-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
topology p2p on Windows client with wintun driver #599
Comments
I am not sure that we even have code to configure wintun or ovpn-dco-win for that matter in a p2p way or that it has been tested. Currently as far as I know all interfaces on windows are configured in the "traditional" subnet way with a IP and prefix length and a gatewy. Even on most of the Unixes that support p2p interfaces this typically different ifconfig options/tun create flags to put the interface into that mode. |
Hi,
On Thu, Sep 05, 2024 at 03:20:12AM -0700, Maxime Bizon wrote:
This error message is shown on Windows with openvpn 2.6.12 when attempting to use p2p style of addressing (for example: local 192.168.0.1 remote 192.168.254.254):
Windows does not really support p2p, so the code needs to map p2p to
"a subnet". This is independent of the driver used.
The .254 is specific to ARP faking in the TAP driver, so "it might not
be needed" for dco-win, but maybe it was never conditionalized.
Recommendation: do not use p2p mode (use topology subnet), do not use
wintun (use dco-win).
gert
…--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany ***@***.***
|
Hello,
I don't know windows networking internals. On Linux "p2p" is a misnomer, when you have a L3 netdevice you just need to add a route to that device, no "gateway" or "remote" address is needed per-se. I thought the origin limitation on windows for p2p/net30 came solely from using TAP-WIN32 to implement tun and that it would be lifted when using wintun. |
A while ago we definitely tested dco-win<->dco-win in p2p mode (@schwabe I think you came up with working configs, we needed |
Hi,
On Thu, Sep 05, 2024 at 05:54:09AM -0700, Maxime Bizon wrote:
> Windows does not really support p2p, so the code needs to map p2p to "a subnet". This is independent of the driver used.
I don't know windows networking internals. On Linux "p2p" is a misnomer, when you have a L3 netdevice you just need to add a route to that device, no "gateway" or "remote" address is needed per-se.
There are real p2p interfaces (most prominent example: PPP) where you
do not configure "ip address + netmask" but "my ip, his ip". Linux
and the BSDs can do that on a tun interface (by putting the interface
into "p2p" mode, as opposed to "subnet mode"), Windows cannot.
I thought the origin limitation on windows for p2p/net30 came solely from using TAP-WIN32 to implement tun and that it would be lifted when using wintun.
Forget about wintun. That is old stuff. dco-win is the only relevant
driver (besides tap6, for L2 vpn stuff).
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany ***@***.***
|
Hi,
…On Thu, Sep 05, 2024 at 06:17:05AM -0700, Lev Stipakov wrote:
A while ago we definitely tested dco-win<->dco-win in p2p mode ***@***.*** I think you came up with working configs, we needed `--up-delay` or something?), but I don't remember the config details. I can try to find them, hoping we haven't terminated those AWS instances.
--topology p2p? Are you sure of that?
(That's a different thing from "two ends in dumb pipe mode", aka,
"one --tls-server, one --tls-client, no --server").
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany ***@***.***
|
Yes, most likely this "dumb pipe" mode. The idea was to test dco-win<->dco-win and dco-win<->dco-linux performance. Will check. |
@mbizon it might work with wintun or other interfaces but nobody spent their time figuring out if true p2p could be implemented in windows. @lstipakov that was openvpn p2p mode instead of p2mp mode instead of interface p2p, different p2p thing. |
Hello,
This error message is shown on Windows with openvpn 2.6.12 when attempting to use p2p style of addressing (for example: local 192.168.0.1 remote 192.168.254.254):
The function verify_255_255_255_252() in src/openvpn/tun.c returns this error for WIN32, irrespective of the driver used (wintun or not).
Would that addressing scheme work with the wintun driver ?
The text was updated successfully, but these errors were encountered: