Hyper-V 2019: unable to create wintun device: no interfaces found

Hyper-V 2019: unable to create wintun device: no interfaces found

[Joachim Lindenberg]

[-- Attachment #1.1: Type: text/plain, Size: 783 bytes --]

Hello,

I am using Wireguard for quite some time on Ubuntu, and am now trying to use
it on Hyper-V 2019 as well. My goal is to set up a VPN between two Hyper-V
systems and allow connections between the virtual machines hosted (including
Samba AD DCs).

I downloaded and installed Wireguard for Windows, and created a tunnel
configuration on server and client. However when I try to activate any of
these, I get the message “Unable to create Wintun device: no interfaces
found” on both sides.

To me it doesn´t look  like an issue with the configuration but more likely
WinTun is missing (tried to download separately, but as it is a .msm I
assume that is included in wireguard installation) or does not work with
Hyper-V 2019.

Any suggestion?

Thanks, Joachim


[-- Attachment #1.2: Type: text/html, Size: 2933 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Hyper-V 2019: unable to create wintun device: no interfaces found

[Jason A. Donenfeld]

On Sun, Aug 25, 2019 at 9:34 AM Joachim Lindenberg
<wireguard@lindenberg.one> wrote:
>
> Hello,
>
> I am using Wireguard for quite some time on Ubuntu, and am now trying to use it on Hyper-V 2019 as well. My goal is to set up a VPN between two Hyper-V systems and allow connections between the virtual machines hosted (including Samba AD DCs).
>
> I downloaded and installed Wireguard for Windows, and created a tunnel configuration on server and client. However when I try to activate any of these, I get the message “Unable to create Wintun device: no interfaces found” on both sides.
>
> To me it doesn´t look  like an issue with the configuration but more likely WinTun is missing (tried to download separately, but as it is a .msm I assume that is included in wireguard installation) or does not work with Hyper-V 2019.
>
> Any suggestion?
>
> Thanks, Joachim

Interesting. We just reworked the Wintun installation process, to
hopefully make it more reliable. Could you try again, and perhaps
provide a bit of logging too?

Try running this:

msiexec /log send-to-jason-please.txt /i
https://download.wireguard.com/windows-client/wireguard-amd64-0.0.22.msi
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

AW: Hyper-V 2019: unable to create wintun device: no interfaces found

[Joachim Lindenberg]

Hello Jason, all,
my experiments were actually roughly three weeks ago with versions .18 and .19, and that mail was somehow stuck..
Just retried with .22, and the good news is that I was able to set up a tunnel between a Hyper-V as a server and a windows client. The old error on wintun is gone. 
I didn´t have the opportunity to check with two Hyper-Vs yet, and I am also unsure whether I actually want to change the workaround (using an Ubuntu vm on either side as routers) now with the windows version in that early stage, in particular as I also had to trick wireguard to work around the dynamic IP issue most Germans face. With the Ubuntu vms I can ping the server from the client, and if it is unreachable I am pulling down the interface and then up again. This can probably also be done with the application on Windows by activating and deactivating the interface, but I definitely need this to be automated somehow, be it a script or preferably wireguard supporting dynamic ip addresses out of the box.
Thanks, Joachim

-----Ursprüngliche Nachricht-----
Von: Jason A. Donenfeld <Jason@zx2c4.com> 
Gesendet: Sunday, 25 August 2019 17:54
An: Joachim Lindenberg <wireguard@lindenberg.one>; Simon Rozman <simon@rozman.si>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Betreff: Re: Hyper-V 2019: unable to create wintun device: no interfaces found

On Sun, Aug 25, 2019 at 9:34 AM Joachim Lindenberg <wireguard@lindenberg.one> wrote:
>
> Hello,
>
> I am using Wireguard for quite some time on Ubuntu, and am now trying to use it on Hyper-V 2019 as well. My goal is to set up a VPN between two Hyper-V systems and allow connections between the virtual machines hosted (including Samba AD DCs).
>
> I downloaded and installed Wireguard for Windows, and created a tunnel configuration on server and client. However when I try to activate any of these, I get the message “Unable to create Wintun device: no interfaces found” on both sides.
>
> To me it doesn´t look  like an issue with the configuration but more likely WinTun is missing (tried to download separately, but as it is a .msm I assume that is included in wireguard installation) or does not work with Hyper-V 2019.
>
> Any suggestion?
>
> Thanks, Joachim

Interesting. We just reworked the Wintun installation process, to hopefully make it more reliable. Could you try again, and perhaps provide a bit of logging too?

Try running this:

msiexec /log send-to-jason-please.txt /i https://download.wireguard.com/windows-client/wireguard-amd64-0.0.22.msi

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Hyper-V 2019: unable to create wintun device: no interfaces found

[Jason A. Donenfeld]

On Sun, Aug 25, 2019 at 11:23 AM Joachim Lindenberg
<wireguard@lindenberg.one> wrote:
> my experiments were actually roughly three weeks ago with versions .18 and .19, and that mail was somehow stuck..
> Just retried with .22, and the good news is that I was able to set up a tunnel between a Hyper-V as a server and a windows client. The old error on wintun is gone.

Good to hear.

> trick wireguard to work around the dynamic IP issue most Germans face. With the Ubuntu vms I can ping the server from the client, and if it is unreachable I am pulling down the interface and then up again.

