (session key rotation) and heartbeat features.
54 Ability to hide payload packets length with the @ref{Noise, noise} data.
56 Ability to hide payload timestamps with @ref{CPR, constant packet rate}
59 Compatible with @url{http://egd.sourceforge.net/, EGD} (entropy
60 gathering daemon) PRNGs.
62 Several simultaneous clients support with per-client configuration
63 options. Clients have pre-established @ref{Identity, identity} invisible
64 for third-parties (they are anonymous).
66 Uses @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
67 underlying network interfaces.
69 Can use @ref{Network transport, UDP and TCP} or HTTP @ref{Proxy, proxies}
70 for accessing the server.
72 Fully IPv4 and IPv6 compatible.
74 Optional built-in HTTP-server for retrieving
75 @ref{Stats, statistics} information about known connected peers in
76 @url{http://json.org/, JSON} format.
78 Written on on @url{http://golang.org/, Go} programming language with
79 simple code that can be read and reviewed.
81 @url{https://www.gnu.org/, GNU}/Linux and
82 @url{http://www.freebsd.org/, FreeBSD} support.
94 * Copying conditions::
100 @include installation.texi
101 @include precautions.texi
103 @include developer.texi
104 @include contacts.texi
106 @node Copying conditions
107 @unnumbered Copying conditions
110 @verbatiminclude fdl.txt