Nonce is directly written inside transport messages and it is the only
part that is different from randomness (because it does not require it
actually). One can use them as GoVPN's traffic fingerprint.
Apply simple PRP function on the nonce before it's usage. Internal
counters are keeped in the state, but encrypted and decrypted during
actual use using XTEA algorithm. It is rather simple, fast enough,
simplier than applying Luby-Rackoff to make PRP from Salsa20.