openvpn3 supports wintun

OpenVPN / openvpn3

OpenVPN 3 is a C++ class library that implements the functionality of an OpenVPN client, and is protocol-compatible with the OpenVPN 2.x branch.

https://openvpn.net

Other

982 stars 388 forks source link

openvpn3 supports wintun #217

Closed vazyme closed 2 years ago

vazyme commented 2 years ago

HI In openvpn2.x, SYSTEM authority is required to use wintun driver. I found that openvpn3 does not implement OpenVPNServiceInteractive, but why can it support wintun? Thanks in advance

lstipakov commented 2 years ago

You need to use openvpn agent, which is openvpn3 equivalent of OpenVPNServiceInteractive.

To try it out;

Download latest build artifacts, for example https://github.com/OpenVPN/openvpn3/suites/6374869439/artifacts/231032114 and unzip to, say, c:\Temp\openvpn\
create registry key omi_exe_path at HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN with empty value (it just have to be there, currently not used)
run in admin command prompt: c:\Temp\openvpn\openvpn\ovpnagent\win>ovpnagent.exe run
run in (non-admin) command prompt: c:\Temp\openvpn\test\ovpncli>ovpncliagent.exe -w c:\Users\lev\vpns\example.ovpn

lstipakov commented 2 years ago

While openvpn3 agent code does impersonation as SYSTEM, you are supposed to run it as a system service.

vazyme commented 2 years ago

@lstipakov Thanks for the guidance, I found that (example.ovpn) is different from openvpn2.X, but I can't find any example about openvpn3 config file, can you provide me?

vazyme commented 2 years ago

I didn't understand openvpn3 so quickly, but I wanted to test it first.

lstipakov commented 2 years ago

Just feed it openvpn2 config, it will ignore unknown options.

vazyme commented 2 years ago

@lstipakov ok, thank you for running the test program, but when I compare the openvpn2-gui2.5.5 client, I also use wintun and the same server. Why does the performance seem to be different? Test with iperf3: openvpn3 : 340M openvpn2 : 460M

lstipakov commented 2 years ago

I don't know - not enough data to analyze.

vazyme commented 2 years ago

ok,thank you very much

lstipakov commented 2 years ago

@vazyme if you want a better performance, you might want to try out openvpn2.6git with dco driver. You could get an installer from https://github.com/lstipakov/openvpn-build/actions/runs/2414899431. To enable dco driver, use add windows-driver ovpn-dco-win to your .ovpn profile. This feature works on Windows 10 20H1 and newer.

vazyme commented 2 years ago

@lstipakov Thanks, I learned about 2.6git you said, it seems that the encryption is transferred to the kernel, but it has not been released yet, is it stable now? Is there a release plan?

lstipakov commented 2 years ago

It hasn't been extensively tested yet but we are working on it. Tentative schedule is end of summer/beginning of autumn.