search

OpenVPN / ovpn-dco-win

OpenVPN Data Channel Offload driver for Windows
MIT License
47 stars 23 forks source link

[Question] Could you please suggest the best tool to install OpenVPN DCO? #67

Closed oblomingo closed 7 months ago

oblomingo commented 7 months ago

Hey, you have provided a command line to install dco drivers: devcon install ovpn-dco.inf ovpn-dco However, Microsoft documentation suggests replace devcon with pnputils: https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/devcon-migration At the same time openvpn comunity download pack contains tapctl.exe to create a network interface with custom name (what an advantage for me): tapctl.exe create --hwid ovpn-dco --name "custom name" What tool/utility for dco driver installation/uninstalation would be the best from a reliability perspective? Could you provide a full devcon replacement command line for pnputil? It seems pnputil cmd would be:

devgen /add /bus ROOT (it is not clear what ROOT value should I use or I should leave ROOT as is?)
pnputil /add-driver <INF name> /install

Could you provide a full devcon replacement command line for tapctl?

(here I should somehow install a dco driver)
tapctl.exe create --hwid ovpn-dco --name "custom name"
lstipakov commented 7 months ago

In order to use DCO driver, one needs to

To create the adapter, one could use tapctl tool. In fact, both OpenVPN clients (closed-source OpenVPN Connect and opensource OpenVPN GUI) uses the code behind this tool to create an adapter during installation. OpenVPN GUI also ships this tool to give user ability to add/remove adapters "by hands".

The easiest (and recommended) way to install the driver would be to use MSI merge modules, which are part of driver release. With those the installation part is somewhat trivial - there is even sample installer in the driver's repo. Using MSM takes care of reference counting - for example if you have both OpenVPN GUI and OpenVPN Connect installed, you obviously don't want to have two instances of the driver installed. And when you remove one app you don't want the driver to be removed, since it is still used by another app.

If you are not using MSI, you could use devcon - this is what I do myself during driver development. You could probably do it with pnputil but I haven't looked into that path since we don't have a need for it. You could also check the source of driver's merge module and maybe implement something similar. But I would suggest to stick to using existing merge modules, if possible.

oblomingo commented 7 months ago

Thanks for the detailed reply! I've tries your suggested approach: added ovpn-dco-amd64.msm merge module to an installer and added a custom action that would create a network interface with custom name: tapctl.exe create --hwid ovpn-dco --name "Custom Name" I have tested the installer in windows sandbox and seems the installer managed to install a driver, but it can't add a network interface. C:\Windows\INF\setupapi.dev.log content:

...
>>>  [SetupCopyOEMInf - C:\Program Files (x86)\Common Files\ovpn-dco\Win11\ovpn-dco.inf]
>>>  Section start 2024/04/24 09:43:37.503
      cmd: C:\Windows\syswow64\MsiExec.exe -Embedding D4A3FABA356C57FB665043AE58317487 E Global\MSI0000
     inf: Copy style: 0x00000000
     sto: {Setup Import Driver Package: C:\Program Files (x86)\Common Files\ovpn-dco\Win11\ovpn-dco.inf} 09:43:37.519
     inf:      Provider: OpenVPN, Inc
     inf:      Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
     inf:      Driver Version: 04/12/2024,1.1.1.0
     inf:      Catalog File: ovpn-dco.cat
     ump:      Import flags: 0x00000001
     pol:      {Driver package policy check} 09:43:37.612
     pol:      {Driver package policy check - exit(0x00000000)} 09:43:37.612
     sto:      {Stage Driver Package: C:\Program Files (x86)\Common Files\ovpn-dco\Win11\ovpn-dco.inf} 09:43:37.612
     inf:           Provider       = OpenVPN, Inc
     inf:           Class GUID     = {4d36e972-e325-11ce-bfc1-08002be10318}
     inf:           Driver Version = 04/12/2024,1.1.1.0
     inf:           Catalog File   = ovpn-dco.cat
     inf:           Version Flags  = 0x00000001
     inf:           {Query Configurability: C:\Program Files (x86)\Common Files\ovpn-dco\Win11\ovpn-dco.inf} 09:43:37.612
     inf:                Driver package is fully isolated.
     inf:                Driver package 'ovpn-dco.inf' is configurable.
     inf:           {Query Configurability: exit(0x00000000)} 09:43:37.612
     flq:           {FILE_QUEUE_COMMIT} 09:43:37.628
     flq:                Copying 'C:\Program Files (x86)\Common Files\ovpn-dco\Win11\ovpn-dco.cat' to 'C:\Windows\System32\DriverStore\Temp\{02a9ae42-1130-4448-8649-89b4c3f31123}\ovpn-dco.cat'.
     flq:                Copying 'C:\Program Files (x86)\Common Files\ovpn-dco\Win11\ovpn-dco.inf' to 'C:\Windows\System32\DriverStore\Temp\{02a9ae42-1130-4448-8649-89b4c3f31123}\ovpn-dco.inf'.
     flq:           {FILE_QUEUE_COMMIT - exit(0x00000000)} 09:43:37.644
     sto:           {DRIVERSTORE IMPORT VALIDATE} 09:43:37.644
     sig:                Driver package catalog is valid.
     sig:                {_VERIFY_FILE_SIGNATURE} 09:43:37.659
     sig:                     Key      = ovpn-dco.inf
     sig:                     FilePath = C:\Windows\System32\DriverStore\Temp\{02a9ae42-1130-4448-8649-89b4c3f31123}\ovpn-dco.inf
     sig:                     Catalog  = C:\Windows\System32\DriverStore\Temp\{02a9ae42-1130-4448-8649-89b4c3f31123}\ovpn-dco.cat
     sig:                     Success: File is signed in catalog.
     sig:                {_VERIFY_FILE_SIGNATURE exit(0x00000000)} 09:43:37.659
     sto:           {DRIVERSTORE IMPORT VALIDATE: exit(0x00000000)} 09:43:37.659
     sig:           Signer Score  = 0x0D000005 (WHQL)
     sig:           Signer Name   = Microsoft Windows Hardware Compatibility Publisher
     sig:           Submission ID = 53719220_14610534059211490_1152921505697627885
     sto:           {Core Driver Package Import: ovpn-dco.inf_amd64_c2469f44c05ed054} 09:43:37.659
     sto:                {DRIVERSTORE IMPORT BEGIN} 09:43:37.659
     sto:                {DRIVERSTORE IMPORT BEGIN: exit(0x00000000)} 09:43:37.659
     cpy:                {Copy Directory: C:\Windows\System32\DriverStore\Temp\{02a9ae42-1130-4448-8649-89b4c3f31123}} 09:43:37.659
     cpy:                     Target Path = C:\Windows\System32\DriverStore\FileRepository\ovpn-dco.inf_amd64_c2469f44c05ed054
     cpy:                {Copy Directory: exit(0x00000000)} 09:43:37.659
     idb:                {Register Driver Package: C:\Windows\System32\DriverStore\FileRepository\ovpn-dco.inf_amd64_c2469f44c05ed054\ovpn-dco.inf} 09:43:37.675
     idb:                     Created driver package object 'ovpn-dco.inf_amd64_c2469f44c05ed054' in SYSTEM database node.
     idb:                     Created driver INF file object 'oem0.inf' in SYSTEM database node.
     idb:                     Registered driver package 'ovpn-dco.inf_amd64_c2469f44c05ed054' with 'oem0.inf'.
     idb:                {Register Driver Package: exit(0x00000000)} 09:43:37.675
     idb:                {Publish Driver Package: C:\Windows\System32\DriverStore\FileRepository\ovpn-dco.inf_amd64_c2469f44c05ed054\ovpn-dco.inf} 09:43:37.675
     idb:                     Activating driver package 'ovpn-dco.inf_amd64_c2469f44c05ed054'.
     cpy:                     Published 'ovpn-dco.inf_amd64_c2469f44c05ed054\ovpn-dco.inf' to 'oem0.inf'.
     idb:                     Indexed 1 device ID for 'ovpn-dco.inf_amd64_c2469f44c05ed054'.
     sto:                     Flushed driver database node 'SYSTEM'. Time = 16 ms
     idb:                {Publish Driver Package: exit(0x00000000)} 09:43:37.690
     sto:                {DRIVERSTORE IMPORT END} 09:43:37.690
     dvi:                     Flushed all driver package files to disk. Time = 0 ms
     sig:                     Installed catalog 'ovpn-dco.cat' as 'oem0.cat'.
     sto:                {DRIVERSTORE IMPORT END: exit(0x00000000)} 09:43:38.034
     sto:           {Core Driver Package Import: exit(0x00000000)} 09:43:38.034
     sto:      {Stage Driver Package: exit(0x00000000)} 09:43:38.034
     sto: {Setup Import Driver Package - exit (0x00000000)} 09:43:38.050
     inf: Driver Store Path: C:\Windows\System32\DriverStore\FileRepository\ovpn-dco.inf_amd64_c2469f44c05ed054\ovpn-dco.inf
     inf: Published Inf Path: C:\Windows\INF\oem0.inf
<<<  Section end 2024/04/24 09:43:38.050
<<<  [Exit status: SUCCESS]
...

