INSTALL | 2 +-
NEWS | 7 +++++++
README | 10 ++++++----
VERSION | 1 +
cmd/govpn-client/main.go | 15 +++++++++++++--
cmd/govpn-server/main.go | 13 +++++++++++++
doc/bugs.texi | 17 +++++++++++++++++
doc/developer.texi | 25 +++++++++++++++++++++++++
doc/download.texi | 16 +++++++++++++---
doc/fdl.txt | 451 +++++++++++++++++++++++++++++++++++++++++++++++++++++
doc/govpn.texi | 426 +++--------------------------------------------------
doc/handshake.texi | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
doc/installation.texi | 39 +++++++++++++++++++++++++++++++++++++++
doc/overview.texi | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++
doc/precautions.texi | 19 +++++++++++++++++++
doc/transport.texi | 41 +++++++++++++++++++++++++++++++++++++++++
doc/user.texi | 146 +++++++++++++++++++++++++++++++++++++++++++++++++++++
identify.go | 13 +++++++++++++
makefile | 3 +--
stats.go | 47 +++++++++++++++++++++++++++++++++++++++++++++++
transport.go | 55 +++++++++++++++++++++++++++++++++++------------------
utils/makedist.sh | 1 +
utils/newclient.sh | 10 ++++++----
diff --git a/INSTALL b/INSTALL
index f2be0e68936165ec0b96e42c3826cc23175dded1..0f2864b4104f041410be1f90e3c52231848bcbd1 100644
--- a/INSTALL
+++ b/INSTALL
@@ -2,4 +2,4 @@ GoVPN is a program written on Go programming language. If you have set
up $GOPATH environment properly, then simple "make all" should build
govpn-client and govpn-server executable binaries.
-For details see either doc/govpn.info or doc/govpn.texi.
+For details see either doc/govpn.info or doc/installation.texi.
diff --git a/NEWS b/NEWS
index 8734b16d93f2e029c6e3b765e0b132eb4ac7ebda..4bf946c8d21151a65b851251f90a25cf776fe1b0 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,10 @@
+Release 2.4
+-----------
+* Added ability to optionally run built-in HTTP-server responding with
+ JSON of all known connected peers information. Real-time client's
+ statistics
+* Documentation is explicitly licensed under GNU FDL 1.3+
+
Release 2.3
-----------
* Handshake packets became indistinguishable from the random.
diff --git a/README b/README
index d58111d23e3dbd03d86a0e587bfae02d4b885412..a47dd94a7222f6b938ea7593a3cb5e73cb3f26d1 100644
--- a/README
+++ b/README
@@ -2,14 +2,16 @@ GoVPN is simple secure free software virtual private network daemon,
written on Go programming language. It uses Diffie-Hellman Encrypted Key
Exchange (DH-EKE) for mutual zero-knowledge peers authentication and
authenticated encrypted data transport. Other features include:
-IPv4/IPv6, rehandshake, heartbeat, pre-shared keys (PSK), perfect
-forward secrecy (PFS). GNU/Linux and FreeBSD support.
+IPv4/IPv6, rehandshake, heartbeat, pre-shared authentication keys (PSK),
+perfect forward secrecy (PFS), replay attack protection, JSON real-time
+statistics. GNU/Linux and FreeBSD support.
Home page: http://www.cypherpunks.ru/govpn/
also available as Tor hidden service: http://vabu56j2ep2rwv3b.onion/govpn/
-Send bug reports, questions and patches to
-govpn-devel@lists.cypherpunks.ru mailing list. Either visit
+Please send all questions, bug reports and patches to
+govpn-devel@lists.cypherpunks.ru mailing list.
+Also it is used for announcements. Either visit
https://lists.cypherpunks.ru/mailman/listinfo/govpn-devel for
subscription and archive access information, or send email with the
subject "subscribe" to govpn-devel-request@lists.cypherpunks.ru.
diff --git a/VERSION b/VERSION
new file mode 100644
index 0000000000000000000000000000000000000000..6b4950e3de2f6c99801a4f5e2ffa01669f358572
--- /dev/null
+++ b/VERSION
@@ -0,0 +1 @@
+2.4
diff --git a/cmd/govpn-client/main.go b/cmd/govpn-client/main.go
index 119a03d3ddbfe0152e8b877e5478563abd926e07..b5f86f9657a0fae84ff5b7336d2f5a8f630cf00a 100644
--- a/cmd/govpn-client/main.go
+++ b/cmd/govpn-client/main.go
@@ -36,6 +36,7 @@ IDRaw = flag.String("id", "", "Client identification")
keyPath = flag.String("key", "", "Path to authentication key file")
upPath = flag.String("up", "", "Path to up-script")
downPath = flag.String("down", "", "Path to down-script")
+ stats = flag.String("stats", "", "Enable stats retrieving on host:port")
mtu = flag.Int("mtu", 1500, "MTU")
nonceDiff = flag.Int("noncediff", 1, "Allow nonce difference")
timeoutP = flag.Int("timeout", 60, "Timeout seconds")
@@ -83,17 +84,27 @@ var peer *govpn.Peer
var ethPkt []byte
var udpPkt *govpn.UDPPkt
var udpPktData []byte
+ knownPeers := govpn.KnownPeers(map[string]**govpn.Peer{remote.String(): &peer})
+
+ log.Println(govpn.VersionGet())
+ if *stats != "" {
+ log.Println("Stats are going to listen on", *stats)
+ statsPort, err := net.Listen("tcp", *stats)
+ if err != nil {
+ panic(err)
+ }
+ go govpn.StatsProcessor(statsPort, &knownPeers)
+ }
termSignal := make(chan os.Signal, 1)
signal.Notify(termSignal, os.Interrupt, os.Kill)
- log.Println(govpn.VersionGet())
log.Println("Starting handshake")
handshake := govpn.HandshakeStart(conn, remote, id, key)
MainCycle:
for {
- if peer != nil && peer.Bytes > govpn.MaxBytesPerKey {
+ if peer != nil && (peer.BytesIn+peer.BytesOut) > govpn.MaxBytesPerKey {
peer.Zero()
peer = nil
handshake = govpn.HandshakeStart(conn, remote, id, key)
diff --git a/cmd/govpn-server/main.go b/cmd/govpn-server/main.go
index 3d952ea9e0d4e5a62cdb69fad9dba3c115124b74..2761d340a1b85b032731c31f9982675d225771a8 100644
--- a/cmd/govpn-server/main.go
+++ b/cmd/govpn-server/main.go
@@ -35,6 +35,7 @@
var (
bindAddr = flag.String("bind", "[::]:1194", "Bind to address")
peersPath = flag.String("peers", "peers", "Path to peers keys directory")
+ stats = flag.String("stats", "", "Enable stats retrieving on host:port")
mtu = flag.Int("mtu", 1500, "MTU")
nonceDiff = flag.Int("noncediff", 1, "Allow nonce difference")
timeoutP = flag.Int("timeout", 60, "Timeout seconds")
@@ -110,6 +111,7 @@ var exists bool
states := make(map[string]*govpn.Handshake)
peers := make(map[string]*PeerState)
peerReadySink := make(chan PeerReadyEvent)
+ knownPeers := govpn.KnownPeers(make(map[string]**govpn.Peer))
var peerReady PeerReadyEvent
var udpPkt *govpn.UDPPkt
var udpPktData []byte
@@ -119,6 +121,14 @@ var handshakeProcessForce bool
ethSink := make(chan EthEvent)
log.Println(govpn.VersionGet())
+ if *stats != "" {
+ log.Println("Stats are going to listen on", *stats)
+ statsPort, err := net.Listen("tcp", *stats)
+ if err != nil {
+ panic(err)
+ }
+ go govpn.StatsProcessor(statsPort, &knownPeers)
+ }
log.Println("Server started")
MainCycle:
@@ -139,6 +149,7 @@ for addr, state := range peers {
if state.peer.LastPing.Add(timeout).Before(now) {
log.Println("Deleting peer", state.peer)
delete(peers, addr)
+ delete(knownPeers, addr)
downPath := path.Join(
govpn.PeersPath,
state.peer.Id.String(),
@@ -155,6 +166,7 @@ if state.tap.Name != peerReady.iface {
continue
}
delete(peers, addr)
+ delete(knownPeers, addr)
state.terminate <- struct{}{}
state.peer.Zero()
break
@@ -165,6 +177,7 @@ if state == nil {
continue
}
peers[addr] = state
+ knownPeers[addr] = &peerReady.peer
states[addr].Zero()
delete(states, addr)
log.Println("Registered interface", peerReady.iface, "with peer", peer)
diff --git a/doc/bugs.texi b/doc/bugs.texi
new file mode 100644
index 0000000000000000000000000000000000000000..b81e6b5022d7afa09dad046bfcc0080f726aace7
--- /dev/null
+++ b/doc/bugs.texi
@@ -0,0 +1,17 @@
+@node Reporting bugs
+@unnumbered Reporting bugs
+
+Please send all questions, bug reports and patches to to
+@email{govpn-devel@@lists.cypherpunks.ru} mailing list.
