I took a quick look at the crypto design here, and it is deeply flawed. Please don't use this.<p>The key exchange is simply an XOR of the pre-shared key with the session key instead of a proper key wrapping, there's no chaining mode specified for the AES encryption as far as I can see and perhaps most critically none of the data is authenticated.<p>A great example of "don't roll your own crypto".
tinc [1] is very lightweight and simple to set up. There's also ssh -w for quick and easy tun-over-Internet connections.<p>[1] <a href="https://www.tinc-vpn.org" rel="nofollow">https://www.tinc-vpn.org</a>
You can also use IPSec with manual keys which works out of the box tools and is standard, interops with other platforms as well, even with router OSes. On linux side eg like this: <a href="https://unix.stackexchange.com/questions/638436/rekey-ipsec-using-ip-xfrm" rel="nofollow">https://unix.stackexchange.com/questions/638436/rekey-ipsec-...</a>
This is a good time to mention vpncloud, a fantastic Linux-daemon solution for connecting several cloud machines together without relying on cloud provider dependent VPNs. I've been using vpncloud in production for several years now and it has been rock solid and reliable.
I've made some improvements to shortwire, including support for ChaCha20-Poly1305 in addition to AES.<p>It may not perfect, but I think it's a lot better.
Here is a dead simple VPN, by the developer of libsodium<p><a href="https://github.com/jedisct1/dsvpn">https://github.com/jedisct1/dsvpn</a>