govpn is simple high-performance secure virtual private network daemon.
It uses DH-EKE for mutual zero-knowledge authentication and
-authenticated encrypted transport.
+authenticated encrypted transport. It runs under GNU/Linux and FreeBSD.
DESCRIPTION
COMPARISON TO OpenVPN
-* Higher performance
+* Faster handshake
* Perfect-forward secrecy (if long-term pre-shared keys are compromised,
no captured traffic can be decrypted anyway)
* Mutual two-side authentication (noone will send real network interface
data unless the other side is authenticated)
* Zero-knowledge authentication (pre-shared key is not transmitted in
any form between the peers, not even it's hash value)
-* Fast handshake
+* Higher performance in some cases
CONSOLE OUTPUT LEGEND
-B -- bad UDP packet (some system error)
+B -- bad or timeouted UDP packet (maybe network is inactive)
T -- bad tag on packet (MiTM, unordered packet)
R -- invalid sequence number (MiTM, unordered packet)
[HS?] -- unknown handshake message
pc% ip addr add 172.16.0.2/24 dev tap10
pc% ip link set up dev tap10
pc% ip route add default via 172.16.0.1
- pc% govpn -key KEY -iface tap10 -remote 192.168.0.1:1194
+ pc% while :; do govpn -key KEY -iface tap10 -remote 192.168.0.1:1194; done
+
+If client won't finish handshake during -timeout, then it will exit.
+If no packets are received from remote side during timeout, then daemon
+will stop sending packets to the client and client will exit. In every
+cases you have to rehandshake again.
TECHNICAL INTERNALS