>>>  [Device Install (DiInstallDevice) - ROOT\NET\0000]
>>>  Section start 2024/04/24 09:43:46.519
      cmd: "C:\Program Files (x86)\App\Resources\x64\tapctl.exe" create --hwid ovpn-dco --name "Custom name"
     ndv: Flags: 0x00000000
     ndv: Search options: 0x00000002
     ndv: Searching default INF path
     dvi: {Build Driver List} 09:43:46.519
     dvi:      Searching for hardware ID(s):
     dvi:           ovpn-dco
     dvi: {Build Driver List - exit(0x00000000)} 09:43:46.691
     dvi: {DIF_SELECTBESTCOMPATDRV} 09:43:46.691
     dvi:      Default installer: Enter 09:43:46.691
     dvi:           {Select Best Driver}
!    dvi:                Selecting driver failed(0xe0000228)
     dvi:           {Select Best Driver - exit(0xe0000228)}
!    dvi:      Default installer: failed
!    dvi:      Error 0xe0000228: There are no compatible drivers for this device.
     dvi: {DIF_SELECTBESTCOMPATDRV - exit(0xe0000228)} 09:43:46.691
!    ndv: Unable to select best compatible driver. Error = 0xe0000228
<<<  Section end 2024/04/24 09:43:46.691
<<<  [Exit status: FAILURE(0xe0000203)]

When I check driver list with the command line pnputil /enum-drivers /class net I get the result:

Microsoft PnP Utility

Published Name:     oem0.inf
Original Name:      ovpn-dco.inf
Provider Name:      OpenVPN, Inc
Class Name:         Net
Class GUID:         {4d36e972-e325-11ce-bfc1-08002be10318}
Driver Version:     04/12/2024 1.1.1.0
Signer Name:        Microsoft Windows Hardware Compatibility Publisher

When I try to create a network manually with admin rights:

C:\...\x64>tapctl.exe create --hwid ovpn-dco --name "Custom name"
tap_create_adapter: DiInstallDevice failed
Error 0xe0000203
Creating TUN/TAP adapter failed (error 0xe0000203).

Any ideas what is wrong?

oblomingo commented 7 months ago

It seems I have found the problem: x86 msm version added to the installer for x64 operation system. At the moment, the installer can successfully install a driver and add a device, but fail to rename it. I've created a separate issue for this case: https://github.com/OpenVPN/openvpn/issues/544

lstipakov commented 7 months ago

It seems I have found the problem: x86 msm version added to the installer for x64 operation system.

Just to be sure - do you mean your installer here?