+Also it is used for announcements.
+
+Either visit @url{https://lists.cypherpunks.ru/mailman/listinfo/govpn-devel}
+for information about subscription options and archived messages access, or
+send email with the subject @code{subscribe} to
+@email{govpn-devel-request@@lists.cypherpunks.ru}.
+
+Official website is @url{http://www.cypherpunks.ru/govpn/}, also available
+as @url{https://www.torproject.org/, Tor} hidden service:
+@url{http://vabu56j2ep2rwv3b.onion/govpn/}.
+Development Git source code repository currently is located here:
+@url{https://github.com/stargrave/govpn.git}.
diff --git a/doc/developer.texi b/doc/developer.texi
new file mode 100644
index 0000000000000000000000000000000000000000..b257885b02858362b7ff9a4b72f2d9cddbe8701d
--- /dev/null
+++ b/doc/developer.texi
@@ -0,0 +1,25 @@
+@node Developer manual
+@unnumbered Developer manual
+
+@table @asis
+@item Nonce and identification encryption
+@url{http://143.53.36.235:8080/tea.htm, XTEA}
+@item Data encryption
+@url{http://cr.yp.to/snuffle.html, Salsa20}
+@item Message authentication
+@url{http://cr.yp.to/mac.html, Poly1305}
+@item Password authenticated key agreement
+DH-EKE powered by @url{http://cr.yp.to/ecdh.html, Curve25519}
+@item Packet overhead
+24 bytes per packet
+@item Handshake overhead
+4 UDP (2 from client, 2 from server) packets, 200 bytes total payload
+@end table
+
+@menu
+* Transport protocol::
+* Handshake protocol::
+@end menu
+
+@include transport.texi
+@include handshake.texi
diff --git a/doc/download.texi b/doc/download.texi
index d646b894a3786926bb255bc54045a782b15f6339..df60b2416bc2491641a606ad10c4f3a1ca4ce274 100644
--- a/doc/download.texi
+++ b/doc/download.texi
@@ -1,19 +1,29 @@
-You can obtain it's source code either by cloning development branches
-from Git repository: @code{git clone https://github.com/stargrave/govpn.git},
-or by downloading prepared tarballs below.
+You can obtain releases source code prepared tarballs from the links below:
@multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
@headitem Version @tab Size @tab Tarball @tab SHA256 checksum
+
@item 1.5 @tab 19 KiB
@tab @url{download/govpn-1.5.tar.xz, link} @url{download/govpn-1.5.tar.xz.sig, sign}
@tab @code{715b07d4d1ea4396c3e37014ca65ec3768818423521f3c12e7200b6edca48c31}
+
@item 2.0 @tab 31 KiB
@tab @url{download/govpn-2.0.tar.xz, link} @url{download/govpn-2.0.tar.xz.sig, sign}
@tab @code{d43be1248d6a46ba8ca75be2fdab5e3d8b0660fb9df9b6d87cfa3973722b42be}
+
@item 2.2 @tab 32 KiB
@tab @url{download/govpn-2.2.tar.xz, link} @url{download/govpn-2.2.tar.xz.sig, sign}
@tab @code{5745278bce8b9a3bd7ec1636507bbce8c17ba1d79f1568e2f3681b7a90bbe6e1}
+
+@item 2.3 @tab 34 KiB
+@tab @url{download/govpn-2.3.tar.xz, link} @url{download/govpn-2.3.tar.xz.sig, sign}
+@tab @code{92986ec6d6da107c6cc1143659e5a154cd19b8f2ede5fa7f5ccc4525ae468e97}
+
@end multitable
Sourceforge.net also provides mirror for the files above:
@url{http://sourceforge.net/projects/govpn/files/}.
+
+You can obtain it's development source code either by cloning
+Git repository: @code{git clone https://github.com/stargrave/govpn.git}.
+Pay attention that it does not contain compiled documentation.
diff --git a/doc/fdl.txt b/doc/fdl.txt
new file mode 100644
index 0000000000000000000000000000000000000000..2f7e03ca51654a99576dccda67fdfd77bfa58760
--- /dev/null
+++ b/doc/fdl.txt
@@ -0,0 +1,451 @@
+
+ GNU Free Documentation License
+ Version 1.3, 3 November 2008
+
+
+ Copyright (C) 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc.
+
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+0. PREAMBLE
+
+The purpose of this License is to make a manual, textbook, or other
+functional and useful document "free" in the sense of freedom: to
+assure everyone the effective freedom to copy and redistribute it,
+with or without modifying it, either commercially or noncommercially.
+Secondarily, this License preserves for the author and publisher a way
+to get credit for their work, while not being considered responsible
+for modifications made by others.
+
+This License is a kind of "copyleft", which means that derivative
+works of the document must themselves be free in the same sense. It
+complements the GNU General Public License, which is a copyleft
+license designed for free software.
+
+We have designed this License in order to use it for manuals for free
+software, because free software needs free documentation: a free
+program should come with manuals providing the same freedoms that the
+software does. But this License is not limited to software manuals;
+it can be used for any textual work, regardless of subject matter or
+whether it is published as a printed book. We recommend this License
+principally for works whose purpose is instruction or reference.
+
+
+1. APPLICABILITY AND DEFINITIONS
+
+This License applies to any manual or other work, in any medium, that
+contains a notice placed by the copyright holder saying it can be
+distributed under the terms of this License. Such a notice grants a
+world-wide, royalty-free license, unlimited in duration, to use that
+work under the conditions stated herein. The "Document", below,
+refers to any such manual or work. Any member of the public is a
+licensee, and is addressed as "you". You accept the license if you
+copy, modify or distribute the work in a way requiring permission
+under copyright law.
+
+A "Modified Version" of the Document means any work containing the
+Document or a portion of it, either copied verbatim, or with
+modifications and/or translated into another language.
+
+A "Secondary Section" is a named appendix or a front-matter section of
+the Document that deals exclusively with the relationship of the
+publishers or authors of the Document to the Document's overall
+subject (or to related matters) and contains nothing that could fall
+directly within that overall subject. (Thus, if the Document is in
+part a textbook of mathematics, a Secondary Section may not explain
+any mathematics.) The relationship could be a matter of historical
+connection with the subject or with related matters, or of legal,
+commercial, philosophical, ethical or political position regarding
+them.
