Pages

Thursday, 26 November 2020

Wintun Network Adapter

 

TUN Device Driver for Windows

This is a layer 3 TUN driver for Windows 7, 8, 8.1, and 10. Originally created for WireGuard, it is intended to be useful to a wide variety of projects that require layer 3 tunneling devices with implementations primarily in userspace.

Installation

Wintun is deployed as a platform-specific wintun.dll file. Install the wintun.dll file side-by-side with your application. Download the dll from wintun.net, alongside the header file for your application described below.

Usage

Include the wintun.h file in your project simply by copying it there and dynamically load the wintun.dll using LoadLibraryEx() and GetProcAddress() to resolve each function, using the typedefs provided in the header file. The InitializeWintun function in the example.c code provides this in a function that you can simply copy and paste.

With the library setup, Wintun can then be used by first creating an adapter, and then starting a tunnel session on that adapter. Adapters have names (e.g. "OfficeNet"), and each one belongs to a pool (e.g. "WireGuard"). So, for example, the WireGuard application app creates multiple tunnels all inside of its "WireGuard" pool.

from https://github.com/WireGuard/wintun

----

Download

Wintun is distributed as a simple ZIP archive containing signed DLLs for AMD64, X86, ARM64, and ARM32, along with the wintun.h header file for applications. Note that the below signed DLLs are the only supported way of distributing Wintun.

from https://www.wintun.net/
----

Wintun 0.9 Released with Major Usability Improvements

Hi folks,

Simon and I are very excited to announce the release of Wintun 0.9, the
release in which Wintun finally becomes easy and enjoyable to use by
developers. I consider this the most significant release of Wintun yet.

Webpage: https://www.wintun.net/

For background: Wintun is a driver for the Windows kernel that enables
userspace programs to create network tunnels. It's a "/dev/net/tun" of the
Windows world. We use this for WireGuard. We had investigated OpenVPN's "tap6"
driver but found it to be a crumbling mess with dubious security, and instead
endeavored to write a lightweight minimal replacement that obtains extremely
high speeds using a ring buffer, similar to Linux's io_uring.

Big Change 1: API Library and Easy Distribution,
We used to rely on an obscure Microsoft technology for distributing Wintun,
called MSI Merge Modules (MSM), in which application writers would bundle the
signed MSM we provided as part of their MSI installer. This was great in that
it encapsulated a lot of logic and hid it from developers, but relying on MSM
was a hassle and precluded the use of Wintun in many non-MSI apps.

The MSM also would simply make sure the driver was installed, but wouldn't
provide anything else. It was up to developers to then navigate arcane Windows
driver instantiation APIs, which are some of the oldest and most obscure to
use. Then, once installed, developers had to manage a ring and various IOCTLs
themselves. It all worked -- WireGuard and OpenVPN (after receiving our
assistance) successfully deployed it -- but it was cumbersome enough that
nobody else was going to use this.

With Wintun 0.9, we're changing what we distribute and also providing an easy
to use API. Rather than shipping MSMs to developers, we now ship a single
basic boring wintun.dll. This dll hides all of the driver installation and
adapter instantiation logic, and provides a nice interface for managing
adapters and shuffling data in and out of the ring buffer. So, application
developers can now just grab that dll, plop it into their application like
they would any other dll, and use Wintun without even noticing that it's
inserting a kernel driver when necessary

Big Change 2: Support for WOW64 and ARM,
Windows does not support setupapi.dll and related driver functions on 32-bit processes running on 64-bit operating systems. This meant that it was impossible for WOW64 processes to use Wintun. Wintun also formerly required 64bit addresses, which made the kernel ABI clumsy for WOW64 processes. With Wintun 0.9, we now bundle a 64-bit version of Wintun inside 32-bit versions of the wintun.dll, and we marshal calls back and forth to an on-demand proxy process running on the native architecture. Not only do we have this for basic WOW64, but we also have this working for Windows' ARM64 emulation of x86 binaries. So you can now run an x86 program on ARM64 and wintun.dll will figure out what to do. This has big effects for us. Since Go still has not been ported to ARM64, we use an ARM build and rely on this new feature of Wintun. This means we should have a WireGuard for ARM64 Windows release in the coming week or two. Big Change 3: Administrator User Permissions, Wintun requires the Local System user. But if you're running as Administrator, the wintun.dll library will attempt to do its operations as Local System, automatically. This effectively means that normal apps can bundle Wintun now, rather than just services. Please let us know if you have any questions or feedback. We're certainly interested in developer reports on what integrating this is like. - The API reference is available online: https://git.zx2c4.com/wintun/about/ - And there's some simple example code too: https://git.zx2c4.com/wintun/tree/example/example.c - A signed wintun.dll for amd64, arm64, x86, and arm is on the webpage: https://www.wintun.net/ - And of course, it's open source: git clone https://git.zx2c4.com/wintun Regards, Jason
from https://lists.zx2c4.com/pipermail/wireguard/2020-November/005921.html

No comments:

Post a Comment