[strongSwan-dev] TAP-Windows6 driver integration
int986 at gmail.com
Thu Nov 17 12:21:45 CET 2016
could you please binaries (as possible with charon-cmd) and tun/tap driver.
I really want to test it.
On 30 September 2016 at 02:03, Noel Kuntze <noel at familie-kuntze.de> wrote:
> Hello list,
> I implemented support for the TAP-Windows6 driver, which is used by
> openvpn to support
> I developed it on top of commit 1dabd0fb1cfdb5b3381d45a39a7cb134651b72a9.
> The diff attached to this email contains the following:
> *support to manage IPs with kernel-iph on top of Martin Willi's branch
> It contains changes to honor charon.install_virtual_ip and
> *changes to kernel-libipsec and libipsec to work on Windows correctly
> handle_plain is implemented with asynchronous IO on top of
> WaitForMultipleObjects() and events.
> *support to open and configure TAP devices on Windows in libstrongswan
> *IPv4 and IPv6 support
> My changes are under the MIT-X11 license where required. The repo
> "strongswan" on my Github account
> contains all the required changes.
> The performance of the driver is limited to 60 Mbit/s. The TAP-Windows6
> driver is known to be quite slow,
> so I do not think that is an issue that can be fixed by changes to my
> code. You might reach higher speeds
> if you use a faster test environment than me.
> My test environment is a host with the Intel(R) Core(TM) i7-3820 CPU CPU
> with four cores at 3.60 GHz.
> Windows ran in a VirtualBox VM with 3 cores. The test was performed using
> iperf3 over a tunnel with 60 seconds.
> The server was on the VM host. The client was on the VM guest.
> In my test, about 90% of the CPU was maxed out.
> To make use of the TAP-Windows6 driver, it needs to be patched with the
> changes that can be found in the
> fork on my Github account. It implements an option to disable the ARP
> source check in the ARP
> handling code of the driver. The patch is already known by OpenVPN Tech,
> which developed and maintains the driver, and should be applied in the next
> It is tracked under #721 on the openvpn bug tracker. The TAP-Windows6
> support that I implemented does
> not work without it. It theoretically could, but that requires that the
> driver handles ARP requests for all
> IP addresses that the Windows host tries to reach over it and fills up the
> neighbor table.
> Please take a look at it and tell me what is required to get this merged
> into the master branch of strongSwan.
>  https://github.com/Thermi/strongswan
>  https://github.com/Thermi/tap-windows6
>  https://community.openvpn.net/openvpn/ticket/721
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> Dev mailing list
> Dev at lists.strongswan.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev