[strongSwan-dev] TAP-Windows6 driver integration

Emanuil Hristov int986 at gmail.com
Thu Nov 17 12:21:45 CET 2016

could you please binaries (as possible with charon-cmd) and tun/tap driver.
I really want to test it.


On 30 September 2016 at 02:03, Noel Kuntze <noel at familie-kuntze.de> wrote:

> Hello list,
> I implemented support for the TAP-Windows6 driver, which is used by
> openvpn to support
> Windows.
> I developed it on top of commit 1dabd0fb1cfdb5b3381d45a39a7cb134651b72a9.
> The diff attached to this email contains the following:
> *support to manage IPs with kernel-iph on top of Martin Willi's branch
> win-vip.
>  It contains changes to honor charon.install_virtual_ip and
> charon.install_virtual_ip_on.
> *changes to kernel-libipsec and libipsec to work on Windows correctly
>  handle_plain is implemented with asynchronous IO on top of
> WaitForMultipleObjects() and events.
> *support to open and configure TAP devices on Windows in libstrongswan
> *IPv4 and IPv6 support
> My changes are under the MIT-X11 license where required. The repo
> "strongswan" on my Github account[1]
> contains all the required changes.
> The performance of the driver is limited to 60 Mbit/s. The TAP-Windows6
> driver is known to be quite slow,
> so I do not think that is an issue that can be fixed by changes to my
> code. You might reach higher speeds
> if you use a faster test environment than me.
> My test environment is a host with the Intel(R) Core(TM) i7-3820 CPU CPU
> with four cores at 3.60 GHz.
> Windows ran in a VirtualBox VM with 3 cores. The test was performed using
> iperf3 over a tunnel with 60 seconds.
> The server was on the VM host. The client was on the VM guest.
> In my test, about 90% of the CPU was maxed out.
> To make use of the TAP-Windows6 driver, it needs to be patched with the
> changes that can be found in the
> fork on my Github account[2]. It implements an option to disable the ARP
> source check in the ARP
> handling code of the driver. The patch is already known by OpenVPN Tech,
> which developed and maintains the driver, and should be applied in the next
> months.
> It is tracked under #721 on the openvpn bug tracker[3]. The TAP-Windows6
> support that I implemented does
> not work without it. It theoretically could, but that requires that the
> driver handles ARP requests for all
> IP addresses that the Windows host tries to reach over it and fills up the
> neighbor table.
> Please take a look at it and tell me what is required to get this merged
> into the master branch of strongSwan.
> [1] https://github.com/Thermi/strongswan
> [2] https://github.com/Thermi/tap-windows6
> [3] https://community.openvpn.net/openvpn/ticket/721
> --
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> _______________________________________________
> Dev mailing list
> Dev at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20161117/917647fd/attachment.html>

More information about the Dev mailing list