WireGuard Archive on lore.kernel.org
 help / color / Atom feed
From: Alen Opacic <subixonfire@gmail.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: dev@nmap.org, openvpn-devel@lists.sourceforge.net,
	wireguard@lists.zx2c4.com
Subject: Re: [ANNOUNCE] Wintun: Layer 3 TUN Driver for Windows
Date: Sat, 23 Mar 2019 22:10:31 +0100
Message-ID: <CAByA2P1GjEb00TjNSmLfUL-A1xRFuhKBsZjxNd9aTqeDoQqWzw@mail.gmail.com> (raw)
In-Reply-To: <CAHmME9r1VmJLSqrb8vQN3HOqeVX2QLs1-9wPYQL-UwNU6EJNLA@mail.gmail.com>

[-- Attachment #1.1: Type: text/plain, Size: 3774 bytes --]

Download link for wintun.msi is not working.

sub, 23. ožu 2019. 02:05 Jason A. Donenfeld <Jason@zx2c4.com> je napisao:

> Hi everybody,
>
> [Cross-posting to WireGuard, OpenVPN, and Nmap/npcap mailing lists.]
>
> Simon and I are pleased to announce the start of a new project, made
> for WireGuard and for others too: Wintun, a layer 3 TUN driver for
> Windows.
>
> Homepage: https://www.wintun.net/
>
> A TUN driver lets userspace programs act as virtual network cards,
> reading and writing packets directly into the network stack, as though
> they came from a real network adapter. While Linux and the BSDs have
> had /dev/tun for ages, Windows typically hasn't had any native
> facilities.
>
> Recently, Microsoft released a VPN UWP API, but it's lacking in
> features, documentation is under NDA, and after reversing it for a
> bit, it doesn't seem capable of doing many of the more advanced
> routing and roaming things we want. Indeed it turns out that having a
> real network adapter and some basic file handles is much preferable to
> layers of API and abstraction.
>
> On the flipside, OpenVPN's tap-windows6 project and the numerous
> drivers from SoftEther have all provided similar functionality for
> many years, and these efforts have produced something moderately
> stable. We were, in fact, quite inspired by SoftEther's Neo6 driver.
> However, these projects were written in a different age, the era of
> NDIS5, and then ported later to NDIS6. This means they haven't
> benefited from things like Windows 7's NdisMediumIP, which allows for
> native layer 3 tunneling, without having to do layer 2 emulation.
> Drivers like OpenVPN's tap-windows6 also do some somewhat nasty
> things, like emulate DHCP from inside the kernel for network
> configuration. The code is old and complicated. As usual, I wanted
> instead something tiny and dumb that we can reason about, which does
> things in a "right" and "boring" way for a narrower use case: layer 3
> TUN.
>
> Wintun is our attempt at making a dumb layer 3 pipe, that doesn't do
> anything fancy, and just shuffles bundles of packets between userspace
> and the kernel driver. It's being used for WireGuard's Windows port.
> We'd like to make it available and easy to use for other projects too
> that need layer 3 userspace tunneling capabilities, like OpenVPN and
> SoftEther. (Also, it may be just a matter of time before somebody
> takes the tiny base of it, sticks the crypto in the kernel, and makes
> WireGuard super fast on Windows.)
>
> Have we succeeded in accomplishing our goals? Certainly not yet. At
> the present moment [folks reading this in the future: check the date
> of this email], I'd except for Wintun to be slower, buggier, and lower
> quality than anything else out there. But we thought it'd be a good
> idea to release sooner rather than later in order to have some more
> eyeballs on it. It's the kind of codebase that _certainly_ needs some
> cleanup and a thorough security audit. On the plus side, cloc(1) tells
> me that it's only 950 lines. Still, NT programming is hard, and I'm
> pretty certain we've made mistakes and left ugly corners. Consider
> this email a statement of intent rather than an announcement of a
> completed project.
>
> So, if you're interested in NDIS programming and want to lend a hand,
> don't hesitate to get in touch. We're eager for smart NT folks to help
> us out.
>
> Details are over on https://www.wintun.net/ where you may also find
> rabbits bringing windows into tunnels. Enjoy!
>
> Regards,
> Jason
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>

[-- Attachment #1.2: Type: text/html, Size: 4651 bytes --]

<div dir="auto"><div>Download link for wintun.msi is not working.<br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">sub, 23. ožu 2019. 02:05 Jason A. Donenfeld &lt;<a href="mailto:Jason@zx2c4.com">Jason@zx2c4.com</a>&gt; je napisao:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi everybody,<br>
<br>
[Cross-posting to WireGuard, OpenVPN, and Nmap/npcap mailing lists.]<br>
<br>
Simon and I are pleased to announce the start of a new project, made<br>
for WireGuard and for others too: Wintun, a layer 3 TUN driver for<br>
Windows.<br>
<br>
Homepage: <a href="https://www.wintun.net/" rel="noreferrer noreferrer" target="_blank">https://www.wintun.net/</a><br>
<br>
A TUN driver lets userspace programs act as virtual network cards,<br>
reading and writing packets directly into the network stack, as though<br>
they came from a real network adapter. While Linux and the BSDs have<br>
had /dev/tun for ages, Windows typically hasn&#39;t had any native<br>
facilities.<br>
<br>
Recently, Microsoft released a VPN UWP API, but it&#39;s lacking in<br>
features, documentation is under NDA, and after reversing it for a<br>
bit, it doesn&#39;t seem capable of doing many of the more advanced<br>
routing and roaming things we want. Indeed it turns out that having a<br>
real network adapter and some basic file handles is much preferable to<br>
layers of API and abstraction.<br>
<br>
On the flipside, OpenVPN&#39;s tap-windows6 project and the numerous<br>
drivers from SoftEther have all provided similar functionality for<br>
many years, and these efforts have produced something moderately<br>
stable. We were, in fact, quite inspired by SoftEther&#39;s Neo6 driver.<br>
However, these projects were written in a different age, the era of<br>
NDIS5, and then ported later to NDIS6. This means they haven&#39;t<br>
benefited from things like Windows 7&#39;s NdisMediumIP, which allows for<br>
native layer 3 tunneling, without having to do layer 2 emulation.<br>
Drivers like OpenVPN&#39;s tap-windows6 also do some somewhat nasty<br>
things, like emulate DHCP from inside the kernel for network<br>
configuration. The code is old and complicated. As usual, I wanted<br>
instead something tiny and dumb that we can reason about, which does<br>
things in a &quot;right&quot; and &quot;boring&quot; way for a narrower use case: layer 3<br>
TUN.<br>
<br>
Wintun is our attempt at making a dumb layer 3 pipe, that doesn&#39;t do<br>
anything fancy, and just shuffles bundles of packets between userspace<br>
and the kernel driver. It&#39;s being used for WireGuard&#39;s Windows port.<br>
We&#39;d like to make it available and easy to use for other projects too<br>
that need layer 3 userspace tunneling capabilities, like OpenVPN and<br>
SoftEther. (Also, it may be just a matter of time before somebody<br>
takes the tiny base of it, sticks the crypto in the kernel, and makes<br>
WireGuard super fast on Windows.)<br>
<br>
Have we succeeded in accomplishing our goals? Certainly not yet. At<br>
the present moment [folks reading this in the future: check the date<br>
of this email], I&#39;d except for Wintun to be slower, buggier, and lower<br>
quality than anything else out there. But we thought it&#39;d be a good<br>
idea to release sooner rather than later in order to have some more<br>
eyeballs on it. It&#39;s the kind of codebase that _certainly_ needs some<br>
cleanup and a thorough security audit. On the plus side, cloc(1) tells<br>
me that it&#39;s only 950 lines. Still, NT programming is hard, and I&#39;m<br>
pretty certain we&#39;ve made mistakes and left ugly corners. Consider<br>
this email a statement of intent rather than an announcement of a<br>
completed project.<br>
<br>
So, if you&#39;re interested in NDIS programming and want to lend a hand,<br>
don&#39;t hesitate to get in touch. We&#39;re eager for smart NT folks to help<br>
us out.<br>
<br>
Details are over on <a href="https://www.wintun.net/" rel="noreferrer noreferrer" target="_blank">https://www.wintun.net/</a> where you may also find<br>
rabbits bringing windows into tunnels. Enjoy!<br>
<br>
Regards,<br>
Jason<br>
_______________________________________________<br>
WireGuard mailing list<br>
<a href="mailto:WireGuard@lists.zx2c4.com" target="_blank" rel="noreferrer">WireGuard@lists.zx2c4.com</a><br>
<a href="https://lists.zx2c4.com/mailman/listinfo/wireguard" rel="noreferrer noreferrer" target="_blank">https://lists.zx2c4.com/mailman/listinfo/wireguard</a><br>
</blockquote></div></div></div>

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

  reply index

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-23  1:04 Jason A. Donenfeld
2019-03-23 21:10 ` Alen Opacic [this message]
2019-03-25 10:23 ` [Openvpn-devel] " Arne Schwabe
2019-03-25 10:37   ` Jason A. Donenfeld

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAByA2P1GjEb00TjNSmLfUL-A1xRFuhKBsZjxNd9aTqeDoQqWzw@mail.gmail.com \
    --to=subixonfire@gmail.com \
    --cc=Jason@zx2c4.com \
    --cc=dev@nmap.org \
    --cc=openvpn-devel@lists.sourceforge.net \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox