Added experimental support for Level-2 tunnel (Tunnel=ethernet option… #750
Conversation
…) on Windows. It needs TAP-Windows driver.
|
|
@microsoft-github-policy-service agree |
servconf.c
Outdated
| @@ -568,7 +570,7 @@ typedef enum { | |||
| sPerSourcePenalties, sPerSourcePenaltyExemptList, | |||
| sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | |||
| sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, | |||
| sAcceptEnv, sSetEnv, sPermitTunnel, | |||
| sAcceptEnv, sSetEnv, sPermitTunnel, sTunnelOptions, | |||
There was a problem hiding this comment.
I'm not sure we want to add a custom directive to sshd_config as this would be a divergence from the upstream code. Can the existing ethernet argument for the sPermitTunnel directive be used?
There was a problem hiding this comment.
This new option is not a must for me. I added it because I was missing a way to make sure to use only a subset of available TAP instances. My idea was to distinguish TAPs by a fixed prefix in their friendly name. On my PC there are many TAP instances I wouldn't touch because they are (supposed to be) reserved to VPNs, teleservice programs, emulators etc... I even considered to use some weird tricks based on TunnelDevice values and a numeric suffix in the name (e.g. numbers > 10000 are name suffixes...).
Are you suggesting something like "PermitTunnel=ethernet[:options...]"? It looks good, bat valid only for server. In fact I also added the option to the client. Do you think that for client we can keep it, or it's better to withdraw it completely? Alternatively, for the client side we could use "Tunnel=ethernt" option. What do you think?
There was a problem hiding this comment.
By the way, is it possible to change (edit, add, delete files) an existing pull request, or is it better me to submit a new one? (Sorry, I am quite new in github)
There was a problem hiding this comment.
Yes - for the client side, I think the Tunnel and TunnelDevice directives can be used.
As far as GitHub, you can make changes directly to this pull request by pushing the changes to this existing branch!
There was a problem hiding this comment.
I changed it as we agreed. Bye
|
/AzurePipelines run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
…mitTunnel"(sshd) and "Tunnel" (ssh): you can append to the type of tunnel a ":" followed by options (e.g. Tunnel=ethernet:my_option)
…mitTunnel"(sshd) and "Tunnel" (ssh): you can append to the type of tunnel a ":" followed by options (e.g. Tunnel=ethernet:my_option)
|
Hi @tgauth! I have two questions for you:
Thank you in advance |
|
I found a TUN driver for Windows, but it seems a bit immature to me. It's here: https://www.wintun.net/ . It requires an additional DLL, IMHO it's quite unhandy. |
PR Summary
This patch adds experimental tunnel management on Windows. It relies on TAP-Windows V9 driver, avilable here:
https://build.openvpn.net/downloads/releases/tap-windows-9.23.3-I601-Win10.exe
Only Level-2 tunnel (Tunnel=ethernet) is implemented.
At the moment (2024/09/23) this patch has been tested only on Windows10-19045
and TAP-Windows driver 9.23.3.601. Most of the tests used client mode
(ssh.exe). Server mode (sshd.exe) has only been tested superficially.
See README-TAP-Windows.txt for more information.
PR Context
Windows is the only platform on which this feature is missing.