GoVPN
GoVPN
GoVPN is simple free software virtual private network daemon,
aimed to be reviewable, secure and
DPI/censorship-resistant.
- Copylefted free software: licenced under
GPLv3+.
- Fast strong passphrase authenticated augmented
key agreement protocol with zero-knowledge mutual peers
authentication (PAKE DH A-EKE (Diffie-Hellman Augmented Encrypted Key
Exchange)).
- Augmented authentication tokens resistant to
offline dictionary attacks. They use CPU and memory hardened hashing
algorithm. An attacker can not masquerade a client even with server
passphrase verifiers compromising.
- Encrypted and authenticated payload transport
with 128-bit security margin state-of-the-art
cryptography.
- Optional encryptionless mode of operation: no encryption
functions are applied for outgoing traffic, but still confidentiality
preserving encoding. Jurisdictions and courts can not either force you
to reveal encryption keys or sue for encryption usage.
- Censorship resistant handshake and transport messages: fully
indistinguishable from the noise with optionally hidden packets length.
- Perfect forward secrecy
property.
- Replay attack protection (using one-time MACs).
- Built-in rehandshake (session key rotation) and heartbeat features.
- Ability to hide packets length with the noise data.
- Ability to hide payload timestamps with constant packet rate
traffic.
- Compatible with EGD (entropy
gathering daemon) PRNGs.
- Several simultaneous clients support with per-client configuration
options. Clients have pre-established identity invisible
for third-parties (they are anonymous).
- Uses TAP
underlying network interfaces.
- Can use UDP and TCP or HTTP proxies
for accessing the server.
- Fully IPv4 and IPv6 compatible.
- Optional built-in HTTP-server for retrieving real-time
statistics information about known connected peers in
JSON format.
- Server is configured through the YAML file.
- Written on Go programming language with
simple code that can be read and reviewed.
- GNU/Linux and
FreeBSD support.