Windows ARM64 PORT_ERROR

[rgnv]

Guessing this is an upstream (OpenVPN TAP/NDIS) issue, but unable to: a) install the driver without first disabling driver signing (Windows 10 1909) b) getting PORT_ERROR when attempting to connect, because even with driver signing disabled and manual installation of NDIS driver, it's still not fully compatible with Win32 emulation on Surface X/working functionality isn't there for ARM64.

Tried compiling from source for ARM64 arch but still encountered the same PORT_ERROR. Upstream OpenVPN/Viscosity client does support Windows ARM64 (tested and works on Surface X) so I'm curious what needs to be brought back over to ZeroTier: https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-2/

Update: Reviewing OpenVPN's TAP driver, NDIS 6.30 is where ARM64 functionality for Windows 10 came about. ZT appears to be using NDIS5 still, so I'm not sure if this is something that can be easily ported.

[bradsoto]

Could you attach C:\ProgramData\ZeroTier\One\port_error_log.txt?

[rgnv]

Just a single line repeating:

93afae5963af3b08: unable to create new device instance: SetupDiCallClassInstaller(DIF_REGISTERDEVICE) failed

[bradsoto]

Did you build an arm64 driver? Did you self-sign it and enable test mode? (See https://github.com/zerotier/ZeroTierOne/pull/1147) I think this error is because the setupapi.dll that is loaded by ZT1 must match the arch of the driver, and the arch of the driver must match the arch of the system. In our case arm64.

[glimberg]

Yeah we don't have support for Windows on ARM64 yet.

[rgnv]

I had limited success compiling the OpenVPN NDIS6 driver and getting zt to see it/initialize, but didn't get any further due to time. At this point it's not a high priority for me as I ended up getting a gl.iNET hotspot with zt built in that's my go-to roadwarrior device.

[bradsoto]

What are your steps to get ZT to use openvpn's driver? They released an official build of the driver.

[glimberg]

It's not a direct copy of the OpenVPN driver. The current driver is based on the OpenVPN NDIS6 code, but some customization had to be done to get proper support for multicast.

[amp9020]

Just a single line repeating:

93afae5963af3b08: unable to create new device instance: SetupDiCallClassInstaller(DIF_REGISTERDEVICE) failed

i'm getting the same messages, repeated each time I tried to install. Contents of port_error_log: "unable to create new device instance: SetupDiCallClassInstaller(DIF_REGISTERDEVICE) failed"

Fresh new laptop: OS Name Microsoft Windows 10 Home Version 10.0.19041 Build 19041 System Type ARM64-based PC Processor Snapdragon (TM) 850 @ 2.96 GHz, 2956 Mhz, 8 Core(s), 8 Logical Processor(s)

Anybody else with similar processor + windows 10?

[glimberg]

To quote myself from 4 posts above:

Yeah we don't have support for Windows on ARM64 yet.

[amp9020]

To quote myself from 4 posts above:

Yeah we don't have support for Windows on ARM64 yet.

I understand your statement. Hopefully it may be ported one day. I tried to port it over and found some success.

1>------ Rebuild All started: Project: TapDriver6, Configuration: Win10_Debug ARM64 ------ 1>Building 'TapDriver6' with toolset 'WindowsKernelModeDriver10.0' and the 'Windows Driver' target platform. 1>Stamping ARM64\Win10_Debug\zttap300.inf 1>adapter.c 1>device.c 1>error.c 1>macinfo.c 1>mem.c 1>oidrequest.c 1>rxpath.c 1>tapdrvr.c 1>txpath.c 1>resource.h(36): warning RC4005: '_USE_DECLSPECS_FOR_SAL' : redefinition 1> 1>resource.h(1398): warning RC4005: '_WIN32_WINNT' : redefinition 1> 1>Generating code 1>Finished generating code 1>TapDriver6.vcxproj -> C:\SDK\ZeroTierOne-master\windows\ARM64\Win10_Debug\zttap300.sys 1>Done Adding Additional Store 1>Successfully signed: C:\SDK\ZeroTierOne-master\windows\ARM64\Win10_Debug\zttap300.sys 1> 1>Driver is 'Windows Driver'. 1>........................ 1>Signability test complete. 1> 1>Errors: 1>None 1> 1>Warnings: 1>None 1> 1>Catalog generation complete. 1>C:\SDK\ZeroTierOne-master\windows\ARM64\Win10_Debug\TapDriver6\zttap300.cat 1>Done Adding Additional Store 1>Successfully signed: C:\SDK\ZeroTierOne-master\windows\ARM64\Win10_Debug\TapDriver6\zttap300.cat 1> 1>Done building project "TapDriver6.vcxproj". ========== Rebuild All: 1 succeeded, 0 failed, 0 skipped ==========

When I take the build over to the Arm64 laptop, and do a right click Install, I get an error message: "The third-party INF does not contain digital signature information"

Any clues ?

thanks,

[glimberg]

It's not signed with a valid EV driver signing certificate

:)

[amp9020]

a valid EV driver signing certificate

Christ. Okay.

