* Thu Nov 23 2017 sor.alexei@meowr.ru
- Update to version 7.4:
* Tiny refactoring. Go 1.9 is a minimal required version.
* Dependant cryptographic libraries are updated.
- Add govpn-go-1.7-compat.patch: Restore Go 1.7 compatibility.
Apply it on openSUSE older than Leap 15.0.
* Thu May 11 2017 jengelh@inai.de
- Do not suppress errors from user/group creation
- Fix grammar problems in description, and drop filler wording.
* Tue May 09 2017 sor.alexei@meowr.ru
- Update to version 7.3 (changes since 5.10):
* Argon2d is replaced with Balloon hashing. Found Argon2
libraries written on pure Go have various problems. Moreover
Argon2i should be used instead, but it has some possible
cryptographic defects (http://eprint.iacr.org/2016/027).
So it is replaced with much more simpler (and seems even
cryptographically better) Balloon hashing
(https://crypto.stanford.edu/balloon/).
* (X)Salsa20 is replaced with ChaCha20. Theoretically it should
be faster and more secure. Previous versions are not compatible
with it!
* Ability to use TUN-interfaces under GNU/Linux.
* Fix a bug in client?s identity generation and detection code:
simultaneous clients may be incorrectly identified, preventing
their connection establishing and allowing DPI to detect GoVPN
packets.
* Fix seldom possible segmentation fault on the server during
rehandshake.
* Dependant cryptographic libraries are updated.
* Sat Jul 23 2016 sor.alexei@meowr.ru
- Update to version 5.10 (changes since 5.8):
* Client reconnects in the loop when connection is lost.
Optionally you can disable that behaviour: client will exit
immediately, as it previously did.
* -version option added, printing application version.
* Sat May 28 2016 sor.alexei@meowr.ru
- Update to version 5.8:
* Optional ability to use syslog for logging, with RFC 5424-like
structured records.
* XTEA algorithm is not used anymore for nonce obfuscation, but
BLAKE2b-MAC instead. Encryptionless mode now really does not
depend on encryption functions.
* Thu Mar 17 2016 sor.alexei@meowr.ru
- Update to 5.7:
* TAP interface name and remote peer's address are passed to up-
and down- scripts through environment variables.
* Update Argon2 library to use version 1.3 of the algorithm.
* Thu Feb 11 2016 sor.alexei@meowr.ru
- Update to 5.6 (changes since 5.2):
* Ability to read passphrases directly from the terminal (user's
input) without using of keyfiles. storekey.sh utility removed.
* Fix minor bug with newclient.sh that caught "Passphrase:"
prompt and inserted it into example YAML output.
Just replaced stdout output to stderr for that prompt.
* Add optional Timesync requirement.
It will add timestamps in handshake PRP authentication,
disallowing to repeat captured packet and get reply from the
server, making it visible to DPI.
* Ability to work on 32-bit platforms. sync library has some
specific issues that caused panics on previous versions.
* Add up/down example script for replacing default route.
* Fix documentation bug: .info was not being installed.
* Fri Jan 15 2016 sor.alexei@meowr.ru
- Update to 5.2 (changes since 4.2):
* New optional encryptionless mode of operation.
Technically no encryption functions are applied for outgoing
packets, so you can not be forced to reveal your encryption
keys or sued for encryption usage.
* MTUs are configured on per-user basis.
* Simplified payload padding scheme, saving one byte of data.
* Ability to specify TAP interface name explicitly without any
up-scripts for convenience.
* govpn-verifier utility now also can use EGD.
* Server is configured using YAML file. It is very convenient to
have comments and templates, comparing to JSON.
* Incompatible with previous versions replacement of HSalsa20
with BLAKE2b in handshake code.
* Ability to read passphrases directly from the terminal (user's
input) without using of keyfiles. storekey.sh utility removed.
* Fri Nov 20 2015 sor.alexei@meowr.ru
- Update to 4.2 (changes since 4.0):
* Argon2d is used instead of PBKDF2 for password verifier hashing.
* Client's identity is stored inside the verifier, so it
simplifies server-side configuration and the code.
* Fix non-critical bug when server may fail if up-script is not
executed successfully.
* Sun Sep 20 2015 sor.alexei@meowr.ru
- Initial package.