Developing a tun/tap driver for Windows|
"James Yonan" <jim,AT,ntlp,DOT,com>|
Fri, 5 Jul 2002 20:32:39 +0200|
Dear Cipe developers,
I'm the principle developer on the OpenVPN project (
http://openvpn.sourceforge.net/ ), a GPL cross-platform VPN daemon project.
So far OpenVPN supports Linux, Solaris, Mac OS X, FreeBSD, and OpenBSD. The
only reason why Windows isn't on that list is that we are missing a key
kernel component: one of the ubiquitous "tun" or "tap" drivers that seem to
exist for every OS except Windows. If you're not familiar with these
drivers, a tun driver is basically a virtual point-to-point IP device and a
tap driver is virtual ethernet device. For example a tap driver looks like
an ethernet device to the OS but it can be opened by user-space programs
which can then read or write raw ethernet frames from or to the device. tun
and tap drivers are the basis for several open source, user-space tunneling
and VPN daemons including OpenVPN, VTun, and tinc.
I'm writing to this list to inquire if any developers would be interested in
collaborating to develop an tun or tap driver for Windows. It would
probably be quite similar to the cipe-win32 driver, only perhaps simpler
because it doesn't need to know anything about crypto. It only needs to
move IP packets or ethernet frames to and from user-space.
If we had a win32 tun or tap driver it would truly open up the potential for
portable VPNs that span much of the known computing universe. If you take
Linux, Solaris, Mac OS X, FreeBSD, OpenBSD, and then add Windows that's a
huge slice of the OS pie. And by porting this driver to windows, you would
open up windows to the whole family of open source, posix, user-space,
tun-tap-based VPNs such as OpenVPN, VTun, and tinc.
And one cool thing about OpenVPN is that it already compiles and runs (in
loopback mode) on Windows using the cygwin libraries. It just needs a real
tun or tap device to open and start tunnel operations.
Some details about OpenVPN:
* user space daemon, relies on tun or tap driver for kernel support
* cross platform
* uses a custom protocol
* tunnels over UDP
* tightly linked with the OpenSSL library
* can use any cipher or MAC supported by OpenSSL
* can use public-key based SSL/TLS for authentication or pre-shared static
* extensive support for dynamic addresses or NAT
* very stable and robust on noisy or congested networks
* tunnels IP as well as any protocol which can be represented
as an ethernet frame.
So let me know if you are interested.