From 1ce919c1e57eac8029ea64ce75002e45b6eedec1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrien=20Gallou=C3=ABt?= Date: Tue, 8 Oct 2019 07:31:11 +0000 Subject: [PATCH] Update README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Adrien Gallouët --- README.md | 39 ++++++++++++++++++--------------------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index b7b29cb..41257b4 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,7 @@ Linux is the platform of choice but the code is standard so it should be easily It was successfully tested on OpenBSD, FreeBSD and MacOS. IPv4 and IPv6 are supported. +On Linux you can have both at the same time by binding `::`. ## Features @@ -18,17 +19,16 @@ The key features of Glorytun come directly from mud: * **Fast and highly secure** - The use of UDP and [libsodium](https://github.com/jedisct1/libsodium) allows you to secure - your communications without impacting performance. - Glorytun uses AEGIS-256 only if AES-NI is available otherwise ChaCha20Poly1305 is used. - If you are not cpu bounded, you can force the use of ChaCha20Poly1305 for higher security. - All messages are encrypted, authenticated and marked with a timestamp. - Perfect forward secrecy is also implemented with ECDH over Curve25519. + The use of UDP and libsodium allows you to secure your communications without impacting performance. + Glorytun uses AEGIS-256 (a new and very fast AEAD construction) only if AES-NI is available otherwise ChaCha20-Poly1305 is used. + Of course, you can force the use of ChaCha20-Poly1305 for higher security. + All messages are encrypted, authenticated and timestamped to mitigate a large set of attacks. + Perfect forward secrecy is also implemented with ECDH over Curve25519. Keys are rotated every hours. * **Multipath and active failover** - This is the main feature of Glorytun that allows to build an SD-WAN like service. - This allows a TCP connection to explore and exploit multiple links without being disconnected. + Connectivity is now crucial, especially in the SD-WAN world. + This feature allows a TCP connection (and all other protocols) to explore and exploit all available links without being disconnected. Aggregation should work on all conventional links, only very high latency (+500ms) links are not recommended for now. * **Traffic shaping** @@ -41,7 +41,7 @@ The key features of Glorytun come directly from mud: Bad MTU configuration is a very common problem in the world of VPN. As it is critical, Glorytun will try to setup it correctly by guessing its value. - It doesn't rely on ICMP Next-hop MTU to avoid black holes. + It doesn't rely on Next-hop MTU to avoid ICMP black holes. In asymmetric situations the minimum MTU is selected. ## Caveats @@ -71,19 +71,16 @@ The more classical autotools suite is also available. Just run `glorytun` with no arguments to view the list of available commands: -``` -$ glorytun -available commands: + $ glorytun + available commands: - show show tunnel info - bench start a crypto bench - bind start a new tunnel - set change tunnel properties - keygen generate a new secret key - path manage paths - version show version - -``` + show show tunnel info + bench start a crypto bench + bind start a new tunnel + set change tunnel properties + keygen generate a new secret key + path manage paths + version show version Use the keyword `help` after a command to show its usage.