What is Sanctum?
Sanctum is a small, reviewable, capable, PQ-secure and fully privilege separated novel VPN daemon and protocol designed to run under OpenBSD, Linux and MacOS.
It is designed from the ground up with security in mind and will always be open and free, licensed under the ISC license.
Sanctum uses strong cryptography and a unique hybridized key exchange that combines symmetrical keying with classical and PQ-secure asymmetry. See the cryptography page for a detailed description of the cryptosystem in sanctum.
It allows the creation of different topologies from traditional site-to-site or client-to-site tunnels, to one-way tunnels or p2p e2ee secure links between devices, even when behind NAT.
Sanctum is often used to create more secure replacements for things like Tailscale or Zerotier.
Talks
Getting in touch
Found a security issue or want to contribute patches to the project?
Send an email to <priests snabel-a sanctorum punkt se>