4 See also this page @ref{Новости, on russian}.
36 @item Added optional @ref{Timesync, time synchronization} requirement.
37 It will add timestamps in handshake PRP authentication, disallowing to
38 repeat captured packet and get reply from the server, making it visible
45 @item Fixed minor bug with @command{newclient.sh} that caught
46 "Passphrase:" prompt and inserted it into example YAML output.
47 Just replaced stdout output to stderr for that prompt.
53 @item Ability to read passphrases directly from the terminal (user's
54 input) without using of keyfiles. @command{storekey.sh} utility removed.
60 @item Server is configured using @url{http://yaml.org/, YAML} file. It
61 is very convenient to have comments and templates, comparing to JSON.
62 @item Incompatible with previous versions replacement of @emph{HSalsa20}
63 with @emph{BLAKE2b} in handshake code.
69 @item New optional @ref{Encless, encryptionless mode} of operation.
70 Technically no encryption functions are applied for outgoing packets, so
71 you can not be forced to reveal your encryption keys or sued for
73 @item @ref{MTU}s are configured on per-user basis.
74 @item Simplified payload padding scheme, saving one byte of data.
75 @item Ability to specify TAP interface name explicitly without any
76 up-scripts for convenience.
77 @item @command{govpn-verifier} utility also can use @ref{EGD}.
83 @item Fixed non-critical bug when server may fail if up-script is not
84 executed successfully.
90 @item @url{https://password-hashing.net/#argon2, Argon2d} is used instead
91 of PBKDF2 for password verifier hashing.
92 @item Client's identity is stored inside the verifier, so it simplifies
93 server-side configuration and the code.
99 @item Handshake messages can be noised: their messages lengths are
100 hidden. Now they are indistinguishable from transport messages.
101 @item Parallelized clients processing on the server side.
102 @item Much higher overall performance.
103 @item Single JSON file server configuration.
109 @item Ability to use @ref{Network, TCP} network transport.
110 Server can listen on both UDP and TCP sockets.
111 @item Ability to use @ref{Proxy, HTTP proxies} (through CONNECT method)
112 for accessing the server. Server can also emulate HTTP proxy behaviour.
113 @item Updated Poly1305 library with ARM-related bugfixes.
114 @item Go 1.5+ version is highly recommended because of performance
121 @item Ability to use external @ref{EGD}-compatible PRNGs. Now you are
122 able to use GoVPN even on systems with the bad @file{/dev/random},
123 providing higher quality entropy from external sources.
124 @item Removed @option{-noncediff} option. It is replaced with in-memory
125 storage of seen nonces, thus eliminating possible replay attacks at all
126 without performance degradation related to inbound packets reordering.
132 @item Compatibility with an old GNU Make 3.x. Previously only BSD Make
133 and GNU Make 4.x were supported.
134 @item @file{/dev/urandom} is used for correct client identity generation
135 under GNU/Linux systems. Previously @file{/dev/random} can produce less
136 than required 128-bits of random.
142 @item Deterministic building: dependent libraries source code commits
143 are fixed in our makefiles.
144 @item No Internet connection is needed for building the source code: all
145 required libraries are included in release tarballs.
146 @item FreeBSD Make compatibility. GNU Make is not necessary anymore.
153 Diffie-Hellman public keys are encoded with Elligator algorithm when
154 sending over the wire, making them indistinguishable from the random
155 strings, preventing detection of successful decryption try when guessing
156 passwords (that are used to create DSA public keys). But this will
157 consume twice entropy for DH key generation in average.
164 EKE protocol is replaced by Augmented-EKE and static symmetric (both
165 sides have it) pre-shared key replaced with server-side verifier. This
166 requires, 64 more bytes in handshake traffic, Ed25519 dependency with
167 corresponding sign/verify computations, PBKDF2 dependency and its
168 usage on the client side during handshake.
170 A-EKE with PBKDF2-based verifiers is resistant to dictionary attacks,
171 can use human memorable passphrases instead of static keys and
172 server-side verifiers can not be used for authentication (compromised
173 server does not leak client's authentication keys/passphrases).
176 Changed transport message structure: added payload packet's length.
177 This will increase transport overhead for two bytes, but heartbeat
178 packets became smaller
181 Ability to hide underlying packets lengths by appending noise, junk
182 data during transmission. Each packet can be fill up-ed to its
186 Ability to hide underlying packets appearance rate, by generating
187 Constant Packet Rate traffic. This includes noise generation too.
189 Per-peer @option{-timeout}, @option{-noncediff}, @option{-noise} and
190 @option{-cpr} configuration options for server.
196 @item Added ability to optionally run built-in HTTP-server responding
197 with JSON of all known connected peers information. Real-time client's
199 @item Documentation is explicitly licenced under GNU FDL 1.3+.
205 @item Handshake packets became indistinguishable from the random. Now
206 all GoVPN's traffic is the noise for men in the middle.
208 @item Handshake messages are smaller (16% traffic reduce).
210 @item Adversary now can not create malicious fake handshake packets that
211 will force server to generate private DH key, preventing entropy
212 consuming and resource heavy computations.
218 @item Fixed several possible channel deadlocks.
224 @item Fixed Linux-related building.
230 @item Added clients identification.
231 @item Simultaneous several clients support by server.
232 @item Per-client up/down scripts.
238 @item Nonce obfuscation/encryption.
244 @item Performance optimizations.
250 @item Heartbeat feature.
251 @item Rehandshake feature.
252 @item up- and down- optional scripts.
258 @item FreeBSD support.
264 @item Initial stable release.