It is complicated protocol. It uses Authenticate-then-Encrypt ordering of algorithms – it is not secure. Moreover its libraries are huge and hard to read, review and analyze.
Its first protocol versions used A-a-E ordering, however later ones supports even ChaCha20-Poly1305 algorithms. But its source code is not so trivial and rather big to read and review. OpenSSH does not support strong zero-knowledge password authentication.
It is rather good protocol, supported by all modern OSes. But it lacks strong zero-knowledge password authentication and, again, its code is hard to read.
For the same reasons: most of software do not provide strong password authentication, high cryptographic protocol security, and most of this software is written in C – it is hard to write right on it.
Go is very easy to read, review and support. It makes complex code writing a harder task. It provides everything needed to the C language: array bounds checking, garbage collection and concurrency primitives. It provides lesser performance (however my setup on the notebook gives more than 750 Mbps of throughput), but higher reliability and much fewer lines of code.
Human is capable of memorizing rather long passphrases (not passwords): 100-200 characters, that gives ability to use it as a high-entropy key. You need to trust only yourself, not hardware token or some other storage device. It is convenient.
Because there are so many use-cases and setups, so many various protocols, that either I support all of them, or use complicated protocol setups like PPP, or just give right of the choice to the administrator. VPN is only just a layer.
Any closed source proprietary systems do not give ability to control the computer. You can not securely use cryptography-related stuff without controlling the underlying computing device. Choose another operating system.
You can not decrypt previously saved traffic by compromising long-lived keys. PFS property is per-session level: it won’t protect from leaking the session key from the memory.
That third-party can not differentiate one client from another looking at the traffic (transport and handshake).
Unability to distinguish either is it GoVPN-traffic is passing by, or
just cat /dev/urandom | nc somehost
. If you can not differentiate
one kind of traffic from another, then your only option is to forbid all
kinds of it.
If you are operating under jurisdiction where courts can either sue you for encryption usage or force you to somehow reveal you encryption keys (however new session encryption keys are generated each session). Those courts can not demand for authentication and signing keys in most cases. Do not let mode’s name to confuse you: it still provides confidentiality and authenticity of transmitted data! But pay attention that this mode is traffic and resource hungry and currently operate only in TCP mode.
If anything that can not be read by anyone is considered encryption, then no, encryptionless mode won’t help you. Imagine that either you are talking on another foreign language, or just use another date encoding scheme.
In most cases you won’t need it without constant packer rate turned on. Without CPR and noise options GoVPN traffic (like TLS, IPsec, SSH and other VPN protocols) leaks underlying interface’s packets timestamps and sizes. You can run traffic analysis and predict what is going on in the network. With CPR option enabled you can tell either somebody is online, or not – nothing less, nothing more.
Each transport packet is authenticated first with the very fast UMAC algorithm – in most cases resource consumption of TCP/UDP layers will be higher then UMAC verifying. Each handshake message is processed only when an encrypted client’s identity is found: it uses fast PRP without any entropy usage.
There are not so many well-known formats that allow commenting, easy editing by human (XML is not human friendly at all, JSON is more or less). Probably the most useful feature is YAML’s templates: it is very convenient for storing many clients sharing the same options in the configuration file.