From 85218e665c5fc4a7698479f4b3a4fc0f73deb29f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrien=20Gallou=C3=ABt?= Date: Sun, 12 Jan 2020 15:41:57 +0100 Subject: [PATCH] Updated Home (markdown) --- Home.md | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/Home.md b/Home.md index 13423d4..28653f7 100644 --- a/Home.md +++ b/Home.md @@ -1 +1,34 @@ -Welcome to the glorytun wiki! +# Glorytun + +Glorytun is a small, simple and secure VPN over [mud](https://github.com/angt/mud). + +## Features + + * **Fast and highly secure** + + Glorytun uses a new and very fast AEAD construction called AEGIS-256 if AES-NI is available otherwise ChaCha20-Poly1305 is used. + Of course, you can force the use of ChaCha20-Poly1305 for higher security. + All messages are encrypted, authenticated and timestamped to mitigate a large set of attacks. + This implies that the client and the server must be synchronized, an offset of 10min is accepted by default. + Perfect forward secrecy is also implemented with ECDH over Curve25519. Keys are rotated every hours. + + * **Multipath and failover** + + Connectivity is now crucial, especially in the SD-WAN world. + This feature allows a TCP connection (and all other protocols) to explore and exploit all available links without being disconnected. + Aggregation should work on all conventional links. + Only very high latency (+500ms) links are not recommended for now. + Backup paths are also supported, they will be used only in case of emergency, it is useful when aggregation is not your priority. + + * **Traffic shaping** + + Shaping is very important in network, it allows to keep a low latency without sacrificing the bandwidth. + It also helps the multipath scheduler to make better decisions. + Currently it must be configured by hand, but soon Glorytun will do it for you. + + * **Path MTU discovery without ICMP** + + Bad MTU configuration is a very common problem in the world of VPN. + As it is critical, Glorytun will try to setup it correctly by guessing its value. + It doesn't rely on Next-hop MTU to avoid ICMP black holes. + In asymmetric situations the minimum MTU is selected.