So to make Windows better, Microsoft made it harder to develop on unless you fork out $$$. In the past we were able to successfully distribute unsigned driver packages that worked fine in Windows. I see this change as a positive but also a bit more difficult to develop on.

Do you think I can disable Device Driver Signing in Windows 10 for testing purposes? I see some articles but really dont want to tamper unless I need to go there. Figured I would ask about before deep diving more. I'm willing to using the laptop for test purposes.

Otherwise than that, I think I'll give up for now. thanks again.

[glimberg]

to top off the EV certificate, I think Windows drivers also need to be cosigned by Microsoft now as well. Just to make it even more difficult

I haven't done it in a long time, but it is possible to disable driver signing. IIRC, disabling driver signing in Windows 10 is a boot time option. And it's not sticky so if you reboot, you'll be back to normal driver signing rules.

[sqwwqw5]

Could anyone share a working arm version of the tap driver?

[amp9020]

this has been on the wishlist for a while, arm has become more popular. i was able to get it to compile but can't use the driver.
cost money to get the cert, so maybe we need a gofundme? :)

[sqwwqw5]

this has been on the wishlist for a while, arm has become more popular. i was able to get it to compile but can't use the driver. cost money to get the cert, so maybe we need a gofundme? :)

Last night I was able to finally compile the driver, though after turning on the test singing the driver still can't be properly loaded for some reason. In the meanwhile, I found a Chinese software called easyn2n, which uses n2n as core and Openvpn tap as driver which can be installed and loaded properly on m1 parallels windows virtual machine. Finally, I'm able to play grim dawn and torchlight2 with my girlfriend. :D

[amp9020]

lets wait for official ZeroTier support. your driver didn't load because It's not signed with a valid EV driver signing certificate. i appreciate the thrid party solution though.

[jakevis]

lets wait for official ZeroTier support. your driver didn't load because It's not signed with a valid EV driver signing certificate. i appreciate the thrid party solution though.

@amp9020 I have a Pro X as well and would love to get this working. I also have an EV code signing cert for some other testing/debug/development I do. Any chance you can share what you built and I can probably get it signed for testing.

[bledMS82]

Missing this on my SPX badly . BUMP

[amp9020]

@jakevis you're not going to like my reply. my system crashed and did not have a backup of the project folder. =\ It wasn't to hard to compile under Visual Studio. now that we have some interest in restarting this, I can try to recompile it. i'll msg you if i have success.

[jakevis]

@jakevis you're not going to like my reply. my system crashed and did not have a backup of the project folder. =\ It wasn't to hard to compile under Visual Studio. now that we have some interest in restarting this, I can try to recompile it. i'll msg you if i have success.

As long as the crash wasnt a result of this driver 😉 But sounds good - I can look at doing it as well, but will be take a little longer for me to get VS up and running (using VS Code only at the moment personally).

[bledMS82]

Not sure if this helps but openvpn works on windows arm64 and they have a program called "add a new Tap-Windows6 virtual network adapter" tapctl.exe. https://openvpn.net/community-downloads/

[woaiwinnie2]

Any official update on the topic? Some similar software has official support of win on arm.

[rgnv]

I switched over to tailscale which uses the wireguard protocol with wintun. While parts of the software still run via x86 emulation (due to upstream Go dependencies), it ships with compatible wintun drivers for arm, arm64, x86, and x86_64. Give it a try is you're just looking at the same functionality that zerotier provides.

[woaiwinnie2]

Yeah by referring to similar software I actually mean tailscale. However it lack some of the functionality such as specifying IP for devices. I am currently working on using one computer with both zerotier and tailscale as gateway between two virtual networks.

[jakevis]

@amp9020 @woaiwinnie2 - I just build, signed, and had Microsoft approve/sign an arm64 driver, you can download the signed files, linked in the text over at: https://github.com/zerotier/ZeroTierOne/pull/1949