[Openvpn-devel] Re: [Openvpn-users] OpenVPN ported to Windows

[James Yonan]

Yes, currently the CIPE TAP driver has the capability to run on NT 4, 2K, and
XP, but this first beta release of OpenVPN has only been tested on XP so far,
because that's the only windows development machine I have access to right
now.  OpenVPN uses a slightly forked version of the CIPE TAP, but I'm in
contact with Damion K. Wilson who is the author and maintainer of CIPE on
Windows and he has expressed interest in decoupling and modularizing the TAP
driver so that it can be used by other projects.

It would help if others came forward who have an interest in testing and
maintaining OpenVPN on W2K and NT4 -- the binaries really need to be compiled
on the version of windows that they are going to be run on, and compiling
everything from source is not really an option for the end-user as it is a
relatively complex undertaking compared with the ease of ./configure, apt-get,
and emerge that we have come to expect on other OSes.

While I expect that building OpenVPN for 2K and NT4 will be a relatively
straightforward undertaking, the two areas where compatibility breaks down
between the NT 4 series and the 2K/XP series are the .inf file (that's a file
that tells Windows how to install a particular device driver and how it binds
with other device drivers in the system), and the registry layout of network
device driver info.  OpenVPN needs to do some registry lookups in order to
translate the TAP adapter name given in --dev-node into a real filename which
can be passed to the Win32 open file function.

I would agree with Bishop that as far as running on the 9x/Me series is
concerned, I think it's unlikely given the much more limited networking driver
model that is available on that series.

James

bishop  said:

> My read of it suggested that, yeah, it only does NT or above, due to the 
> better net stack in the NT family tree.
> 
> Felipe Sanchez wrote:
> > 
> > 
> > This has to be one of the greatest news I've had this week   :-)  Count me
> > in as a heavy beta-tester!
> > 
> > 
> > I have one question: If I recall correctly the cipe TAP driver works only
> > on NT-class Windows operating systems (NT 4, 2K, XP) and not on 9x-class
> > ones (9x/Me).  Is this still the case?
> > 
> > 
> > 
> > ---
> > This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> > Data Reports, E-commerce, Portals, and Forums are available now.
> > Download today and enter to win an XBOX or Visual Studio .NET.
> > http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
> > ___
> > Openvpn-users mailing list
> > openvpn-us...@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 
> -- 
>   I tried joining the BATF, but it seems they're actually
>   AGAINST all three.  Some club they are!
> 



-- 

[Openvpn-devel] Re: [Openvpn-users] OpenVPN ported to Windows

[bishop]

My read of it suggested that, yeah, it only does NT or above, due to the 
better net stack in the NT family tree.


Felipe Sanchez wrote:



This has to be one of the greatest news I've had this week   :-)  Count me
in as a heavy beta-tester!


I have one question: If I recall correctly the cipe TAP driver works only
on NT-class Windows operating systems (NT 4, 2K, XP) and not on 9x-class
ones (9x/Me).  Is this still the case?



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Openvpn-users mailing list
openvpn-us...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users


--
I tried joining the BATF, but it seems they're actually
AGAINST all three.  Some club they are!

Re: [Openvpn-devel] OpenVPN ported to Windows

[Felipe Sanchez]

This has to be one of the greatest news I've had this week   :-)  Count me
in as a heavy beta-tester!


I have one question: If I recall correctly the cipe TAP driver works only
on NT-class Windows operating systems (NT 4, 2K, XP) and not on 9x-class
ones (9x/Me).  Is this still the case?

[Openvpn-devel] OpenVPN ported to Windows

[James Yonan]

Well some good news on the development front...

(1) OpenVPN has finally been ported to Windows.
(2) TCP protocol support has been added.

The Windows port was made possible by a number of emerging developments, most
importantly the stabilizing of the TAP driver component of the Cipe-Win32
project, thanks to the work of Damion K. Wilson and the other Cipe-Win32
developers.

