-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added experimental support for Level-2 tunnel (Tunnel=ethernet option… #750
base: latestw_all
Are you sure you want to change the base?
Added experimental support for Level-2 tunnel (Tunnel=ethernet option… #750
Conversation
…) on Windows. It needs TAP-Windows driver.
|
@microsoft-github-policy-service agree |
servconf.c
Outdated
@@ -568,7 +570,7 @@ typedef enum { | |||
sPerSourcePenalties, sPerSourcePenaltyExemptList, | |||
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | |||
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, | |||
sAcceptEnv, sSetEnv, sPermitTunnel, | |||
sAcceptEnv, sSetEnv, sPermitTunnel, sTunnelOptions, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure we want to add a custom directive to sshd_config
as this would be a divergence from the upstream code. Can the existing ethernet
argument for the sPermitTunnel
directive be used?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This new option is not a must for me. I added it because I was missing a way to make sure to use only a subset of available TAP instances. My idea was to distinguish TAPs by a fixed prefix in their friendly name. On my PC there are many TAP instances I wouldn't touch because they are (supposed to be) reserved to VPNs, teleservice programs, emulators etc... I even considered to use some weird tricks based on TunnelDevice values and a numeric suffix in the name (e.g. numbers > 10000 are name suffixes...).
Are you suggesting something like "PermitTunnel=ethernet[:options...]"? It looks good, bat valid only for server. In fact I also added the option to the client. Do you think that for client we can keep it, or it's better to withdraw it completely? Alternatively, for the client side we could use "Tunnel=ethernt" option. What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By the way, is it possible to change (edit, add, delete files) an existing pull request, or is it better me to submit a new one? (Sorry, I am quite new in github)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes - for the client side, I think the Tunnel
and TunnelDevice
directives can be used.
As far as GitHub, you can make changes directly to this pull request by pushing the changes to this existing branch!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I changed it as we agreed. Bye
/AzurePipelines run |
Azure Pipelines successfully started running 1 pipeline(s). |
…mitTunnel"(sshd) and "Tunnel" (ssh): you can append to the type of tunnel a ":" followed by options (e.g. Tunnel=ethernet:my_option)
…mitTunnel"(sshd) and "Tunnel" (ssh): you can append to the type of tunnel a ":" followed by options (e.g. Tunnel=ethernet:my_option)
Hi @tgauth! I have two questions for you:
Thank you in advance |
I found a TUN driver for Windows, but it seems a bit immature to me. It's here: https://www.wintun.net/ . It requires an additional DLL, IMHO it's quite unhandy. |
PR Summary
This patch adds experimental tunnel management on Windows. It relies on TAP-Windows V9 driver, avilable here:
https://build.openvpn.net/downloads/releases/tap-windows-9.23.3-I601-Win10.exe
Only Level-2 tunnel (Tunnel=ethernet) is implemented.
At the moment (2024/09/23) this patch has been tested only on Windows10-19045
and TAP-Windows driver 9.23.3.601. Most of the tests used client mode
(ssh.exe). Server mode (sshd.exe) has only been tested superficially.
See README-TAP-Windows.txt for more information.
PR Context
Windows is the only platform on which this feature is missing.