wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
* Duplicate IP address, and permissions problems on Windows
@ 2021-04-06 11:29 David Woodhouse
  2021-04-07  0:17 ` Jason A. Donenfeld
  0 siblings, 1 reply; 11+ messages in thread
From: David Woodhouse @ 2021-04-06 11:29 UTC (permalink / raw)
  To: WireGuard mailing list; +Cc: Daniel Lenski

[-- Attachment #1: Type: text/plain, Size: 1685 bytes --]

I'm looking at porting the Windows build of OpenConnect¹ to use Wintun
instead of the OpenVPN TAP-Windows driver.

The Wintun example.c shows how to add a Legacy IP address using
CreateUnicastIpAddressEntry(), and I tried to do it that way.

But it doesn't always work. When I reconnect to the VPN using Wintun
after connecting to the same VPN using TAP-Windows, the Legacy IP
address remains associated with the other adapter despite it being
*down*. Even though CreateUnicastIpAddressEntry() returns success.

I ended up writing something to iterate over the table returned by
GetUnicastIpAddressTable() and *remove* the address from every other
adapter:
https://gitlab.com/openconnect/openconnect/-/commit/60d1f092e35#71552d5f529101dd4a1be98f9ac9afffc3c5c9d1_0_141

Is it expected that this is necessary? Do we have similar problems if
the IP address is set by invoking 'netsh interface ip set address'?


The second issue I have on Windows is permissions. With TAP-Windows the
user had to install the adapter with elevated permissions, but could
run the VPN client in their user account. Using Wintun that doesn't
seem to work, and Administrator privileges are required. What is the
"correct" way of handling that? Are the elevated privileges only needed
to *create* the Wintun adapter, and can it be used without them after
the driver is already loaded?

This doesn't seem to be covered by the documentation or example code.

-- 
dwmw2
¹ OpenConnect is the open source client for the various proprietary SSL
  VPNs — Cisco AnyConnect, Juniper/Pulse Secure, GlobalProtect, F5,
  Fortinet, etc.: https://www.infradead.org/openconnect/





[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5174 bytes --]

^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2021-04-12 17:52 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-06 11:29 Duplicate IP address, and permissions problems on Windows David Woodhouse
2021-04-07  0:17 ` Jason A. Donenfeld
2021-04-07  8:18   ` David Woodhouse
2021-04-07 23:05     ` Daniel Lenski
2021-04-12 17:50       ` Jason A. Donenfeld
2021-04-07 23:00   ` Daniel Lenski
2021-04-08  8:46     ` David Woodhouse
2021-04-08 16:09       ` Daniel Lenski
2021-04-08 16:59     ` David Woodhouse
2021-04-08 17:53       ` Daniel Lenski
2021-04-10  9:25         ` David Woodhouse

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).