+
+The "Invariant Sections" are certain Secondary Sections whose titles
+are designated, as being those of Invariant Sections, in the notice
+that says that the Document is released under this License. If a
+section does not fit the above definition of Secondary then it is not
+allowed to be designated as Invariant. The Document may contain zero
+Invariant Sections. If the Document does not identify any Invariant
+Sections then there are none.
+
+The "Cover Texts" are certain short passages of text that are listed,
+as Front-Cover Texts or Back-Cover Texts, in the notice that says that
+the Document is released under this License. A Front-Cover Text may
+be at most 5 words, and a Back-Cover Text may be at most 25 words.
+
+A "Transparent" copy of the Document means a machine-readable copy,
+represented in a format whose specification is available to the
+general public, that is suitable for revising the document
+straightforwardly with generic text editors or (for images composed of
+pixels) generic paint programs or (for drawings) some widely available
+drawing editor, and that is suitable for input to text formatters or
+for automatic translation to a variety of formats suitable for input
+to text formatters. A copy made in an otherwise Transparent file
+format whose markup, or absence of markup, has been arranged to thwart
+or discourage subsequent modification by readers is not Transparent.
+An image format is not Transparent if used for any substantial amount
+of text. A copy that is not "Transparent" is called "Opaque".
+
+Examples of suitable formats for Transparent copies include plain
+ASCII without markup, Texinfo input format, LaTeX input format, SGML
+or XML using a publicly available DTD, and standard-conforming simple
+HTML, PostScript or PDF designed for human modification. Examples of
+transparent image formats include PNG, XCF and JPG. Opaque formats
+include proprietary formats that can be read and edited only by
+proprietary word processors, SGML or XML for which the DTD and/or
+processing tools are not generally available, and the
+machine-generated HTML, PostScript or PDF produced by some word
+processors for output purposes only.
+
+The "Title Page" means, for a printed book, the title page itself,
+plus such following pages as are needed to hold, legibly, the material
+this License requires to appear in the title page. For works in
+formats which do not have any title page as such, "Title Page" means
+the text near the most prominent appearance of the work's title,
+preceding the beginning of the body of the text.
+
+The "publisher" means any person or entity that distributes copies of
+the Document to the public.
+
+A section "Entitled XYZ" means a named subunit of the Document whose
+title either is precisely XYZ or contains XYZ in parentheses following
+text that translates XYZ in another language. (Here XYZ stands for a
+specific section name mentioned below, such as "Acknowledgements",
+"Dedications", "Endorsements", or "History".) To "Preserve the Title"
+of such a section when you modify the Document means that it remains a
+section "Entitled XYZ" according to this definition.
+
+The Document may include Warranty Disclaimers next to the notice which
+states that this License applies to the Document. These Warranty
+Disclaimers are considered to be included by reference in this
+License, but only as regards disclaiming warranties: any other
+implication that these Warranty Disclaimers may have is void and has
+no effect on the meaning of this License.
+
+2. VERBATIM COPYING
+
+You may copy and distribute the Document in any medium, either
+commercially or noncommercially, provided that this License, the
+copyright notices, and the license notice saying this License applies
+to the Document are reproduced in all copies, and that you add no
+other conditions whatsoever to those of this License. You may not use
+technical measures to obstruct or control the reading or further
+copying of the copies you make or distribute. However, you may accept
+compensation in exchange for copies. If you distribute a large enough
+number of copies you must also follow the conditions in section 3.
+
+You may also lend copies, under the same conditions stated above, and
+you may publicly display copies.
+
+
+3. COPYING IN QUANTITY
+
+If you publish printed copies (or copies in media that commonly have
+printed covers) of the Document, numbering more than 100, and the
+Document's license notice requires Cover Texts, you must enclose the
+copies in covers that carry, clearly and legibly, all these Cover
+Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on
+the back cover. Both covers must also clearly and legibly identify
+you as the publisher of these copies. The front cover must present
+the full title with all words of the title equally prominent and
+visible. You may add other material on the covers in addition.
+Copying with changes limited to the covers, as long as they preserve
+the title of the Document and satisfy these conditions, can be treated
+as verbatim copying in other respects.
+
+If the required texts for either cover are too voluminous to fit
+legibly, you should put the first ones listed (as many as fit
+reasonably) on the actual cover, and continue the rest onto adjacent
+pages.
+
+If you publish or distribute Opaque copies of the Document numbering
+more than 100, you must either include a machine-readable Transparent
+copy along with each Opaque copy, or state in or with each Opaque copy
+a computer-network location from which the general network-using
+public has access to download using public-standard network protocols
+a complete Transparent copy of the Document, free of added material.
+If you use the latter option, you must take reasonably prudent steps,
+when you begin distribution of Opaque copies in quantity, to ensure
+that this Transparent copy will remain thus accessible at the stated
+location until at least one year after the last time you distribute an
+Opaque copy (directly or through your agents or retailers) of that
+edition to the public.
+
+It is requested, but not required, that you contact the authors of the
+Document well before redistributing any large number of copies, to
+give them a chance to provide you with an updated version of the
+Document.
+
+
+4. MODIFICATIONS
+
+You may copy and distribute a Modified Version of the Document under
+the conditions of sections 2 and 3 above, provided that you release
+the Modified Version under precisely this License, with the Modified
+Version filling the role of the Document, thus licensing distribution
+and modification of the Modified Version to whoever possesses a copy
+of it. In addition, you must do these things in the Modified Version:
+
+A. Use in the Title Page (and on the covers, if any) a title distinct
+ from that of the Document, and from those of previous versions
+ (which should, if there were any, be listed in the History section
+ of the Document). You may use the same title as a previous version
+ if the original publisher of that version gives permission.
+B. List on the Title Page, as authors, one or more persons or entities
+ responsible for authorship of the modifications in the Modified
+ Version, together with at least five of the principal authors of the
+ Document (all of its principal authors, if it has fewer than five),
+ unless they release you from this requirement.
+C. State on the Title page the name of the publisher of the
+ Modified Version, as the publisher.
+D. Preserve all the copyright notices of the Document.
+E. Add an appropriate copyright notice for your modifications
+ adjacent to the other copyright notices.
+F. Include, immediately after the copyright notices, a license notice
+ giving the public permission to use the Modified Version under the
+ terms of this License, in the form shown in the Addendum below.
+G. Preserve in that license notice the full lists of Invariant Sections
+ and required Cover Texts given in the Document's license notice.
+H. Include an unaltered copy of this License.
+I. Preserve the section Entitled "History", Preserve its Title, and add
+ to it an item stating at least the title, year, new authors, and
+ publisher of the Modified Version as given on the Title Page. If
+ there is no section Entitled "History" in the Document, create one
+ stating the title, year, authors, and publisher of the Document as
+ given on its Title Page, then add an item describing the Modified
+ Version as stated in the previous sentence.
+J. Preserve the network location, if any, given in the Document for
+ public access to a Transparent copy of the Document, and likewise
+ the network locations given in the Document for previous versions
+ it was based on. These may be placed in the "History" section.
+ You may omit a network location for a work that was published at
+ least four years before the Document itself, or if the original
+ publisher of the version it refers to gives permission.
+K. For any section Entitled "Acknowledgements" or "Dedications",
+ Preserve the Title of the section, and preserve in the section all
+ the substance and tone of each of the contributor acknowledgements
+ and/or dedications given therein.
+L. Preserve all the Invariant Sections of the Document,
+ unaltered in their text and in their titles. Section numbers
+ or the equivalent are not considered part of the section titles.
+M. Delete any section Entitled "Endorsements". Such a section
+ may not be included in the Modified Version.
+N. Do not retitle any existing section to be Entitled "Endorsements"
+ or to conflict in title with any Invariant Section.
+O. Preserve any Warranty Disclaimers.
+
+If the Modified Version includes new front-matter sections or
+appendices that qualify as Secondary Sections and contain no material
+copied from the Document, you may at your option designate some or all
+of these sections as invariant. To do this, add their titles to the
+list of Invariant Sections in the Modified Version's license notice.
+These titles must be distinct from any other section titles.
+
+You may add a section Entitled "Endorsements", provided it contains
+nothing but endorsements of your Modified Version by various
+parties--for example, statements of peer review or that the text has
+been approved by an organization as the authoritative definition of a
+standard.
+
+You may add a passage of up to five words as a Front-Cover Text, and a
+passage of up to 25 words as a Back-Cover Text, to the end of the list
+of Cover Texts in the Modified Version. Only one passage of
+Front-Cover Text and one of Back-Cover Text may be added by (or
+through arrangements made by) any one entity. If the Document already
+includes a cover text for the same cover, previously added by you or
+by arrangement made by the same entity you are acting on behalf of,
+you may not add another; but you may replace the old one, on explicit
+permission from the previous publisher that added the old one.
+
+The author(s) and publisher(s) of the Document do not by this License
+give permission to use their names for publicity for or to assert or
+imply endorsement of any Modified Version.
+
+
+5. COMBINING DOCUMENTS
+
+You may combine the Document with other documents released under this
+License, under the terms defined in section 4 above for modified
+versions, provided that you include in the combination all of the
+Invariant Sections of all of the original documents, unmodified, and
+list them all as Invariant Sections of your combined work in its
+license notice, and that you preserve all their Warranty Disclaimers.
+
+The combined work need only contain one copy of this License, and
+multiple identical Invariant Sections may be replaced with a single
+copy. If there are multiple Invariant Sections with the same name but
+different contents, make the title of each such section unique by
+adding at the end of it, in parentheses, the name of the original
+author or publisher of that section if known, or else a unique number.
+Make the same adjustment to the section titles in the list of
+Invariant Sections in the license notice of the combined work.
+
+In the combination, you must combine any sections Entitled "History"
+in the various original documents, forming one section Entitled
+"History"; likewise combine any sections Entitled "Acknowledgements",
+and any sections Entitled "Dedications". You must delete all sections
+Entitled "Endorsements".
+
+
+6. COLLECTIONS OF DOCUMENTS
+
+You may make a collection consisting of the Document and other
+documents released under this License, and replace the individual
+copies of this License in the various documents with a single copy
+that is included in the collection, provided that you follow the rules
+of this License for verbatim copying of each of the documents in all
+other respects.
+
+You may extract a single document from such a collection, and
+distribute it individually under this License, provided you insert a
+copy of this License into the extracted document, and follow this
+License in all other respects regarding verbatim copying of that
+document.
+
+
+7. AGGREGATION WITH INDEPENDENT WORKS
+
+A compilation of the Document or its derivatives with other separate
+and independent documents or works, in or on a volume of a storage or
+distribution medium, is called an "aggregate" if the copyright
+resulting from the compilation is not used to limit the legal rights
+of the compilation's users beyond what the individual works permit.
+When the Document is included in an aggregate, this License does not
+apply to the other works in the aggregate which are not themselves
+derivative works of the Document.
+
+If the Cover Text requirement of section 3 is applicable to these
+copies of the Document, then if the Document is less than one half of
+the entire aggregate, the Document's Cover Texts may be placed on
+covers that bracket the Document within the aggregate, or the
+electronic equivalent of covers if the Document is in electronic form.
+Otherwise they must appear on printed covers that bracket the whole
+aggregate.
+
+
+8. TRANSLATION
+
+Translation is considered a kind of modification, so you may
+distribute translations of the Document under the terms of section 4.
+Replacing Invariant Sections with translations requires special
+permission from their copyright holders, but you may include
+translations of some or all Invariant Sections in addition to the
+original versions of these Invariant Sections. You may include a
+translation of this License, and all the license notices in the
+Document, and any Warranty Disclaimers, provided that you also include
+the original English version of this License and the original versions
+of those notices and disclaimers. In case of a disagreement between
+the translation and the original version of this License or a notice
+or disclaimer, the original version will prevail.
+
+If a section in the Document is Entitled "Acknowledgements",
+"Dedications", or "History", the requirement (section 4) to Preserve
+its Title (section 1) will typically require changing the actual
+title.
+
+
+9. TERMINATION
+
+You may not copy, modify, sublicense, or distribute the Document
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense, or distribute it is void, and
+will automatically terminate your rights under this License.
+
+However, if you cease all violation of this License, then your license
+from a particular copyright holder is reinstated (a) provisionally,
+unless and until the copyright holder explicitly and finally
+terminates your license, and (b) permanently, if the copyright holder
+fails to notify you of the violation by some reasonable means prior to
+60 days after the cessation.
+
+Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, receipt of a copy of some or all of the same material does
+not give you any rights to use it.
+
+
+10. FUTURE REVISIONS OF THIS LICENSE
+
+The Free Software Foundation may publish new, revised versions of the
+GNU Free Documentation License from time to time. Such new versions
+will be similar in spirit to the present version, but may differ in
+detail to address new problems or concerns. See
+http://www.gnu.org/copyleft/.
+
+Each version of the License is given a distinguishing version number.
+If the Document specifies that a particular numbered version of this
+License "or any later version" applies to it, you have the option of
+following the terms and conditions either of that specified version or
+of any later version that has been published (not as a draft) by the
+Free Software Foundation. If the Document does not specify a version
+number of this License, you may choose any version ever published (not
+as a draft) by the Free Software Foundation. If the Document
+specifies that a proxy can decide which future versions of this
+License can be used, that proxy's public statement of acceptance of a
+version permanently authorizes you to choose that version for the
+Document.
+
+11. RELICENSING
+
+"Massive Multiauthor Collaboration Site" (or "MMC Site") means any
+World Wide Web server that publishes copyrightable works and also
+provides prominent facilities for anybody to edit those works. A
+public wiki that anybody can edit is an example of such a server. A
+"Massive Multiauthor Collaboration" (or "MMC") contained in the site
+means any set of copyrightable works thus published on the MMC site.
+
+"CC-BY-SA" means the Creative Commons Attribution-Share Alike 3.0
+license published by Creative Commons Corporation, a not-for-profit
+corporation with a principal place of business in San Francisco,
+California, as well as future copyleft versions of that license
+published by that same organization.
+
+"Incorporate" means to publish or republish a Document, in whole or in
+part, as part of another Document.
+
+An MMC is "eligible for relicensing" if it is licensed under this
+License, and if all works that were first published under this License
+somewhere other than this MMC, and subsequently incorporated in whole or
+in part into the MMC, (1) had no cover texts or invariant sections, and
+(2) were thus incorporated prior to November 1, 2008.
+
+The operator of an MMC Site may republish an MMC contained in the site
+under CC-BY-SA on the same site at any time before August 1, 2009,
+provided the MMC is eligible for relicensing.
+
+
+ADDENDUM: How to use this License for your documents
+
+To use this License in a document you have written, include a copy of
+the License in the document and put the following copyright and
+license notices just after the title page:
+
+ Copyright (c) YEAR YOUR NAME.
+ Permission is granted to copy, distribute and/or modify this document
+ under the terms of the GNU Free Documentation License, Version 1.3
+ or any later version published by the Free Software Foundation;
+ with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
+ A copy of the license is included in the section entitled "GNU
+ Free Documentation License".
+
+If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts,
+replace the "with...Texts." line with this:
+
+ with the Invariant Sections being LIST THEIR TITLES, with the
+ Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST.
+
+If you have Invariant Sections without Cover Texts, or some other
+combination of the three, merge those two alternatives to suit the
+situation.
