windows: provide easier method for creating connections than running as SYSTEM process

[hoorayui]

OS: windows 11

D:\Programs\webmesh_Windows_x86_64>webmesh-node.exe --global.insecure-skip-verify --mesh.join-addresses=100.86.44.111:8443
time=2023-11-02T21:33:20.243+08:00 level=INFO msg="Starting webmesh node" version=0.15.4 commit=697179cffa79a75c54882176288a11fa40ff274f buildDate=2023-10-31T15:00:54Z
time=2023-11-02T21:33:20.253+08:00 level=WARN msg="InsecureSkipVerify is enabled, skipping TLS verification"
time=2023-11-02T21:33:20.253+08:00 level=INFO msg="Starting storage and mesh connection"
time=2023-11-02T21:33:20.253+08:00 level=INFO msg="Joining webmesh cluster" component=mesh node-id=AMD-YES
time=2023-11-02T21:33:20.292+08:00 level=INFO msg="Starting mesh network manager" component=mesh node-id=AMD-YES component=net-manager
time=2023-11-02T21:33:20.322+08:00 level=INFO msg="Creating wireguard interface" component=mesh node-id=AMD-YES component=wireguard name=webmesh0
time=2023-11-02T21:33:20.385+08:00 level=INFO msg="Using existing driver 0.14"
time=2023-11-02T21:33:20.396+08:00 level=INFO msg="Creating adapter"
Error: failed to open mesh connection: join: handle join response: starting network manager: new wireguard interface: new system interface: new tun: uapi listen: open \\.\pipe\ProtectedPrefix\Administrators\WireGuard\webmesh0: This security ID may not be assigned as the owner of this object.

[tinyzimmer]

Is it running as administrator? That's the only thing I can think of off the bat.

Windows support is not thoroughly put together yet. Most use cases will need to involve an unprivileged process that communicates with a SYSTEM daemon (so it can manage network interfaces). This is what the newish "daemon" mode is for, which will be mostly feature complete soon. However, the next step will be a client interface to interact with that daemon. I started one a while back in the fyne-app repository, but it's very out of date at the moment.

[tinyzimmer]

If administrator access is not the problem - the next thing to consider would be the interface name (defaulting to webmesh0 in the above logs). I can't recall if constraints exist on newer Windows versions for the naming convention. But, for example, on macOS that has to default to utun+ to keep the OS happy.

[hoorayui]

It's strange. I tried another interface name and it still not work. (It was running as administrator)

[tinyzimmer]

Will have to dig in when I get a chance.

[tinyzimmer]

I've got this reproduced in a local windows 11 environment. Another thing I did notice is how much of a pain the installation process is still on Windows. I'm not sure if I should include installation instructions for wintun, include it in the zip, or just point people at how to add wireguard support to windows elsewhere.

[tinyzimmer]

Ok this bug is indeed just a permissions issue. It needs SYSTEM privileges which is more than just being an administrator. This can be verified by using psexec -i -s powershell to open an actual SYSTEM prompt and try from there.

But the next problem appears to be how I invoke netsh to configure the interface. I'll try to get that fixed in the next release.

[tinyzimmer]

So I've managed to fix all the other Windows bugs I found while looking into this one on v0.15.9.

The real problem here is sorta pseudo a feature request. And it's something I need to do for both Darwin and Windows. And that's providing an easier user experience over all.

If you install the sysinternals package you can use psexec -s to run webmesh as a SYSTEM process and that gets you past the error you initially reported. You got past the wintun installation on your own. What I need to do is build an .msi and .pkg that both install the webmesh-node as a daemon process with the correct permissions, any needed dependencies (e.g. wintun on windows), and then provide either CLI or GUI utilities that interact with that daemon. Code-wise this is like 80% done.

I'm going to see if I can get a simple daemon client embedded into wmctl in the short term along with a proper Windows installation package. GUI apps are always my biggest weakness and take me longer.

[tinyzimmer]

So I've just released 0.0.1 of a client GUI app for webmesh here: https://github.com/webmeshproj/webmesh-app/releases/tag/0.0.1

It runs the elevated needs as a daemon process and provides a user app for creating/managing connections. Obviously this is brand new so there may be bugs, but any that are app related we can take care of over in that repository. It will be a little hard to discern where the bug is coming from at first. Daemon logs are sent to the Event Viewer and app errors are not very descriptive yet.

The installers for Windows are self-signed at the moment.