Tunsafe Windows client for wireguard (not opensource yet they say

Steffan Karger steffan at karger.me
Tue Mar 6 13:32:39 CET 2018

Hi Ludvig,

On 6 March 2018 at 02:44, Ludvig Strigeus <strigeus at gmail.com> wrote:
> Jason A. Donenfeld wrote:
>> This isn't the source code of tunsafe. This is the source code of the >
>> OpenVPN Windows tuntap kernel driver, which has been hacked up in > various
>> ways for tunsafe. That's a super scary driver, by the way.
> Incorrect. The driver files are not modified at all. They still
> carry OpenVPN's codesigning signature. You can see this on the
> driver install prompt:
> https://tunsafe.com/img/quickstart-driver-confirm.png
> I agree that the driver is scary, I think I even found some
> potential OOB memory accesses in it from a quick glance. However,
> this is the best driver the community has at this point in time,
> and even your own userspace implementations of WG use it. I'd
> be happy to improve it but then I need an expensive driver
> codesigning certificate in order to load it into the kernel.

Please report any issues you find in the tap-windows driver to
security at openvpn.net, so those can be fixed and many more people can
profit from your work.

In the same train of thought: you don't need a code signing
certificate to improve the driver, you are more than welcome to work
with the openvpn community to improve it (I expect, I don't actually
work on tap-windows myself). Just send your patches to
openvpn-devel at lists.sourceforge.net, or discuss your plans beforehand
on the list if you want confirmation that your plans are okay with the
community.  Then wait for the next OpenVPN release to get your signed
binary :)


More information about the WireGuard mailing list