GoVPN - Secure VPN Daemon
#1
GoVPN

Found this really cool and interesting VPN Daemon written in go, specifically designed to be especially effective against censorship like deep packet inspection and other techniques. Could serve as a cool alternative to some of the protocols we got, like OpenVPN. So decided to share it here. I'm not the author, just sharing.

Github Wrote:GoVPN is simple free software virtual private network daemon, aimed to
be reviewable, secure, DPI/censorship-resistant, written on Go.

It uses fast strong passphrase authenticated key agreement protocol with
augmented zero-knowledge mutual peers authentication (PAKE DH A-EKE).
Encrypted, authenticated data transport that hides message's length and
timestamps. Optional encryptionless mode, that still preserves data
confidentiality. Perfect forward secrecy property. Resistance to:
offline dictionary attacks, replay attacks, client's passphrases
compromising and dictionary attacks on the server side. Built-in
heartbeating, rehandshaking, real-time statistics. Ability to work
through UDP, TCP and HTTP proxies. IPv4/IPv6-compatibility.
GNU/Linux and FreeBSD support.

GoVPN is free software: see the file COPYING for copying conditions.

Home page: http://www.govpn.info/
also available as Tor hidden service: http://2wir2p7ibeu72jk3.onion/

Please send questions regarding the use of GoVPN, bug reports and
patches to govpn-devel mailing list:
https://lists.cypherpunks.ru/pipermail/govpn-devel/

Development Git source code repository currently is located here:
http://git.cypherpunks.ru/cgit.cgi/govpn.git/

For further information please read either doc/govpn.info or doc/govpn.texi.

Spoiler(Show)
GoVPN is simple free software virtual private network daemon, aimed to be reviewable, secure and DPI/censorship-resistant.
See also this page on russian.
  • Copylefted free software: licenced under GPLv3+.
  • Fast strong passphrase authenticated augmented key agreement protocol with zero-knowledge mutual peers authentication (PAKE DH A-EKE (Diffie-Hellman Augmented Encrypted Key Exchange)).
  • Augmented authentication tokens resistant to offline dictionary attacks. They use CPU and memory hardened hashing algorithm. An attacker can not masquerade a client even with server passphrase verifiers compromising.
  • Encrypted and authenticated payload transport with 128-bit security margin state-of-the-art non-NIST cryptography.
  • Optional encryptionless mode of operation: no encryption functions are applied for outgoing traffic, but still confidentiality preserving encoding. Jurisdictions and courts can not either force you to reveal encryption keys or sue for encryption usage.
  • Censorship resistant handshake and transport messages: fully indistinguishable from the noise with optionally hidden packets length.
  • Perfect forward secrecy property.
  • Replay attack protection (using one-time MACs and optional time synchronization requirement).
  • Built-in rehandshake (session key rotation) and heartbeat features.
  • Ability to hide packets length with the noise data.
  • Ability to hide payload timestamps with constant packet rate traffic.
  • Compatible with EGD (entropy gathering daemon) PRNGs.
  • Several simultaneous clients support with per-client configuration options. Clients have pre-established identity invisible for third-parties (they are anonymous).
  • Uses TUN/TAP underlying network interfaces.
  • Can use UDP and TCP or HTTP proxies for accessing the server.
  • Fully IPv4 and IPv6 compatible.
  • Optional built-in HTTP-server for retrieving real-time statistics information about known connected peers in JSON format.
  • Server is configured through the YAML file.
  • Ability to use syslog for logging.
  • Written on Go programming language with simple code that can be read and reviewed.
  • GNU/Linux and FreeBSD support.
Download it.

Github: https://github.com/stargrave/govpn
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  how effective is Tor/VPN for anonymity? QMark 12 2,563 05-06-2020, 12:22 AM
Last Post: QMark
  What VPN Are You Currently Using? mothered 10 6,098 04-16-2019, 06:59 PM
Last Post: 2pacamaru
  Possible to secure a cam from being hacked or raided? Dr_retcel 7 5,452 12-15-2018, 01:32 PM
Last Post: Dr_retcel
  Whonix vs VPN+Whonix? Dr_retcel 2 4,287 12-02-2018, 08:32 AM
Last Post: Dr_retcel