<div dir="auto"><div>Download link for wintun.msi is not working.<br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">sub, 23. ožu 2019. 02:05 Jason A. Donenfeld <<a href="mailto:Jason@zx2c4.com">Jason@zx2c4.com</a>> je napisao:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi everybody,<br>
<br>
[Cross-posting to WireGuard, OpenVPN, and Nmap/npcap mailing lists.]<br>
<br>
Simon and I are pleased to announce the start of a new project, made<br>
for WireGuard and for others too: Wintun, a layer 3 TUN driver for<br>
Windows.<br>
<br>
Homepage: <a href="https://www.wintun.net/" rel="noreferrer noreferrer" target="_blank">https://www.wintun.net/</a><br>
<br>
A TUN driver lets userspace programs act as virtual network cards,<br>
reading and writing packets directly into the network stack, as though<br>
they came from a real network adapter. While Linux and the BSDs have<br>
had /dev/tun for ages, Windows typically hasn't had any native<br>
facilities.<br>
<br>
Recently, Microsoft released a VPN UWP API, but it's lacking in<br>
features, documentation is under NDA, and after reversing it for a<br>
bit, it doesn't seem capable of doing many of the more advanced<br>
routing and roaming things we want. Indeed it turns out that having a<br>
real network adapter and some basic file handles is much preferable to<br>
layers of API and abstraction.<br>
<br>
On the flipside, OpenVPN's tap-windows6 project and the numerous<br>
drivers from SoftEther have all provided similar functionality for<br>
many years, and these efforts have produced something moderately<br>
stable. We were, in fact, quite inspired by SoftEther's Neo6 driver.<br>
However, these projects were written in a different age, the era of<br>
NDIS5, and then ported later to NDIS6. This means they haven't<br>
benefited from things like Windows 7's NdisMediumIP, which allows for<br>
native layer 3 tunneling, without having to do layer 2 emulation.<br>
Drivers like OpenVPN's tap-windows6 also do some somewhat nasty<br>
things, like emulate DHCP from inside the kernel for network<br>
configuration. The code is old and complicated. As usual, I wanted<br>
instead something tiny and dumb that we can reason about, which does<br>
things in a "right" and "boring" way for a narrower use case: layer 3<br>
TUN.<br>
<br>
Wintun is our attempt at making a dumb layer 3 pipe, that doesn't do<br>
anything fancy, and just shuffles bundles of packets between userspace<br>
and the kernel driver. It's being used for WireGuard's Windows port.<br>
We'd like to make it available and easy to use for other projects too<br>
that need layer 3 userspace tunneling capabilities, like OpenVPN and<br>
SoftEther. (Also, it may be just a matter of time before somebody<br>
takes the tiny base of it, sticks the crypto in the kernel, and makes<br>
WireGuard super fast on Windows.)<br>
<br>
Have we succeeded in accomplishing our goals? Certainly not yet. At<br>
the present moment [folks reading this in the future: check the date<br>
of this email], I'd except for Wintun to be slower, buggier, and lower<br>
quality than anything else out there. But we thought it'd be a good<br>
idea to release sooner rather than later in order to have some more<br>
eyeballs on it. It's the kind of codebase that _certainly_ needs some<br>
cleanup and a thorough security audit. On the plus side, cloc(1) tells<br>
me that it's only 950 lines. Still, NT programming is hard, and I'm<br>
pretty certain we've made mistakes and left ugly corners. Consider<br>
this email a statement of intent rather than an announcement of a<br>
completed project.<br>
<br>
So, if you're interested in NDIS programming and want to lend a hand,<br>
don't hesitate to get in touch. We're eager for smart NT folks to help<br>
us out.<br>
<br>
Details are over on <a href="https://www.wintun.net/" rel="noreferrer noreferrer" target="_blank">https://www.wintun.net/</a> where you may also find<br>
rabbits bringing windows into tunnels. Enjoy!<br>
<br>
Regards,<br>
Jason<br>
_______________________________________________<br>
WireGuard mailing list<br>
<a href="mailto:WireGuard@lists.zx2c4.com" target="_blank" rel="noreferrer">WireGuard@lists.zx2c4.com</a><br>
<a href="https://lists.zx2c4.com/mailman/listinfo/wireguard" rel="noreferrer noreferrer" target="_blank">https://lists.zx2c4.com/mailman/listinfo/wireguard</a><br>
</blockquote></div></div></div>