Not sure I understand exactly. Is the goal to simply
change/re-randomize your listen-port due to some weird quirks of your
router's NAT table, in which case `wg set wg0 listen-port 0` will
probably work better than down/up? Or is this actually a case where
adding PersistentKeepalive=25 could fix things? Both of these options,
anyhow, are available in the Windows client. wg.exe is installed into
system32 and works as expected.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

AW: Hyper-V 2019: unable to create wintun device: no interfaces found

[news]

Hi Jason,
not the port. My external IP is dynamic. This is really standard for internet services in Germany offered to non-business users, or also business that prefer not the pay extra charges for the assignment of a static ip address. My IP address changes at least once a day (usually between 1 am and 2 am). Usually one uses a dyndns provider, and many routers support updating the ip address automatically. As I am running my external DNS with cloudflar, I am calling their API to update my external address.
Now afaik Wireguard resolves the domain name of the server just once to an IP address and not regularly or whenever the connection breaks down or has been idle for some time.
PersistentKeepAlive cannot address the issue, as the client is also not awake all the time in order to save energy. Looking at wg /? on windows I also don´t see any option that seems applicable..
Thanks, Joachim

-----Ursprüngliche Nachricht-----
Von: Jason A. Donenfeld <Jason@zx2c4.com> 
Gesendet: Sunday, 25 August 2019 20:36
An: Joachim Lindenberg <wireguard@lindenberg.one>
Cc: Simon Rozman <simon@rozman.si>; WireGuard mailing list <wireguard@lists.zx2c4.com>
Betreff: Re: Hyper-V 2019: unable to create wintun device: no interfaces found

On Sun, Aug 25, 2019 at 11:23 AM Joachim Lindenberg <wireguard@lindenberg.one> wrote:
> my experiments were actually roughly three weeks ago with versions .18 and .19, and that mail was somehow stuck..
> Just retried with .22, and the good news is that I was able to set up a tunnel between a Hyper-V as a server and a windows client. The old error on wintun is gone.

Good to hear.

> trick wireguard to work around the dynamic IP issue most Germans face. With the Ubuntu vms I can ping the server from the client, and if it is unreachable I am pulling down the interface and then up again.

Not sure I understand exactly. Is the goal to simply change/re-randomize your listen-port due to some weird quirks of your router's NAT table, in which case `wg set wg0 listen-port 0` will probably work better than down/up? Or is this actually a case where adding PersistentKeepalive=25 could fix things? Both of these options, anyhow, are available in the Windows client. wg.exe is installed into
system32 and works as expected.

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Hyper-V 2019: unable to create wintun device: no interfaces found

[Jason A. Donenfeld]

On Sun, Aug 25, 2019 at 12:52 PM <news@lindenberg.one> wrote:
> not the port. My external IP is dynamic. This is really standard for internet services in Germany offered to non-business users, or also business that prefer not the pay extra charges for the assignment of a static ip address. My IP address changes at least once a day (usually between 1 am and 2 am). Usually one uses a dyndns provider, and many routers support updating the ip address automatically. As I am running my external DNS with cloudflar, I am calling their API to update my external address.
> Now afaik Wireguard resolves the domain name of the server just once to an IP address and not regularly or whenever the connection breaks down or has been idle for some time.
> PersistentKeepAlive cannot address the issue, as the client is also not awake all the time in order to save energy. Looking at wg /? on windows I also don´t see any option that seems applicable..

Ahhh, the DNS re-resolution issue. On linux we have this nice script:

https://git.zx2c4.com/WireGuard/tree/contrib/examples/reresolve-dns

On windows, it should be pretty easy to do as well. You can actually
just use task scheduler to run `wg set wg0 peer ABCD...EF= endpoint
somewhere.on.dyndns:1234` every minute or whatever you feel is best.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

AW: Hyper-V 2019: unable to create wintun device: no interfaces found

[news]

The script is probably more efficient but significantly less consumable to me (I would not be willing to try to translate this to windows) then ping -c1 || pull down and up I read somewhere else. Actually I have some more cases in my script, but cannot include them because the client is sleeping (and the router has an issue with wol right now). I guess my script is less adaptable and supports just one client, but does the trick.
Please, please, please - there must be a better place to do this automatically without extra scripting..
Thanks, Joachim

-----Ursprüngliche Nachricht-----
Von: Jason A. Donenfeld <Jason@zx2c4.com> 
Gesendet: Sunday, 25 August 2019 20:55
An: news@lindenberg.one; Simon Rozman <simon@rozman.si>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Betreff: Re: Hyper-V 2019: unable to create wintun device: no interfaces found

On Sun, Aug 25, 2019 at 12:52 PM <news@lindenberg.one> wrote:
> not the port. My external IP is dynamic. This is really standard for internet services in Germany offered to non-business users, or also business that prefer not the pay extra charges for the assignment of a static ip address. My IP address changes at least once a day (usually between 1 am and 2 am). Usually one uses a dyndns provider, and many routers support updating the ip address automatically. As I am running my external DNS with cloudflar, I am calling their API to update my external address.
> Now afaik Wireguard resolves the domain name of the server just once to an IP address and not regularly or whenever the connection breaks down or has been idle for some time.
> PersistentKeepAlive cannot address the issue, as the client is also not awake all the time in order to save energy. Looking at wg /? on windows I also don´t see any option that seems applicable..

Ahhh, the DNS re-resolution issue. On linux we have this nice script:

https://git.zx2c4.com/WireGuard/tree/contrib/examples/reresolve-dns

On windows, it should be pretty easy to do as well. You can actually just use task scheduler to run `wg set wg0 peer ABCD...EF= endpoint somewhere.on.dyndns:1234` every minute or whatever you feel is best.

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard