Zero security vulnerabilities in 4 years.
What is Sanctum?
Sanctum is a small, reviewable, capable, PQ-secure and fully privilege separated novel VPN daemon and protocol designed to run under OpenBSD, Linux and MacOS.
It is designed from the ground up with security in mind and will always be open and free, licensed under the ISC license.
Sanctum uses strong cryptography and a unique hybridized key exchange that combines symmetrical keying with classical and PQ-secure asymmetry. See the cryptography page for a detailed description of the cryptosystem in sanctum.
It allows the creation of different topologies from traditional site-to-site or client-to-site tunnels, to one-way tunnels or p2p e2ee secure links between devices, even when behind NAT.
Using the library implementation found in libkyrka you can embed sanctum its secure p2p e2ee tunnels directly into your applications.
Sanctum is often used to create more secure replacements for things like Tailscale or Zerotier and by organizations who's communication must remain a secret, even in the future.
Talks
Found a security issue?
Send an email to <priests snabel-a sanctorum punkt se> and we will work with you to correct it.