diff options
| -rw-r--r-- | README.md | 16 | ||||
| -rw-r--r-- | docs/architecture.md | 47 | ||||
| -rw-r--r-- | docs/security.md | 30 |
3 files changed, 91 insertions, 2 deletions
@@ -4,14 +4,26 @@ The system service/daemon, GUI and CLI for the Mullvad VPN app. ## Releases -There are built and signed releases for macOS, Windows and Linux available on +There are built and signed releases for macOS, Windows, Linux and Android available on [our website](https://mullvad.net/download/) and on [Github](https://github.com/mullvad/mullvadvpn-app/releases/). -Support for Android and iOS is in the making. +Support for iOS is in the making. You can find our code signing keys as well as instructions for how to cryptographically verify your download on [Mullvad's Open Source page]. +## Features + +Here is a table containing the features of the app accross platforms. This reflects the current +state of latest master, not necessarily any existing release. + +| | Windows | Linux | macOS | Android | +|-------------------------------|:-------:|:-----:|:-----:|:-------:| +| OpenVPN | ✓ | ✓ | ✓ | | +| WireGuard | | ✓ | ✓ | ✓ | +| OpenVPN over Shadowsocks | ✓ | ✓ | ✓ | | +| Optional local network access | ✓ | ✓ | ✓ | | + ## Checking out the code This repository contains submodules needed for building the app. However, some of those submodules diff --git a/docs/architecture.md b/docs/architecture.md new file mode 100644 index 0000000000..f87c18fb33 --- /dev/null +++ b/docs/architecture.md @@ -0,0 +1,47 @@ +# Mullvad VPN app architecture + +This document describes the code architecture and how everything fits together. + +For security and anonymity properties, please see [security](security.md). + +## Mullvad vs talpid + +Explain the differences between these layers and why the distinction exists. +My thought was that after this section every aspect of the app is explained +under either the Mullvad or the Talpid header. So it's clear which part they +belong to. I yet don't know if this makes sense though. + + +## Mullvad part of daemon + +### Frontend <-> system service communication + +### Talking to api.mullvad.net + +### Selecting relay and bridge servers + +### Problem reports + + +## Talpid part of daemon + +### Tunnel state machine + +### System DNS management + +### Firewall integration + +### Detecting device offline + +### OpenVPN plugin and communication back to system service + + +## Frontends + +### Desktop Electron app + +### Android + +### iOS + +### CLI diff --git a/docs/security.md b/docs/security.md new file mode 100644 index 0000000000..af2d8f5f3d --- /dev/null +++ b/docs/security.md @@ -0,0 +1,30 @@ +# Mullvad VPN app security + +This document describes the security properties of the Mullvad VPN app. It describes it for all +platforms and their differences. + +This document does not describe *how* we reach and uphold these properties, just what they are. +See the [architecture](architecture.md) document for details on how this security is implemented. + + +## App states + +### Disconnected + +### Connecting + +### Connected + +### Disconnecting + +### Blocked + + +## Firewall + +The states above should probably explain what can and can't be reached in the different states. +But we might need/want this section in case there is something that does not fit above. + +## DNS + +Where are DNS requests sent? |