4 See also this page @ref{Новости, on russian}.
9 @item (X)Salsa20 is replaced with ChaCha20. Theoretically it should be
10 faster and more secure. Previous versions are not compatible with it!
11 @item Ability to use TUN-interfaces under GNU/Linux. FreeBSD has already
12 supported them without any modifications.
18 @item Argon2d is replaced with Balloon hashing. Found Argon2 libraries
19 written on pure Go have various problems. Moreover Argon2i should be
20 used instead, but it has some possible
21 @url{http://eprint.iacr.org/2016/027, cryptographic defects}. So it is
22 replaced with much more simpler (and seems even cryptographically
23 better) @url{https://crypto.stanford.edu/balloon/, Balloon hashing}.
29 @item @option{-version} option added, printing program version.
35 @item Client reconnects in the loop when connection is lost. Optionally
36 you can disable that behaviour: client will exit immediately, as it
43 @item Optional ability to use syslog for logging, with
44 @url{https://tools.ietf.org/html/rfc5424, RFC 5424}-like
46 @item XTEA algorithm is not used anymore for nonce obfuscation, but
47 BLAKE2b-MAC instead. Encryptionless mode now really does not depend on
54 @item TAP interface name and remote peer's address are passed to up- and
55 down- scripts through environment variables.
56 @item Update Argon2 library to use version 1.3 of the algorithm.
62 @item Added up/down example script for replacing default route (thanks
64 @item Fixed documentation bug: @file{.info} was not installing.
70 @item Ability to work on 32-bit platforms. @emph{sync/atomic} library
71 has some specific issues that caused panics on previous versions.
77 @item Added optional time synchronization requirement.
78 It will add timestamps in handshake PRP authentication, disallowing to
79 repeat captured packet and get reply from the server, making it visible
86 @item Fixed minor bug with @command{newclient.sh} that caught
87 "Passphrase:" prompt and inserted it into example YAML output.
88 Just replaced stdout output to stderr for that prompt.
94 @item Ability to read passphrases directly from the terminal (user's
95 input) without using of keyfiles. @command{storekey.sh} utility removed.
101 @item Server is configured using @url{http://yaml.org/, YAML} file. It
102 is very convenient to have comments and templates, comparing to JSON.
103 @item Incompatible with previous versions replacement of @emph{HSalsa20}
104 with @emph{BLAKE2b} in handshake code.
110 @item New optional encryptionless mode of operation.
111 Technically no encryption functions are applied for outgoing packets, so
112 you can not be forced to reveal your encryption keys or sued for
114 @item MTUs are configured on per-user basis.
115 @item Simplified payload padding scheme, saving one byte of data.
116 @item Ability to specify TAP interface name explicitly without any
117 up-scripts for convenience.
118 @item @command{govpn-verifier} utility also can use EGD.
124 @item Fixed non-critical bug when server may fail if up-script is not
125 executed successfully.
131 @item @url{https://password-hashing.net/#argon2, Argon2d} is used instead
132 of PBKDF2 for password verifier hashing.
133 @item Client's identity is stored inside the verifier, so it simplifies
134 server-side configuration and the code.
140 @item Handshake messages can be noised: their messages lengths are
141 hidden. Now they are indistinguishable from transport messages.
142 @item Parallelized clients processing on the server side.
143 @item Much higher overall performance.
144 @item Single JSON file server configuration.
150 @item Ability to use TCP network transport.
151 Server can listen on both UDP and TCP sockets.
152 @item Ability to use HTTP proxies (through CONNECT method)
153 for accessing the server. Server can also emulate HTTP proxy behaviour.
154 @item Updated Poly1305 library with ARM-related bugfixes.
155 @item Go 1.5+ version is highly recommended because of performance
162 @item Ability to use external EGD-compatible PRNGs. Now you are
163 able to use GoVPN even on systems with the bad @file{/dev/random},
164 providing higher quality entropy from external sources.
165 @item Removed @option{-noncediff} option. It is replaced with in-memory
166 storage of seen nonces, thus eliminating possible replay attacks at all
167 without performance degradation related to inbound packets reordering.
173 @item Compatibility with an old GNU Make 3.x. Previously only BSD Make
174 and GNU Make 4.x were supported.
175 @item @file{/dev/urandom} is used for correct client identity generation
176 under GNU/Linux systems. Previously @file{/dev/random} can produce less
177 than required 128-bits of random.
183 @item Deterministic building: dependent libraries source code commits
184 are fixed in our makefiles.
185 @item No Internet connection is needed for building the source code: all
186 required libraries are included in release tarballs.
187 @item FreeBSD Make compatibility. GNU Make is not necessary anymore.
194 Diffie-Hellman public keys are encoded with Elligator algorithm when
195 sending over the wire, making them indistinguishable from the random
196 strings, preventing detection of successful decryption try when guessing
197 passwords (that are used to create DSA public keys). But this will
198 consume twice entropy for DH key generation in average.
205 EKE protocol is replaced by Augmented-EKE and static symmetric (both
206 sides have it) pre-shared key replaced with server-side verifier. This
207 requires, 64 more bytes in handshake traffic, Ed25519 dependency with
208 corresponding sign/verify computations, PBKDF2 dependency and its
209 usage on the client side during handshake.
211 A-EKE with PBKDF2-based verifiers is resistant to dictionary attacks,
212 can use human memorable passphrases instead of static keys and
213 server-side verifiers can not be used for authentication (compromised
214 server does not leak client's authentication keys/passphrases).
217 Changed transport message structure: added payload packet's length.
218 This will increase transport overhead for two bytes, but heartbeat
219 packets became smaller
222 Ability to hide underlying packets lengths by appending noise, junk
223 data during transmission. Each packet can be fill up-ed to its
227 Ability to hide underlying packets appearance rate, by generating
228 Constant Packet Rate traffic. This includes noise generation too.
230 Per-peer @option{-timeout}, @option{-noncediff}, @option{-noise} and
231 @option{-cpr} configuration options for server.
237 @item Added ability to optionally run built-in HTTP-server responding
238 with JSON of all known connected peers information. Real-time client's
240 @item Documentation is explicitly licenced under GNU FDL 1.3+.
246 @item Handshake packets became indistinguishable from the random. Now
247 all GoVPN's traffic is the noise for men in the middle.
249 @item Handshake messages are smaller (16% traffic reduce).
251 @item Adversary now can not create malicious fake handshake packets that
252 will force server to generate private DH key, preventing entropy
253 consuming and resource heavy computations.
259 @item Fixed several possible channel deadlocks.
265 @item Fixed Linux-related building.
271 @item Added clients identification.
272 @item Simultaneous several clients support by server.
273 @item Per-client up/down scripts.
279 @item Nonce obfuscation/encryption.
285 @item Performance optimizations.
291 @item Heartbeat feature.
292 @item Rehandshake feature.
293 @item up- and down- optional scripts.
299 @item FreeBSD support.