My work on this effort involved decoupling the nascent Win32 TAP virtual
device driver from the Cipe-Win32 project, and making OpenVPN comfortable with
the Win32 API and the MinGW development environment.  This is a native port,
and does not require the presence of a Posix compatibility layer such as
Cygwin.  Performance appears to be comparable with Linux running on similar
hardware.

Some Notes:

* The port has been developed and tested on XP only at this point.

* With a few exceptions, most of the core functionality available under Posix
implementations of OpenVPN also works under Windows, including SSL/TLS, LZO
compression, the ability to call scripts (i.e. --up & --tls-auth), and support
for UDP or TCP tunnels.  Features that are missing from the current Windows
beta include --daemon, --shaper, pthread support, TUN devices, and options
such as --mlock or --user which don't have Posix-equivalent Win32 system
calls.  Another limitation is that installation must be done manually, i.e.
there is no Windows installer support yet.

* The --ifconfig option is not implemented on Windows OpenVPN, due to the lack
of an ifconfig executable to call.  Basically what happens when you install
the TAP-Win32 driver is that you get a new TAP network adapter that shows up
in your network control panel.  You right click on the TAP adapter and set the
TCP/IP properties, i.e. IP address and netmask.  Then you rename the TAP
adapter icon to something like "my-tap" and reference it using the --dev-node
option in OpenVPN.  So essentially the function of --ifconfig is accomplished
manually using the GUI and the network control panel.

* While OpenVPN on Windows supports multiple TAP adapters, I have not yet
found an easy way to create and delete TAP adapters using the Network Control
Panel.  Damion tells me that this can be done in the .inf file that is used to
install the driver, but I am still a beginner at understanding .inf files.

* The TAP-Win32 device driver is fairly stable at this point and did not crash
my system despite repeated editing, compiling, installing, and reinstalling
the driver.

* The other new feature is TCP support, for situations where using UDP is not
possible.  TCP support is enabled through the the new --proto option.  You can
select the protocol with --proto p, where p = udp | tcp-server | tcp-client. 
TCP support also works on Windows.  Since TCP is connection oriented, OpenVPN
needs to handle Connection Reset events.  Basically, on connection reset, a
TCP client or server will simulate a SIGUSR1 signal.  The server will go back
into a mode where it listens for a new connection, and the TCP client will
simulate a SIGUSR1 signal which will normally cause it to try to reestablish
the connection with the server.

Known Issues in the beta:

* TCP mode combined with --daemon doesn't work correctly yet -- this will be
fixed before 1.5 final.

* For some reason if a Solaris TCP client is connected to a TCP server, and
that TCP server resets the connection, the Solaris client will try to
reconnect, and will apparently succeeed, but then after reading a handful of
bytes from the remote, the client suddenly thinks that the connection was
reset again, and it will restart.  This client restart will also cause the
server to restart, and the whole process repeats again.  I have tested this
same scenario using both Windows and Linux TCP clients, but only Solaris TCP
clients show this problem.  The Solaris system I am using is:

SunOS [name] 5.9 Generic_112233-06 sun4u sparc SUNW,Ultra-1

Downloads
-

The beta version of the Windows distribution can be downloaded from here (with
source + pre-compiled binaries):

http://openvpn.sourceforge.net/beta/openvpn-1.4.99.3.zip

See the file INSTALL.w32 for Windows installation instructions.

The usual Posix distribution beta is here:

http://openvpn.sourceforge.net/beta/openvpn-1.4.99.3.tar.gz

The version numbering scheme is an attempt to denote a pre-1.5 beta in a way
that works with RPM spec files. 

The only differences between the distributions are compressed file formats
(.tar.gz for posix, .zip for windows) and the presence of a win32-binaries
directory on the .zip distribution which contains a pre-built openvpn exe,
OpenSSL DLLs, and the TAP-Win32 device driver.

James

[Openvpn-devel] OpenVPN 1.4.2 Released

[James Yonan]

1.4.2 has been released.  Details here:

http://openvpn.sourceforge.net/relnotes.html

James