+
+If your document contains nontrivial examples of program code, we
+recommend releasing these examples in parallel under your choice of
+free software license, such as the GNU General Public License,
+to permit their use in free software.
diff --git a/doc/govpn.texi b/doc/govpn.texi
index 3f782098a47e829b2d85546cb154a98dda9a8c6c..8d365711980f65168bc3e3c9c642cfa299bcad3f 100644
--- a/doc/govpn.texi
+++ b/doc/govpn.texi
@@ -4,16 +4,17 @@ @documentencoding UTF-8
@settitle GoVPN
@copying
+This manual is for GoVPN -- simple secure free software virtual private
+network (VPN) daemon, written entirely on Go programming language.
+
+Copyright @copyright{} 2014-2015 Sergey Matveev @email{stargrave@@stargrave.org}
+
@quotation
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License, Version 1.3
+or any later version published by the Free Software Foundation;
+with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
+A copy of the license is included below.
@end quotation
@end copying
@@ -34,420 +35,27 @@ * Reporting bugs::
* Copying conditions::
@end menu
-@node Overview
-@unnumbered Overview
-
-GoVPN is simple secure virtual private network daemon. It uses
-@url{https://en.wikipedia.org/wiki/Encrypted_key_exchange, Diffie-Hellman Encrypted Key Exchange}
-(DH-EKE) for mutual zero-knowledge peers authentication and
-authenticated encrypted data transport. It is written entirely on
-@url{http://golang.org/, Go programming language}.
-
-All packets captured on network interface are encrypted, authenticated
-and sent to remote server, that writes them to his interface, and vice
-versa. Client and server use pre-shared authentication key (PSK) and
-128-bit identification key.
-
-Because of stateless UDP nature, after some timeout of inactivity peers
-forget about each other and have to retry handshake process again,
-therefore background heartbeat process will be ran.
-
-Handshake is used to mutually authenticate peers, exchange common secret
-per-session encryption key and check UDP transport availability.
-
-Because of UDP and authentication overhead: each packet grows in size
-during transmission, so you have to lower you maximum transmission unit
-(MTU) on virtual network interface.
-
-High security is the goal for that daemon. It uses fast cryptography
-algorithms with 128bit security margin, strong mutual zero-knowledge
-authentication and perfect-forward secrecy property. An attacker can not
-know anything about payload (except it's size and time) from captured
-traffic, even if pre-shared key is compromised. Rehandshake is performed
-by client every 4 GiB of transfered data.
-
-Each client also has it's own identification key and server works with
-all of them independently. Identification key is not secret, but it is
-encrypted (obfuscated) during transmission.
-
-The only platform specific requirement is TAP network interface support.
-API to that kind of device is different, OS dependent and non portable.
-So only a few operating systems is officially supported. Author has no
-proprietary software to work with, so currently there is lack of either
-popular Microsoft Windows or Apple OS X support.
-
-@itemize @bullet
-@item
-Works with @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
-network interfaces on top of UDP entirely
-@item
-@url{https://www.gnu.org/, GNU}/Linux and
-@url{http://www.freebsd.org/, FreeBSD} support
-@item IPv6 compatible
-@item Encrypted and authenticated transport
-@item Relatively fast handshake
-@item
-@url{https://en.wikipedia.org/wiki/Replay_attack, Replay attack} protection
-@item
-@url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy}
-(if long-term pre-shared keys are compromised, no captured traffic can
-be decrypted anyway)
-@item
-Mutual two-side authentication (noone will send real network interface
-data unless the other side is authenticated)
-@item
-@url{https://en.wikipedia.org/wiki/Zero-knowledge_password_proof, Zero knowledge}
-authentication (pre-shared key is not transmitted in any form between
-the peers, not even it's hash value)
-@item Built-in rehandshake and heartbeat features
-@item Several simultaneous clients support
-@end itemize
+@include overview.texi
@node News
@unnumbered News
@verbatiminclude ../NEWS
-@node Installation
-@unnumbered Installation
-
-GoVPN is written on Go programming language, But
-@url{https://www.gnu.org/software/make/, Make} program is recommended
-also to be used. @url{https://www.gnu.org/software/texinfo/, Texinfo} is
-used for building documentation. Also it depends on
-@code{golang.org/x/crypto} Go libraries.
-
-@include download.texi
-
-You @strong{have to} verify downloaded archives integrity and check
-their signature to be sure that you have got trusted, untampered
-software. For integrity and authentication of downloaded binaries
-@url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must
-download signature provided with the tarball and run for example:
-
-@example
-gpg --verify govpn-1.5.tar.xz.sig govpn-1.5.tar.xz
-@end example
-
-For the very first time you must also import signing public keys. They
-are provided below, but be sure that you are reading them from the
-trusted source. Alternatively check this page from other sources and
-look for the mailing list announcements.
-
-You have to set up @code{$GOPATH} properly first. For example you can
-clone the repository or decompress tarball and set path like this:
-
-@example
-% mkdir -p govpn/src
-% git clone https://github.com/stargrave/govpn.git govpn/src/govpn
-or
-% tar xfC govpn-1.5.tar.xz govpn/src && mv govpn/src/govpn-1.5 govpn/src/govpn
-% export GOPATH=$(pwd)/govpn:$GOPATH
-@end example
-
-After that you can just type @code{make} and all necessary Go libraries
-will be installed and client/server binaries are built in the current
-directory:
-
-@example
-% cd govpn/src/govpn
-% make
-[or gmake under FreeBSD]
-@end example
-
-@include pubkey.texi
-
-@node Precautions
-@unnumbered Precautions
-
-The very important precaution is the @strong{cryptographically good}
-pseudo random number generator. GoVPN uses native operating system PRNG
-as entropy source. You have no way to check it's quality in closed
-source code operating systems, so it is recommended not to use them if
-you really needs security. Moreover it is possible that those OS leaks
-information about possible PRNG states. And at least Apple OS X and
-Microsoft Windows are already known to have weak CSPRNGs.
-
-GoVPN could use it's own PRNG implementation like
-@url{https://www.schneier.com/fortuna.html, Fortuna}, but it is
-much easier to use the right OS, to use free software.
-
-Also you should @strong{never} use one key for multiple clients. Salsa20
-encryption is randomized in each session, but it depends again on PRNG.
-If it fails, produces equal values at least once, then all you traffic
-related to that key could be decrypted.
-
-@node User manual
-@unnumbered User manual
-
-GoVPN is split into two pieces: client and server. Each of them work on
-top of UDP and TAP virtual network interfaces. Client and server have
-several common configuration command line options:
-
-@table @asis
-@item Timeout
-Because of stateless UDP nature there is no way to know if
-remote peer is dead, but after some timeout. Client and server
-heartbeats each other every third part of heartbeat. Also this timeout
-is the time when server purge his obsolete handshake and peers states.
-@item Allowable nonce difference
-To prevent replay attacks we just remembers
-latest received nonce number from the remote peer and drops those who
-has lower ones. Because UDP packets can be reordered during: that
-behaviour can lead to dropping of not replayed ones. This options gives
-ability to create some window of allows difference. That opens the door
-for replay attacks for narrow time interval.
-@item MTU
-Maximum transmission unit.
-@end table
-
-Client needs to know his identification, path to the authentication key,
-remote server's address, TAP interface name, and optional path to up and
-down scripts, that will be executed after connection is either initiated
-or terminated.
-
-Server needs to know only the address to listen on and path to directory
-containing peers information. This directory must contain subdirectories
-with the names equal to client's identifications. Each of them must have
-key file with corresponding authentication key, up.sh script that has to
-print interface's name on the first line and optional down.sh.
