Open mbizon opened 2 months ago
schwabe
commented
2 months ago I am not sure that we even have code to configure wintun or ovpn-dco-win for that matter in a p2p way or that it has been tested. Currently as far as I know all interfaces on windows are configured in the "traditional" subnet way with a IP and prefix length and a gatewy. Even on most of the Unixes that support p2p interfaces this typically different ifconfig options/tun create flags to put the interface into that mode.
cron2
commented
2 months ago Hi,
On Thu, Sep 05, 2024 at 03:20:12AM -0700, Maxime Bizon wrote:
This error message is shown on Windows with openvpn 2.6.12 when attempting to use p2p style of addressing (for example: local 192.168.0.1 remote 192.168.254.254):
Windows does not really support p2p, so the code needs to map p2p to "a subnet". This is independent of the driver used.
The .254 is specific to ARP faking in the TAP driver, so "it might not be needed" for dco-win, but maybe it was never conditionalized.
Recommendation: do not use p2p mode (use topology subnet), do not use wintun (use dco-win).
gert
-- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany @.***
mbizon
commented
2 months ago Hello,
Windows does not really support p2p, so the code needs to map p2p to "a subnet". This is independent of the driver used.
I don't know windows networking internals. On Linux "p2p" is a misnomer, when you have a L3 netdevice you just need to add a route to that device, no "gateway" or "remote" address is needed per-se.
I thought the origin limitation on windows for p2p/net30 came solely from using TAP-WIN32 to implement tun and that it would be lifted when using wintun.
lstipakov
commented
2 months ago A while ago we definitely tested dco-win<->dco-win in p2p mode (@schwabe I think you came up with working configs, we needed --up-delay or something?), but I don't remember the config details. I can try to find them, hoping we haven't terminated those AWS instances.
cron2
commented
2 months ago Hi,
On Thu, Sep 05, 2024 at 05:54:09AM -0700, Maxime Bizon wrote:
Windows does not really support p2p, so the code needs to map p2p to "a subnet". This is independent of the driver used.
I don't know windows networking internals. On Linux "p2p" is a misnomer, when you have a L3 netdevice you just need to add a route to that device, no "gateway" or "remote" address is needed per-se.
There are real p2p interfaces (most prominent example: PPP) where you do not configure "ip address + netmask" but "my ip, his ip". Linux and the BSDs can do that on a tun interface (by putting the interface into "p2p" mode, as opposed to "subnet mode"), Windows cannot.
I thought the origin limitation on windows for p2p/net30 came solely from using TAP-WIN32 to implement tun and that it would be lifted when using wintun.
Forget about wintun. That is old stuff. dco-win is the only relevant driver (besides tap6, for L2 vpn stuff).
gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany @.***
cron2
commented
2 months ago Hi,
On Thu, Sep 05, 2024 at 06:17:05AM -0700, Lev Stipakov wrote:
A while ago we definitely tested dco-win<->dco-win in p2p mode @.*** I think you came up with working configs, we needed
--up-delayor something?), but I don't remember the config details. I can try to find them, hoping we haven't terminated those AWS instances.
--topology p2p? Are you sure of that?
(That's a different thing from "two ends in dumb pipe mode", aka, "one --tls-server, one --tls-client, no --server").
gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany @.***
lstipakov
commented
2 months ago That's a different thing from "two ends in dumb pipe mode", aka, "one --tls-server, one --tls-client, no --server"
Yes, most likely this "dumb pipe" mode. The idea was to test dco-win<->dco-win and dco-win<->dco-linux performance. Will check.
schwabe
commented
2 months ago @mbizon it might work with wintun or other interfaces but nobody spent their time figuring out if true p2p could be implemented in windows.
@lstipakov that was openvpn p2p mode instead of p2mp mode instead of interface p2p, different p2p thing.
Hello,
This error message is shown on Windows with openvpn 2.6.12 when attempting to use p2p style of addressing (for example: local 192.168.0.1 remote 192.168.254.254):
The function verify_255_255_255_252() in src/openvpn/tun.c returns this error for WIN32, irrespective of the driver used (wintun or not).
Would that addressing scheme work with the wintun driver ?