GoVPN - Secure VPN Daemon

Found this really cool and interesting VPN Daemon written in go, specifically designed to be especially effective against censorship like deep packet inspection and other techniques. Could serve as a cool alternative to some of the protocols we got, like OpenVPN. So decided to share it here. I'm not the author, just sharing.

Github Wrote:GoVPN is simple free software virtual private network daemon, aimed to
be reviewable, secure, DPI/censorship-resistant, written on Go.

It uses fast strong passphrase authenticated key agreement protocol with
augmented zero-knowledge mutual peers authentication (PAKE DH A-EKE).
Encrypted, authenticated data transport that hides message's length and
timestamps. Optional encryptionless mode, that still preserves data
confidentiality. Perfect forward secrecy property. Resistance to:
offline dictionary attacks, replay attacks, client's passphrases
compromising and dictionary attacks on the server side. Built-in
heartbeating, rehandshaking, real-time statistics. Ability to work
through UDP, TCP and HTTP proxies. IPv4/IPv6-compatibility.
GNU/Linux and FreeBSD support.

GoVPN is free software: see the file COPYING for copying conditions.

Home page:
also available as Tor hidden service: http://2wir2p7ibeu72jk3.onion/

Please send questions regarding the use of GoVPN, bug reports and
patches to govpn-devel mailing list:

Development Git source code repository currently is located here:

For further information please read either doc/ or doc/govpn.texi.

GoVPN is simple free software virtual private network daemon, aimed to be reviewable, secure and DPI/censorship-resistant.
See also this page on russian.
  • Copylefted free software: licenced under GPLv3+.
  • Fast strong passphrase authenticated augmented key agreement protocol with zero-knowledge mutual peers authentication (PAKE DH A-EKE (Diffie-Hellman Augmented Encrypted Key Exchange)).
  • Augmented authentication tokens resistant to offline dictionary attacks. They use CPU and memory hardened hashing algorithm. An attacker can not masquerade a client even with server passphrase verifiers compromising.
  • Encrypted and authenticated payload transport with 128-bit security margin state-of-the-art non-NIST cryptography.
  • Optional encryptionless mode of operation: no encryption functions are applied for outgoing traffic, but still confidentiality preserving encoding. Jurisdictions and courts can not either force you to reveal encryption keys or sue for encryption usage.
  • Censorship resistant handshake and transport messages: fully indistinguishable from the noise with optionally hidden packets length.
  • Perfect forward secrecy property.
  • Replay attack protection (using one-time MACs and optional time synchronization requirement).
  • Built-in rehandshake (session key rotation) and heartbeat features.
  • Ability to hide packets length with the noise data.
  • Ability to hide payload timestamps with constant packet rate traffic.
  • Compatible with EGD (entropy gathering daemon) PRNGs.
  • Several simultaneous clients support with per-client configuration options. Clients have pre-established identity invisible for third-parties (they are anonymous).
  • Uses TUN/TAP underlying network interfaces.
  • Can use UDP and TCP or HTTP proxies for accessing the server.
  • Fully IPv4 and IPv6 compatible.
  • Optional built-in HTTP-server for retrieving real-time statistics information about known connected peers in JSON format.
  • Server is configured through the YAML file.
  • Ability to use syslog for logging.
  • Written on Go programming language with simple code that can be read and reviewed.
  • GNU/Linux and FreeBSD support.
Download it.


Possibly Related Threads…
Thread Author Replies Views Last Post
  how effective is Tor/VPN for anonymity? QMark 12 2,563 05-06-2020, 12:22 AM
Last Post: QMark
  What VPN Are You Currently Using? mothered 10 6,098 04-16-2019, 06:59 PM
Last Post: 2pacamaru
  Possible to secure a cam from being hacked or raided? Dr_retcel 7 5,452 12-15-2018, 01:32 PM
Last Post: Dr_retcel
  Whonix vs VPN+Whonix? Dr_retcel 2 4,287 12-02-2018, 08:32 AM
Last Post: Dr_retcel