-
-@menu
-* Example usage::
-@end menu
-
-@node Example usage
-@section Example usage
-
-Let's assume that there is some insecure link between your computer and
-WiFi-reachable gateway. You have got preconfigured @code{wlan0} network
-interface with 192.168.0/24 network. You want to create virtual
-encrypted and authenticated 172.16.0/24 network and use it as a default
-transport. MTU for that wlan0 is 1500 bytes. GoVPN will say that maximum
-MTU for the link is 1476, however it does not take in account TAP's
-Ethernet frame header length, that in my case is 14 bytes long (1476 - 14).
-
-Do not forget about setting @code{GOMAXPROC} environment variable for
-using more than one CPU.
-
-At first you have to generate client's authentication key and client's
-unique identification. There is @code{utils/newclient.sh} script for
-convenience.
-
-@example
-% ./utils/newclient.sh Alice
-peers/9b40701bdaf522f2b291cb039490312/Alice
-@end example
-
-@code{9b40701bdaf522f2b291cb039490312} is client's identification.
-@code{Alice} is just an empty file that can help to search them like
-this: @verb{|find peers -name Alice|}. @code{key} file inside peer's
-directory contains authentication key.
+@include installation.texi
-GNU/Linux IPv4 client-server example:
+@include precautions.texi
-@example
-server% echo "#!/bin/sh" > peers/CLIENTID/up.sh
-server% echo "echo tap10" >> peers/CLIENTID/up.sh
-server% chmod 500 peers/CLIENTID/up.sh
-server% ip addr add 192.168.0.1/24 dev wlan0
-server% tunctl -t tap10
-server% ip link set mtu 1462 dev tap10
-server% ip addr add 172.16.0.1/24 dev tap10
-server% ip link set up dev tap10
-server% GOMAXPROC=4 govpn-server -bind 192.168.0.1:1194
-@end example
-
-@example
-client% umask 066
-client% echo MYLONG64HEXKEY > key.txt
-client% ip addr add 192.168.0.2/24 dev wlan0
-client% tunctl -t tap10
-client% ip link set mtu 1462 dev tap10
-client% ip addr add 172.16.0.2/24 dev tap10
-client% ip link set up dev tap10
-client% ip route add default via 172.16.0.1
-client% export GOMAXPROC=4
-client% while :; do
- govpn-client -key key.txt -id CLIENTID -iface tap10 -remote 192.168.0.1:1194
-done
-@end example
+@include user.texi
-FreeBSD IPv6 client-server example:
+@include developer.texi
-@example
-server% cat > peers/CLIENTID/up.sh < up.sh < Server|} [48 bytes]
-@item
-server remembers clients address, decrypt @code{CPubKey}, generates
-@code{SPrivKey}/@code{SPubKey}, computes common shared key @code{K}
-(based on @code{CPubKey} and @code{SPrivKey}), generates 64bit random
-number @code{RS} and 256bit random @code{SS}. PSK-encryption uses
-incremented @code{R} (from previous message) for nonce
-@item
-@verb{|enc(PSK, R+1, SPubKey) + enc(K, R, RS + SS) + IDtag -> Client|} [80 bytes]
-@item
-client decrypt @code{SPubKey}, computes @code{K}, decrypts @code{RS},
-@code{SS} with key @code{K}, remembers @code{SS}, generates 64bit random
-number @code{RC} and 256bit random @code{SC},
-@item
-@verb{|enc(K, R+1, RS + RC + SC) + IDtag -> Server|} [56 bytes]
-@item
-server decrypt @code{RS}, @code{RC}, @code{SC} with key @code{K},
-compares @code{RS} with it's own one send before, computes final main
-encryption key @code{S = SS XOR SC}
-@item
-@verb{|ENC(K, 0, RC) + IDtag -> Client|} [16 bytes]
-@item
-server switches to the new client
-@item
-client decrypts @code{RC} and compares with it's own generated one,
-computes final main encryption key @code{S}
-@end enumerate
-
-Where PSK is 256bit pre-shared key. @code{R*} are required for handshake
-randomization and two-way authentication. K key is used only during
-handshake. DH public keys can be trivially derived from private ones.
-
-@node Reporting bugs
-@unnumbered Reporting bugs
-
-Please send all your bug requests, patches and related questions to
-@email{govpn-devel@@lists.cypherpunks.ru} mailing list.
-Either visit @url{https://lists.cypherpunks.ru/mailman/listinfo/govpn-devel}
-for information about subscription options and archived messages access, or
-send email with the subject @code{subscribe} to
-@email{govpn-devel-request@@lists.cypherpunks.ru}.
-
-Official website is @url{http://www.cypherpunks.ru/govpn/}, also available
-as @url{https://www.torproject.org/, Tor} hidden service:
-@url{http://vabu56j2ep2rwv3b.onion/govpn/}.
-Development Git source code repository currently is located here:
-@url{https://github.com/stargrave/govpn.git}.
+@include bugs.texi
@node Copying conditions
@unnumbered Copying conditions
@insertcopying
+@verbatiminclude fdl.txt
@bye
diff --git a/doc/handshake.texi b/doc/handshake.texi
new file mode 100644
index 0000000000000000000000000000000000000000..533fef9cc90d16a068b266dd38a2ecaabefdf1c9
--- /dev/null
+++ b/doc/handshake.texi
@@ -0,0 +1,48 @@
+@node Handshake protocol
+@section Handshake protocol
+
+@verbatiminclude handshake.utxt
+
+Each handshake message ends with so called @code{IDtag}: it is an XTEA
+encrypted first 64 bits of each message with client's identity as a key.
+It is used to transmit identity and to mark packet as handshake message.
+Server can determine used identity by trying all possible known to him
+keys. It consumes resources, but XTEA is rather fast algorithm and
+handshake messages checking is seldom enough event.
+
+@enumerate
+@item
+client generates @code{CPubKey}, random 64bit @code{R} that is used as a
+nonce for encryption
+@item
+@verb{|R + enc(PSK, R, CPubKey) + IDtag -> Server|} [48 bytes]
+@item
+server remembers clients address, decrypt @code{CPubKey}, generates
+@code{SPrivKey}/@code{SPubKey}, computes common shared key @code{K}
+(based on @code{CPubKey} and @code{SPrivKey}), generates 64bit random
+number @code{RS} and 256bit random @code{SS}. PSK-encryption uses
+incremented @code{R} (from previous message) for nonce
+@item
+@verb{|enc(PSK, R+1, SPubKey) + enc(K, R, RS + SS) + IDtag -> Client|} [80 bytes]
+@item
+client decrypt @code{SPubKey}, computes @code{K}, decrypts @code{RS},
+@code{SS} with key @code{K}, remembers @code{SS}, generates 64bit random
+number @code{RC} and 256bit random @code{SC},
+@item
+@verb{|enc(K, R+1, RS + RC + SC) + IDtag -> Server|} [56 bytes]
+@item
+server decrypt @code{RS}, @code{RC}, @code{SC} with key @code{K},
+compares @code{RS} with it's own one send before, computes final main
+encryption key @code{S = SS XOR SC}
+@item
+@verb{|ENC(K, 0, RC) + IDtag -> Client|} [16 bytes]
+@item
+server switches to the new client
+@item
+client decrypts @code{RC} and compares with it's own generated one,
+computes final main encryption key @code{S}
+@end enumerate
+
+Where PSK is 256bit pre-shared key. @code{R*} are required for handshake
+randomization and two-way authentication. K key is used only during
+handshake. DH public keys can be trivially derived from private ones.
diff --git a/doc/installation.texi b/doc/installation.texi
new file mode 100644
index 0000000000000000000000000000000000000000..5aa954311a92ab2755fdeb1acbc1752af6b923fd
--- /dev/null
+++ b/doc/installation.texi
@@ -0,0 +1,39 @@
+@node Installation
+@unnumbered Installation
+
+GoVPN is written on @url{http://golang.org/, Go programming language},
+with @code{golang.org/x/crypto} libraries dependencies.
