Signed-off-by: Sergey Matveev <stargrave@stargrave.org>
written on Go programming language. It uses Diffie-Hellman Encrypted Key
Exchange (DH-EKE) for mutual zero-knowledge peers authentication and
authenticated encrypted data transport. Other features include:
written on Go programming language. It uses Diffie-Hellman Encrypted Key
Exchange (DH-EKE) for mutual zero-knowledge peers authentication and
authenticated encrypted data transport. Other features include:
-IPv4/IPv6, rehandshake, heartbeat, pre-shared keys (PSK), perfect
-forward secrecy (PFS). GNU/Linux and FreeBSD support.
+IPv4/IPv6, rehandshake, heartbeat, pre-shared authentication keys (PSK),
+perfect forward secrecy (PFS), replay attack protection.
+GNU/Linux and FreeBSD support.
Home page: http://www.cypherpunks.ru/govpn/
also available as Tor hidden service: http://vabu56j2ep2rwv3b.onion/govpn/
Home page: http://www.cypherpunks.ru/govpn/
also available as Tor hidden service: http://vabu56j2ep2rwv3b.onion/govpn/
-You can obtain it's source code either by cloning development branches
-from Git repository: @code{git clone https://github.com/stargrave/govpn.git},
-or by downloading prepared tarballs below.
+You can obtain releases source code prepared tarballs from the links below:
@multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
@headitem Version @tab Size @tab Tarball @tab SHA256 checksum
@multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
@headitem Version @tab Size @tab Tarball @tab SHA256 checksum
Sourceforge.net also provides mirror for the files above:
@url{http://sourceforge.net/projects/govpn/files/}.
Sourceforge.net also provides mirror for the files above:
@url{http://sourceforge.net/projects/govpn/files/}.
+
+You can obtain it's development source code either by cloning
+Git repository: @code{git clone https://github.com/stargrave/govpn.git}.
+Pay attention that it does not contain compiled documentation.
@node Installation
@unnumbered Installation
@node Installation
@unnumbered Installation
-GoVPN is written on Go programming language, But
-@url{https://www.gnu.org/software/make/, Make} program is recommended
-also to be used. @url{https://www.gnu.org/software/texinfo/, Texinfo} is
-used for building documentation. Also it depends on
-@code{golang.org/x/crypto} Go libraries.
+GoVPN is written on @url{http://golang.org/, Go programming language},
+with @code{golang.org/x/crypto} libraries dependencies.
+@url{https://www.gnu.org/software/make/, GNU Make} is recommended for
+convenient building. @url{https://www.gnu.org/software/texinfo/, Texinfo}
+is used for building documentation.
their signature to be sure that you have got trusted, untampered
software. For integrity and authentication of downloaded binaries
@url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must
their signature to be sure that you have got trusted, untampered
software. For integrity and authentication of downloaded binaries
@url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must
-download signature provided with the tarball and run for example:
+download signature provided with the tarball.
-@example
-gpg --verify govpn-1.5.tar.xz.sig govpn-1.5.tar.xz
-@end example
-
-For the very first time you must also import signing public keys. They
+For the very first time you have to import signing public keys. They
are provided below, but be sure that you are reading them from the
are provided below, but be sure that you are reading them from the
-trusted source. Alternatively check this page from other sources and
-look for the mailing list announcements.
+trusted source. Alternatively check this page from other sources (Tor's
+hidden service for example) and look for the mailing list announcements.
-You have to set up @code{$GOPATH} properly first. For example you can
-clone the repository or decompress tarball and set path like this:
+For example you can get tarball, set proper @code{$GOPATH} and run
+@code{make} ((that will install all necessary libraries and build
+client/server binaries) like this:
@example
% mkdir -p govpn/src
@example
% mkdir -p govpn/src
-% git clone https://github.com/stargrave/govpn.git govpn/src/govpn
-or
-% tar xfC govpn-1.5.tar.xz govpn/src && mv govpn/src/govpn-1.5 govpn/src/govpn
+% set -e
+% wget http://www.cypherpunks.ru/govpn/download/govpn-2.3.tar.xz
+% wget http://www.cypherpunks.ru/govpn/download/govpn-2.3.tar.xz.sig
+% gpg --verify govpn-2.3.tar.xz.sig govpn-2.3.tar.xz
+% tar xfC govpn-2.3.tar.xz govpn/src
+% mv govpn/src/govpn-2.3 govpn/src/govpn
% export GOPATH=$(pwd)/govpn:$GOPATH
% export GOPATH=$(pwd)/govpn:$GOPATH
-@end example
-
-After that you can just type @code{make} and all necessary Go libraries
-will be installed and client/server binaries are built in the current
-directory:
-
-@example
-% cd govpn/src/govpn
-% make
-[or gmake under FreeBSD]
+% gmake -C govpn/src/govpn all
@end example
@include pubkey.texi
@end example
@include pubkey.texi
All packets captured on network interface are encrypted, authenticated
and sent to remote server, that writes them to his interface, and vice
versa. Client and server use pre-shared authentication key (PSK) and
All packets captured on network interface are encrypted, authenticated
and sent to remote server, that writes them to his interface, and vice
versa. Client and server use pre-shared authentication key (PSK) and
-128-bit identification key.
-
-Because of stateless UDP nature, after some timeout of inactivity peers
-forget about each other and have to retry handshake process again,
-therefore background heartbeat process will be ran.
+128-bit identification key. There are heartbeat packets used to prevent
+session termination because of peers inactivity.
Handshake is used to mutually authenticate peers, exchange common secret
per-session encryption key and check UDP transport availability.
Handshake is used to mutually authenticate peers, exchange common secret
per-session encryption key and check UDP transport availability.
@node User manual
@unnumbered User manual
@node User manual
@unnumbered User manual
+Announcements about updates and new releases can be found in
+@ref{Reporting bugs}.
+
GoVPN is split into two pieces: client and server. Each of them work on
top of UDP and TAP virtual network interfaces. Client and server have
several common configuration command line options:
GoVPN is split into two pieces: client and server. Each of them work on
top of UDP and TAP virtual network interfaces. Client and server have
several common configuration command line options:
heartbeats each other every third part of heartbeat. Also this timeout
is the time when server purge his obsolete handshake and peers states.
@item Allowable nonce difference
heartbeats each other every third part of heartbeat. Also this timeout
is the time when server purge his obsolete handshake and peers states.
@item Allowable nonce difference
-To prevent replay attacks we just remembers
-latest received nonce number from the remote peer and drops those who
-has lower ones. Because UDP packets can be reordered during: that
-behaviour can lead to dropping of not replayed ones. This options gives
-ability to create some window of allows difference. That opens the door
-for replay attacks for narrow time interval.
+To prevent replay attacks we just remember latest received nonce number
+from the remote peer and drop those who has lower ones. Because UDP
+packets can be reordered: that behaviour can lead to dropping of not
+replayed ones. This option gives ability to create some window of
+allowable difference. That opens the door for replay attacks for narrow
+time interval.
-Maximum transmission unit.
+Maximum transmission unit, maximum frame size that is acceptable on TAP
+interface.
@end table
Client needs to know his identification, path to the authentication key,
@end table
Client needs to know his identification, path to the authentication key,