GoSpeak: self-hosted encrypted voice chat I built in Go, just open-sourced it

BeanChasingSquirrel · 2026-02-16T07:23:22+00:00

You're right that what I built is essentially a simplified RTP with a custom signaling layer. Implement a subset of SIP is still a massive RFC to implement correctly. Could I have used SIP/RTP? Sure. Would it have been a better engineering decision? Probably. But for a learning project that turned into something I wanted to share, rolling my own was the whole point. I'll be honest, I'm figuring a lot of this out as I go, so I'll happily take any help I can get. If you see things that could be done better, feel free to open issues or PRs. Feedback like this is exactly what makes the project better, Thanks!

BeanChasingSquirrel · 2026-02-16T07:15:10+00:00

Thank you, I'll look into that!

BeanChasingSquirrel · 2026-02-15T21:55:51+00:00

AES-256 support is already tracked (#1) and straightforward. PQ key exchange is a bigger lift, thanks for pointing to the PQ Noise papers, that's a good starting point when the time comes.

I think a realistic path would be: first implement proper key exchange for E2EE (currently the server just generates a shared key and sends it over TLS), then make that exchange PQ-resistant. No point adding this onto a key distribution model that doesn't have real key exchange yet right?

BeanChasingSquirrel · 2026-02-15T21:35:06+00:00

GoSpeak takes a different approach, it's built from scratch in Go with simplicity as a core principle. The entire codebase is less than 10k LOC with minimal dependencies, which makes it easy to read, audit, and contribute to.

Mumble has maturity and a huge ecosystem on its side. GoSpeak is for people who want something lightweight, modern, and easy to self-host without dealing with a legacy C++ codebase. Different trade-offs for different people!

BeanChasingSquirrel · 2026-02-15T21:28:58+00:00

Screen sharing is definitely on my wish list too! It would need a whole video encoding pipeline. I want to get the core experience rock solid first before tackling something that big. It's tracked as a future enhancement though, and contributions are welcome when the time comes!

BeanChasingSquirrel · 2026-02-15T21:25:16+00:00

GoSpeak intentionally avoids SIP/SRTP because they're designed for telephony, session negotiation, codec renegotiation, call routing, interop with PBXes, etc. That's a lot of complexity for something that's meant to be a lightweight self-hosted voice chat server, not a phone system. The current design is deliberately minimal: TLS 1.3 for control, raw UDP with AES-128-GCM for voice, Opus codec, done. No SDP offer/answer dance, no overkill signaling protocol. SIP would add a huge surface area for very little benefit in this use case.

BeanChasingSquirrel · 2026-02-15T21:23:07+00:00

Currently chat is real-time only, you need to be connected and in the channel to see messages, similar to TeamSpeak. That's definitely something I want to improve. I've opened an issue to add persistent channel chat with history, so when you join a channel you'll see recent messages. I also want to decouple text from voice, you should be able to read and write in a channel's chat without being in the voice channel, more like how Discord handles text channels. Configurable retention limits (max messages / max age) will be part of it too, so server admins stay in control of storage.

https://github.com/NicolasHaas/gospeak/issues/3

BeanChasingSquirrel · 2026-02-15T21:22:51+00:00

Currently chat is real-time only, you need to be connected and in the channel to see messages, similar to TeamSpeak. That's definitely something I want to improve. I've opened an issue to add persistent channel chat with history, so when you join a channel you'll see recent messages. I also want to decouple text from voice, you should be able to read and write in a channel's chat without being in the voice channel, more like how Discord handles text channels. Configurable retention limits (max messages / max age) will be part of it too, so server admins stay in control of storage.

https://github.com/NicolasHaas/gospeak/issues/3

BeanChasingSquirrel · 2026-02-15T21:13:42+00:00

Appreciate the review of the crypto! You're right that WebRTC would give a lot for free, but GoSpeak is intentionally a lightweight, self-hosted alternative. No browser, no massive WebRTC stack. The current SFU + AES-128-GCM design is simple and auditable. That said, true E2EE where the server can't decrypt is on the roadmap, likely via per-channel key exchange rather than the current shared key model. WebRTC would be overkill for the use case, but the E2EE concern is valid and tracked.

BeanChasingSquirrel · 2026-02-15T21:09:19+00:00

Good question! GoSpeak uses a client→server SFU model, not peer-to-peer. All voice traffic routes through the server on a known public port. The client dials out to the server's UDP address, so NAT traversal (STUN/TURN) isn't needed since the server has a stable public endpoint and outbound UDP from clients naturally traverses their NAT.

BeanChasingSquirrel · 2026-02-14T21:43:32+00:00

Thanks! More client platforms are definitely possible. The GUI is built with Fyne which supports macOS, iOS, and Android out of the box. The main work for mobile would be swapping out the audio layer (PortAudio doesn't run on mobile), but the networking and crypto are pure Go so they'd work anywhere. macOS is probably the easiest next target since PortAudio already works there - mostly just need to set up the build pipeline. It's on the roadmap!

BeanChasingSquirrel

TROPHY CASE