GoVPN is simple free software virtual private network daemon,
aimed to be reviewable, secure and
See also this page on russian.
licenced under GPLv3+.
- Fast strong passphrase authenticated augmented
key agreement protocol with zero-knowledge mutual peers
authentication (PAKE DH A-EKE (Diffie-Hellman Augmented Encrypted Key
- Augmented authentication tokens resistant to
offline dictionary attacks. They use CPU and memory hardened hashing
algorithm. An attacker can not masquerade a client even with server
passphrase verifiers compromising.
- Encrypted and authenticated payload transport
with 128-bit security margin state-of-the-art non-NIST
- Optional encryptionless mode of operation: no encryption
functions are applied for outgoing traffic, but still confidentiality
preserving encoding. Jurisdictions and courts can not either force you
to reveal encryption keys or sue for encryption usage.
- Censorship resistant handshake and transport messages: fully
indistinguishable from the noise with optionally hidden packets length.
- Perfect forward secrecy
- Replay attack protection (using one-time MACs and optional
time synchronization requirement).
- Built-in rehandshake (session key rotation) and heartbeat features.
- Ability to hide packets length with the noise data.
- Ability to hide payload timestamps with constant packet rate
- Compatible with EGD (entropy
gathering daemon) PRNGs.
- Several simultaneous clients support with per-client configuration
options. Clients have pre-established identity invisible
for third-parties (they are anonymous).
- Uses TUN/TAP
underlying network interfaces.
- Can use UDP and TCP or HTTP proxies
for accessing the server.
- Fully IPv4 and IPv6 compatible.
- Optional built-in HTTP-server for retrieving real-time
statistics information about known connected peers in
- Server is configured through the YAML file.
- Ability to use syslog for logging.
- Written on Go programming language with
simple code that can be read and reviewed.
- GNU/Linux and