I am pleased to announce GoVPN 3.0 release availability! GoVPN is simple secure free software virtual private network daemon, aimed to be reviewable, secure, DPI-resistant, written on Go. It uses fast PAKE DH A-EKE for mutual strong zero-knowledge peers authentication. Data transport is encrypted, authenticated, hides message's length and timestamp. PFS property, resistance to dictionary attacks, replay attacks. Built-in heartbeating, rehandshaking, real-time statistics, IPv4/IPv6-compatibility. GNU/Linux and FreeBSD support. GoVPN's home page is: http://www.cypherpunks.ru/govpn/ also available as Tor hidden service: http://vabu56j2ep2rwv3b.onion/govpn/ Source code for that version can be found here: http://www.cypherpunks.ru/govpn/download/govpn-3.0.tar.xz SHA256: 12579c5c3cccfe73c66b5893335bc70c42d7b13b8e94c7751ec65d421eaff9a5 and corresponding signature is: http://www.cypherpunks.ru/govpn/download/govpn-3.0.tar.xz.sig GPG key ID: 0xFFE2F4A1 GoVPN release signing key Fingerprint: D269 9B73 3C41 2068 D8DA 656E F2F5 9045 FFE2 F4A1 The main improvements for that major release are: * EKE protocol is replaced by Augmented-EKE and static symmetric (both sides have it) pre-shared key replaced with server-side verifier. This requires, 64 more bytes in handshake traffic, Ed25519 dependency with corresponding sign/verify computations, PBKDF2 dependency and its usage on the client side during handshake. A-EKE with PBKDF2-based verifiers is resistant to dictionary attacks, can use human memorable passphrases instead of static keys and server-side verifiers can not be used for authentication (compromised server does not leak client's authentication keys/passphrases). * Changed transport message structure: added payload packet's length. This will increase transport overhead for two bytes, but heartbeat packets became smaller * Ability to hide underlying packets lengths by appending noise, junk data during transmission. Each packet can be fill up-ed to it's maximal MTU size. * Ability to hide underlying packets appearance rate, by generating Constant Packet Rate traffic. This includes noise generation too. * Per-peer -timeout, -noncediff, -noise and -cpr configuration options. -- Happy hacking, Sergey Matveev