Sanctum || A pq-safe and sandboxed VPN daemon
a year ago
- #VPN
- #OpenBSD
- #Security
- Sanctum is a privilege-separated VPN daemon for OpenBSD, Linux, and MacOS, ensuring security by isolating critical assets.
- It supports peer-to-peer tunnels that can traverse NAT, eliminating the need for firewall port configurations.
- Sanctum consists of multiple processes, each with a specific role, such as encryption (bless), decryption (confess), and key derivation (chapel).
- Processes are sandboxed and run under separate users, except for guardian and bishop, which have broader system access.
- The VPN uses a post-quantum safe key exchange, combining ECDH (x25519) and ML-KEM-1024, with traffic encrypted under AES256-GCM.
- Sanctum supports one-directional tunnels (pilgrim and shrine modes) and peer-to-peer connections via cathedrals, which act as relays without accessing session keys.
- Configuration involves setting up instance details, shared secrets, tunnel parameters, and process users.
- Sanctum can be built from source on supported platforms and requires libsodium for cryptographic operations.