+@url{https://www.gnu.org/software/make/, GNU Make} is recommended for
+convenient building. @url{https://www.gnu.org/software/texinfo/, Texinfo}
+is used for building documentation.
+
+@include download.texi
+
+You @strong{have to} verify downloaded archives integrity and check
+their signature to be sure that you have got trusted, untampered
+software. For integrity and authentication of downloaded binaries
+@url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must
+download signature provided with the tarball.
+
+For the very first time you have to import signing public keys. They
+are provided below, but be sure that you are reading them from the
+trusted source. Alternatively check this page from other sources (Tor's
+hidden service for example) and look for the mailing list announcements.
+
+For example you can get tarball, set proper @code{$GOPATH} and run
+@code{make} (that will install all necessary libraries and build
+client/server binaries) like this:
+
+@example
+% mkdir -p govpn/src
+% set -e
+% wget http://www.cypherpunks.ru/govpn/download/govpn-2.3.tar.xz
+% wget http://www.cypherpunks.ru/govpn/download/govpn-2.3.tar.xz.sig
+% gpg --verify govpn-2.3.tar.xz.sig govpn-2.3.tar.xz
+% tar xfC govpn-2.3.tar.xz govpn/src
+% mv govpn/src/govpn-2.3 govpn/src/govpn
+% export GOPATH=$(pwd)/govpn:$GOPATH
+% gmake -C govpn/src/govpn all
+@end example
+
+@include pubkey.texi
diff --git a/doc/overview.texi b/doc/overview.texi
new file mode 100644
index 0000000000000000000000000000000000000000..7c5bcc087d53e24f94f5deebf4a9a8d958f81a7e
--- /dev/null
+++ b/doc/overview.texi
@@ -0,0 +1,70 @@
+@node Overview
+@unnumbered Overview
+
+GoVPN is simple secure virtual private network daemon. It uses
+@url{https://en.wikipedia.org/wiki/Encrypted_key_exchange, Diffie-Hellman Encrypted Key Exchange}
+(DH-EKE) for mutual zero-knowledge peers authentication and
+authenticated encrypted data transport. It is written entirely on
+@url{http://golang.org/, Go programming language}.
+
+All packets captured on network interface are encrypted, authenticated
+and sent to remote server, that writes them to his interface, and vice
+versa. Client and server use pre-shared authentication key (PSK) and
+128-bit identification key. There are heartbeat packets used to prevent
+session termination because of peers inactivity.
+
+Handshake is used to mutually authenticate peers, exchange common secret
+per-session encryption key and check UDP transport availability.
+
+Because of UDP and authentication overhead: each packet grows in size
+during transmission, so you have to lower you maximum transmission unit
+(MTU) on virtual network interface.
+
+High security is the goal for that daemon. It uses fast cryptography
+algorithms with 128bit security margin, strong mutual zero-knowledge
+authentication and perfect-forward secrecy property. An attacker can not
+know anything about payload (except it's size and time) from captured
+traffic, even if pre-shared key is compromised. Rehandshake is performed
+by client every 4 GiB of transfered data.
+
+Each client also has it's own identification key and server works with
+all of them independently. Identification key is not secret, but it is
+encrypted (obfuscated) during transmission.
+
+The only platform specific requirement is TAP network interface support.
+API to that kind of device is different, OS dependent and non portable.
+So only a few operating systems is officially supported. Author has no
+proprietary software to work with, so currently there is lack of either
+popular Microsoft Windows or Apple OS X support.
+
+@itemize @bullet
+@item
+Copylefted free software: licensed under
+@url{http://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}
+@item
+Works with @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
+network interfaces on top of UDP entirely
+@item
+@url{https://www.gnu.org/, GNU}/Linux and
+@url{http://www.freebsd.org/, FreeBSD} support
+@item IPv6 compatible
+@item Encrypted and authenticated transport
+@item Relatively fast handshake
+@item
+@url{https://en.wikipedia.org/wiki/Replay_attack, Replay attack} protection
+@item
+@url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy}
+(if long-term pre-shared keys are compromised, no captured traffic can
+be decrypted anyway)
+@item
+Mutual two-side authentication (noone will send real network interface
+data unless the other side is authenticated)
+@item
+@url{https://en.wikipedia.org/wiki/Zero-knowledge_password_proof, Zero knowledge}
+authentication (pre-shared key is not transmitted in any form between
+the peers, not even it's hash value)
+@item Built-in rehandshake and heartbeat features
+@item Several simultaneous clients support
+@item Optional built-in HTTP-server for retrieving information about
+known connected peers in @url{http://json.org/, JSON} format
+@end itemize
diff --git a/doc/precautions.texi b/doc/precautions.texi
new file mode 100644
index 0000000000000000000000000000000000000000..bae37b3ec4e5d02e167d8488264aed1f468c6dd6
--- /dev/null
+++ b/doc/precautions.texi
@@ -0,0 +1,19 @@
+@node Precautions
+@unnumbered Precautions
+
+The very important precaution is the @strong{cryptographically good}
+pseudo random number generator. GoVPN uses native operating system PRNG
+as entropy source. You have no way to check it's quality in closed
+source code operating systems, so it is recommended not to use them if
+you really needs security. Moreover it is possible that those OS leaks
+information about possible PRNG states. And at least Apple OS X and
+Microsoft Windows are already known to have weak CSPRNGs.
+
+GoVPN could use it's own PRNG implementation like
+@url{https://www.schneier.com/fortuna.html, Fortuna}, but it is
+much easier to use the right OS, to use free software.
+
+Also you should @strong{never} use one key for multiple clients. Salsa20
+encryption is randomized in each session, but it depends again on PRNG.
+If it fails, produces equal values at least once, then all you traffic
+related to that key could be decrypted.
diff --git a/doc/transport.texi b/doc/transport.texi
new file mode 100644
index 0000000000000000000000000000000000000000..d0cb75642564dbee51a693c1943fd9bbe9657840
--- /dev/null
+++ b/doc/transport.texi
@@ -0,0 +1,41 @@
+@node Transport protocol
+@section Transport protocol
+
+@verbatim
+ENCn(SERIAL) + ENC(KEY, ENCn(SERIAL), DATA) +
+ AUTH(ENCn(SERIAL) + ENC(KEY, ENCn(SERIAL), DATA))
+@end verbatim
+
+All transport and handshake messages are indistinguishable from
+pseudo random noise.
+
+@code{SERIAL} is message's serial number. Odds are reserved for
+client(→server) messages, evens for server(→client) messages.
+
+@code{ENCn} is XTEA block cipher algorithm used here as PRP (pseudo
+random permutation) to randomize, obfuscate @code{SERIAL}. Plaintext
+@code{SERIAL} state is kept in peers internal state, but encrypted
+before transmission. XTEA is compact and fast enough. Salsa20 is PRF
+function and requires much more code to create PRP from it. XTEA's
+encryption key is the first 128-bit of Salsa20's output with established
+common key and zero nonce (message nonces start from 1).
+
+Encrypted @code{SERIAL} is used as a nonce for @code{DATA} encryption:
+encryption key is different during each handshake, so (key, nonce) pair
+is always used only once. @code{ENC} is Salsa20 cipher, with established
+session @code{KEY} and encrypted @code{SERIAL} used as a nonce.
+
+@code{AUTH} is Poly1305 authentication function. First 256 bits of
+Salsa20 output are used as a one-time key for @code{AUTH}. Next 256 bits
+of Salsa20 are ignored. All remaining output is XORed with the data,
+encrypting it.
+
+To prevent replay attacks we remember latest @code{SERIAL} from the
+remote peer. If received message's @code{SERIAL} is not greater that the
+saved one, then drop it. Optionally, because some UDP packets can be
+reordered during transmission, we can allow some window for valid
+serials with the @code{-noncediff} option. @code{-noncediff 10} with
+current saved serial state equals to 78 allows messages with 68…78
+serials. That time window can be used by attacker to replay packets, so
+by default it equals to 1. However it can improve performance because of
+rearranged UDP packets.
diff --git a/doc/user.texi b/doc/user.texi
new file mode 100644
index 0000000000000000000000000000000000000000..193e9456979fb238b2f584598fa21e0ec4827101
--- /dev/null
+++ b/doc/user.texi
@@ -0,0 +1,146 @@
+@node User manual
+@unnumbered User manual
+
+Announcements about updates and new releases can be found in
+@ref{Reporting bugs}.
+
+GoVPN is split into two pieces: client and server. Each of them work on
+top of UDP and TAP virtual network interfaces. Client and server have
+several common configuration command line options:
+
+@table @asis
+@item Timeout
+Because of stateless UDP nature there is no way to know if
+remote peer is dead, but after some timeout. Client and server
+heartbeats each other every third part of heartbeat. Also this timeout
+is the time when server purge his obsolete handshake and peers states.
+@item Allowable nonce difference
+To prevent replay attacks we just remember latest received nonce number
+from the remote peer and drop those who has lower ones. Because UDP
+packets can be reordered: that behaviour can lead to dropping of not
+replayed ones. This option gives ability to create some window of
+allowable difference. That opens the door for replay attacks for narrow
+time interval.
+@item MTU
+Maximum transmission unit, maximum frame size that is acceptable on TAP
+interface.
+@end table
+
+Client needs to know his identification, path to the authentication key,
+remote server's address, TAP interface name, and optional path to up and
+down scripts, that will be executed after connection is either initiated
+or terminated.
+
+Server needs to know only the address to listen on and path to directory
+containing peers information. This directory must contain subdirectories
+with the names equal to client's identifications. Each of them must have
+@strong{key} file with corresponding authentication key, @strong{up.sh}
+script that has to print interface's name on the first output line.
+Optionally there can be @code{down.sh} that will be executed when client
+disconnects, and @code{name} file containing human readable client's name.
+
+Each of them have ability to show statistics about known connected
+peers. If you specify @emph{host:port} in @code{-stats} argument, then
+it will run HTTP server on it, responding with JSON documents.
+
+@menu
+* Example usage::
+@end menu
+
+@node Example usage
+@section Example usage
+
+Let's assume that there is some insecure link between your computer and
+WiFi-reachable gateway. You have got preconfigured @code{wlan0} network
+interface with 192.168.0/24 network. You want to create virtual
+encrypted and authenticated 172.16.0/24 network and use it as a default
+transport. MTU for that wlan0 is 1500 bytes. GoVPN will say that maximum
+MTU for the link is 1476, however it does not take in account TAP's
+Ethernet frame header length, that in my case is 14 bytes long (1476 - 14).
+
+Do not forget about setting @code{GOMAXPROC} environment variable for
+using more than one CPU.
+
+At first you have to generate client's authentication key and client's
+unique identification. There is @code{utils/newclient.sh} script for
+convenience.
+
+@example
+% ./utils/newclient.sh Alice
+9b40701bdaf522f2b291cb039490312
+@end example
+
+@code{9b40701bdaf522f2b291cb039490312} is client's identification.
+@code{peers/9b40701bdaf522f2b291cb039490312/name} contains @emph{Alice},
+@code{peers/9b40701bdaf522f2b291cb039490312/key} contains authentication key and
+@code{peers/9b40701bdaf522f2b291cb039490312/up.sh} contains currently
+dummy empty up-script.
+
+GNU/Linux IPv4 client-server example:
+
+@example
+server% echo "echo tap10" >> peers/CLIENTID/up.sh
+server% ip addr add 192.168.0.1/24 dev wlan0
+server% tunctl -t tap10
+server% ip link set mtu 1462 dev tap10
+server% ip addr add 172.16.0.1/24 dev tap10
+server% ip link set up dev tap10
+server% GOMAXPROC=4 govpn-server -bind 192.168.0.1:1194
+@end example
+
+@example
+client% umask 066
+client% echo MYLONG64HEXKEY > key.txt
+client% ip addr add 192.168.0.2/24 dev wlan0
+client% tunctl -t tap10
+client% ip link set mtu 1462 dev tap10
+client% ip addr add 172.16.0.2/24 dev tap10
+client% ip link set up dev tap10
+client% ip route add default via 172.16.0.1
+client% export GOMAXPROC=4
+client% while :; do
+ govpn-client -key key.txt -id CLIENTID -iface tap10 -remote 192.168.0.1:1194
+done
+@end example
+
+FreeBSD IPv6 client-server example, with stats enabled on the server
+(localhost's 5678 port):
+
+@example
+server% cat > peers/CLIENTID/up.sh < up.sh <= 0 && int(p.nonceRecv) < int(p.NonceRecv)-Noncediff {
ready <- struct{}{}
+ p.FramesDup++
return false
}
ready <- struct{}{}
p.LastPing = time.Now()
p.NonceRecv = p.nonceRecv
p.frame = p.buf[S20BS : S20BS+size-NonceSize-poly1305.TagSize]
- p.Bytes += int64(len(p.frame))
+ p.BytesIn += int64(len(p.frame))
+ p.FramesIn++
if subtle.ConstantTimeCompare(p.frame[:HeartbeatSize], HeartbeatMark) == 1 {
+ p.HeartbeatRecv++
return true
}
tap.Write(p.frame)
@@ -267,6 +282,7 @@ if size > 0 {
copy(p.buf[S20BS:], ethPkt)
ready <- struct{}{}
} else {
+ p.HeartbeatSent++
copy(p.buf[S20BS:], HeartbeatMark)
size = HeartbeatSize
}
@@ -282,7 +298,8 @@ copy(p.keyAuth[:], p.buf[:KeySize])
p.frame = p.buf[S20BS-NonceSize : S20BS+size]
poly1305.Sum(p.tag, p.frame, p.keyAuth)
- p.Bytes += int64(len(p.frame))
+ p.BytesOut += int64(len(p.frame))
+ p.FramesOut++
p.LastSent = now
if _, err := conn.WriteTo(append(p.frame, p.tag[:]...), p.Addr); err != nil {
log.Println("Error sending UDP", err)
diff --git a/utils/makedist.sh b/utils/makedist.sh
index 9b2ac21201d52aab53e7804963f4614552d5fb28..9e2e3656c38b88678b980701ed703a3be2732ef3 100755
--- a/utils/makedist.sh
+++ b/utils/makedist.sh
@@ -10,6 +10,7 @@ git checkout $release
rm -fr .git
find . -name .gitignore -delete
echo > doc/download.texi
+rm utils/makedist.sh
make -C doc
cd $tmp
tar cvf govpn-"$release".tar govpn-"$release"
diff --git a/utils/newclient.sh b/utils/newclient.sh
index 620aac71538a6240294a4c7adc24f2577c5994c6..68469b66aa63047f9019937506dc9d2087ba3c7a 100755
--- a/utils/newclient.sh
+++ b/utils/newclient.sh
@@ -9,8 +9,8 @@
[ -n "$1" ] || {
cat <
EOF
@@ -22,5 +22,7 @@ peerid=$(getrand 16)
umask 077
mkdir -p peers/$peerid
getrand 32 > peers/$peerid/key
-touch peers/$peerid/$1
-echo peers/$peerid/$1
+echo $username > peers/$peerid/name
+echo '#!/bin/sh' > peers/$peerid/up.sh
+chmod 700 peers/$peerid/up.sh
+echo $peerid