Sanctum || A pq-safe and sandboxed VPN daemon

Sanctum About This is a small, reviewable, capable, pq-safe and fully privilege separated VPN daemon for OpenBSD, Linux and MacOS. Due to its privilege separated design, sanctum guarantees that all of its important assets are separated from the processes that talk to the internet or handle non-cryptography related things. Additionally when making use of sanctum's cathedrals one can get peer-to-peer tunnels that are able to traverse NAT, allowing your devices to talk to each other directly no matter where they are without having to open pesky firewall ports or fiddle with forward rules. See The Reliquary for an example on this. Privilege separation There are several processes that make up a sanctum instance: Process name Description bless The process responsible for encrypting packets. confess The process responsible for decrypting packets. chapel The process responsible for deriving new TX/RX keys from a key. heaven-rx The process receiving packets on the inner interface. heave ... Read full article.