@node Overview
@unnumbered Overview

GoVPN is simple secure virtual private network daemon, written entirely
on @url{http://golang.org/, Go programming language}.

Reviewability, high 128-bit security margin and
@url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}
resistance in mind in free software solution are the main goals
for that daemon.

State off art cryptography technologies include:
@url{http://cr.yp.to/snuffle.html, Salsa20} stream encryption,
@url{http://143.53.36.235:8080/tea.htm, XTEA} block encryption,
@url{http://cr.yp.to/mac.html, Poly1305} message authentication,
@url{https://en.wikipedia.org/wiki/Encrypted_key_exchange, Diffie-Hellman Encrypted Key Exchange}
(DH-EKE) powered by @url{http://cr.yp.to/ecdh.html, Curve25519}.
Strong
@url{https://en.wikipedia.org/wiki/Zero-knowledge_password_proof, zero-knowledge}
mutual authentication with key exchange stage is invulnerable
to man-in-the-middle attacks.
@url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy}
property guarantee that compromising of long-term authentication
pre-shared key can not lead to previously captured traffic decrypting.
Rehandshaking ensures session keys rotation. MAC authentication with
one-time keys protects against
@url{https://en.wikipedia.org/wiki/Replay_attack, replay attacks}.

Server can work with several clients simultaneously. Each client is
@strong{identified} by 128-bit key, that does not leak during handshake
and each client stays @strong{anonymous} for MiTM and DPI.


The only platform specific requirement is TAP network interface support.
API to that kind of device is different, OS dependent and non portable.
So only a few operating systems is officially supported. Author has no
proprietary software to work with, so currently there is lack of either
popular Microsoft Windows or Apple OS X support.

@itemize @bullet
@item
Copylefted free software: licensed under
@url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}
@item
Works with @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
network interfaces on top of UDP entirely
@item
@url{https://www.gnu.org/, GNU}/Linux and
@url{http://www.freebsd.org/, FreeBSD} support
@item IPv6 compatible
@item Encrypted and authenticated payload transport
@item Relatively fast handshake
@item Replay attack protection
@item Perfect forward secrecy property
@item Mutual two-side authentication
@item Zero knowledge authentication
@item Built-in rehandshake and heartbeat features
@item Several simultaneous clients support
@item Hiding of payload packets length by noise appending
@item Optional built-in HTTP-server for retrieving information about
known connected peers in @url{http://json.org/, JSON} format
@end itemize