@end quotation
@end copying
-@ifnottex
@node Top
@top GoVPN
This manual is for GoVPN -- simple secure free software virtual private
network (VPN) daemon, written entirely on Go programming language.
-@end ifnottex
@menu
* Overview::
* News::
-* Getting and building source code::
+* Installation::
+* Precautions::
* User manual::
* Developer manual::
* Reporting bugs::
all of them independently. Identification key is not secret, but it is
encrypted (obfuscated) during transmission.
+The only platform specific requirement is TAP network interface support.
+API to that kind of device is different, OS dependent and non portable.
+So only a few operating systems is officially supported. Author has no
+proprietary software to work with, so currently there is lack of either
+popular Microsoft Windows or Apple OS X support.
+
@itemize @bullet
@item
Works with @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
@verbatiminclude ../NEWS
-@node Getting and building source code
-@unnumbered Getting and building source code
+@node Installation
+@unnumbered Installation
GoVPN is written on Go programming language, But
@url{https://www.gnu.org/software/make/, Make} program is recommended
@example
% mkdir -p govpn/src
-% git clone https://github.com/stargrave/govpn govpn/src/govpn
+% git clone https://github.com/stargrave/govpn.git govpn/src/govpn
or
% tar xfC govpn-1.5.tar.xz govpn/src && mv govpn/src/govpn-1.5 govpn/src/govpn
% export GOPATH=$(pwd)/govpn:$GOPATH
@include pubkey.texi
+@node Precautions
+@unnumbered Precautions
+
+The very important precaution is the @strong{cryptographically good}
+pseudo random number generator. GoVPN uses native operating system PRNG
+as entropy source. You have no way to check it's quality in closed
+source code operating systems, so it is recommended not to use them if
+you really needs security. Moreover it is possible that those OS leaks
+information about possible PRNG states. And at least Apple OS X and
+Microsoft Windows are already known to have weak CSPRNGs.
+
+GoVPN could use it's own PRNG implementation like
+@url{https://www.schneier.com/fortuna.html, Fortuna}, but it is
+much easier to use the right OS, to use free software.
+
+Also you should @strong{never} use one key for multiple clients. Salsa20
+encryption is randomized in each session, but it depends again on PRNG.
+If it fails, produces equal values at least once, then all you traffic
+related to that key could be decrypted.
+
@node User manual
@unnumbered User manual
Do not forget about setting @code{GOMAXPROC} environment variable for
using more than one CPU.
+At first you have to generate client's authentication key and client's
+unique identification. There is @code{utils/newclient.sh} script for
+convenience.
+
+@example
+% ./utils/newclient.sh Alice
+peers/9b40701bdaf522f2b291cb039490312/Alice
+@end example
+
+@code{9b40701bdaf522f2b291cb039490312} is client's identification.
+@code{Alice} is just an empty file that can help to search them like
+this: @verb{|find peers -name Alice|}. @code{key} file inside peer's
+directory contains authentication key.
+
GNU/Linux IPv4 client-server example:
@example
-server% mkdir -p peers/CLIENTID
-server% umask 066
-server% echo MYLONG64HEXKEY > peers/CLIENTID/key
server% echo "#!/bin/sh" > peers/CLIENTID/up.sh
-server% echo "echo tap10" > peers/CLIENTID/up.sh
+server% echo "echo tap10" >> peers/CLIENTID/up.sh
server% chmod 500 peers/CLIENTID/up.sh
server% ip addr add 192.168.0.1/24 dev wlan0
server% tunctl -t tap10
FreeBSD IPv6 client-server example:
@example
-server% mkdir -p peers/CLIENTID
-server% umask 066
-server% echo MYLONG64HEXKEY > peers/CLIENTID/key
-server% echo "#!/bin/sh" >
server% cat > peers/CLIENTID/up.sh <<EOF
#!/bin/sh
$tap=$(ifconfig tap create)
@item Message authentication
@url{http://cr.yp.to/mac.html, Poly1305}
@item Password authenticated key agreement
-@url{http://cr.yp.to/ecdh.html, Curve25519} based DH-EKE
+DH-EKE powered by @url{http://cr.yp.to/ecdh.html, Curve25519}
@item Packet overhead
24 bytes per packet
@item Handshake overhead
number @code{RS} and 256bit random @code{SS}. PSK-encryption uses
incremented @code{R} (from previous message) for nonce
@item
-@verb{|enc(PSK, SPubKey) + enc(K, RS + SS) + NULLs -> Client|} [88 bytes]
+@verb{|enc(PSK, R+1, SPubKey) + enc(K, R, RS + SS) + NULLs -> Client|} [88 bytes]
@item
client decrypt @code{SPubKey}, computes @code{K}, decrypts @code{RS},
@code{SS} with key @code{K}, remembers @code{SS}, generates 64bit random
number @code{RC} and 256bit random @code{SC},
@item
-@verb{|enc(K, RS + RC + SC) + NULLs -> Server|} [64 bytes]
+@verb{|enc(K, R+1, RS + RC + SC) + NULLs -> Server|} [64 bytes]
@item
server decrypt @code{RS}, @code{RC}, @code{SC} with key @code{K},
compares @code{RS} with it's own one send before, computes final main
encryption key @code{S = SS XOR SC}
@item
-@verb{|ENC(K, RC) + NULLs -> Client|} [24 bytes]
+@verb{|ENC(K, 0, RC) + NULLs -> Client|} [24 bytes]
@item
server switches to the new client
@item
Visit @url{https://lists.cypherpunks.ru/mailman/listinfo/govpn-devel}
for information about subscription options and archived messages access.
-Development Git source code repository currently is located on:
-@url{https://github.com/stargrave/govpn}.
+Official website is @url{http://www.cypherpunks.ru/govpn/}, also available
+as @url{https://www.torproject.org/, Tor} hidden service:
+@url{http://vabu56j2ep2rwv3b.onion/govpn/}.
+Development Git source code repository currently is located here:
+@url{https://github.com/stargrave/govpn.git}.
@node Copying conditions
@unnumbered Copying conditions