ZeroTierOne icon indicating copy to clipboard operation
ZeroTierOne copied to clipboard

Published 20 hours ago verified publisher icon zerotier

Windows ARM64 PORT_ERROR

Open rgnv opened this issue 5 years ago • 25 comments

Guessing this is an upstream (OpenVPN TAP/NDIS) issue, but unable to: a) install the driver without first disabling driver signing (Windows 10 1909) b) getting PORT_ERROR when attempting to connect, because even with driver signing disabled and manual installation of NDIS driver, it's still not fully compatible with Win32 emulation on Surface X/working functionality isn't there for ARM64.

Tried compiling from source for ARM64 arch but still encountered the same PORT_ERROR. Upstream OpenVPN/Viscosity client does support Windows ARM64 (tested and works on Surface X) so I'm curious what needs to be brought back over to ZeroTier: https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-2/

Update: Reviewing OpenVPN's TAP driver, NDIS 6.30 is where ARM64 functionality for Windows 10 came about. ZT appears to be using NDIS5 still, so I'm not sure if this is something that can be easily ported.

rgnv avatar Dec 03 '19 02:12 rgnv

Could you attach C:\ProgramData\ZeroTier\One\port_error_log.txt?

bradsoto avatar Feb 28 '20 03:02 bradsoto

Just a single line repeating:

93afae5963af3b08: unable to create new device instance: SetupDiCallClassInstaller(DIF_REGISTERDEVICE) failed

rgnv avatar Feb 28 '20 03:02 rgnv

Did you build an arm64 driver? Did you self-sign it and enable test mode? (See https://github.com/zerotier/ZeroTierOne/pull/1147) I think this error is because the setupapi.dll that is loaded by ZT1 must match the arch of the driver, and the arch of the driver must match the arch of the system. In our case arm64.

bradsoto avatar Feb 28 '20 17:02 bradsoto

Yeah we don't have support for Windows on ARM64 yet.

glimberg avatar Feb 28 '20 17:02 glimberg

I had limited success compiling the OpenVPN NDIS6 driver and getting zt to see it/initialize, but didn't get any further due to time. At this point it's not a high priority for me as I ended up getting a gl.iNET hotspot with zt built in that's my go-to roadwarrior device.

rgnv avatar Feb 28 '20 17:02 rgnv

What are your steps to get ZT to use openvpn's driver? They released an official build of the driver.

bradsoto avatar Feb 28 '20 17:02 bradsoto

It's not a direct copy of the OpenVPN driver. The current driver is based on the OpenVPN NDIS6 code, but some customization had to be done to get proper support for multicast.

glimberg avatar Feb 28 '20 17:02 glimberg

Just a single line repeating:

93afae5963af3b08: unable to create new device instance: SetupDiCallClassInstaller(DIF_REGISTERDEVICE) failed

i'm getting the same messages, repeated each time I tried to install. Contents of port_error_log: "unable to create new device instance: SetupDiCallClassInstaller(DIF_REGISTERDEVICE) failed"

Fresh new laptop: OS Name Microsoft Windows 10 Home Version 10.0.19041 Build 19041 System Type ARM64-based PC Processor Snapdragon (TM) 850 @ 2.96 GHz, 2956 Mhz, 8 Core(s), 8 Logical Processor(s)

Anybody else with similar processor + windows 10?

amp9020 avatar May 31 '20 22:05 amp9020

To quote myself from 4 posts above:

Yeah we don't have support for Windows on ARM64 yet.

glimberg avatar Jun 01 '20 01:06 glimberg

To quote myself from 4 posts above:

Yeah we don't have support for Windows on ARM64 yet.

I understand your statement. Hopefully it may be ported one day. I tried to port it over and found some success.

1>------ Rebuild All started: Project: TapDriver6, Configuration: Win10_Debug ARM64 ------ 1>Building 'TapDriver6' with toolset 'WindowsKernelModeDriver10.0' and the 'Windows Driver' target platform. 1>Stamping ARM64\Win10_Debug\zttap300.inf 1>adapter.c 1>device.c 1>error.c 1>macinfo.c 1>mem.c 1>oidrequest.c 1>rxpath.c 1>tapdrvr.c 1>txpath.c 1>resource.h(36): warning RC4005: '_USE_DECLSPECS_FOR_SAL' : redefinition 1> 1>resource.h(1398): warning RC4005: '_WIN32_WINNT' : redefinition 1> 1>Generating code 1>Finished generating code 1>TapDriver6.vcxproj -> C:\SDK\ZeroTierOne-master\windows\ARM64\Win10_Debug\zttap300.sys 1>Done Adding Additional Store 1>Successfully signed: C:\SDK\ZeroTierOne-master\windows\ARM64\Win10_Debug\zttap300.sys 1> 1>Driver is 'Windows Driver'. 1>........................ 1>Signability test complete. 1> 1>Errors: 1>None 1> 1>Warnings: 1>None 1> 1>Catalog generation complete. 1>C:\SDK\ZeroTierOne-master\windows\ARM64\Win10_Debug\TapDriver6\zttap300.cat 1>Done Adding Additional Store 1>Successfully signed: C:\SDK\ZeroTierOne-master\windows\ARM64\Win10_Debug\TapDriver6\zttap300.cat 1> 1>Done building project "TapDriver6.vcxproj". ========== Rebuild All: 1 succeeded, 0 failed, 0 skipped ==========

When I take the build over to the Arm64 laptop, and do a right click Install, I get an error message: "The third-party INF does not contain digital signature information"

Any clues ?

thanks,

amp9020 avatar Jun 05 '20 16:06 amp9020

It's not signed with a valid EV driver signing certificate

:)

glimberg avatar Jun 05 '20 16:06 glimberg

a valid EV driver signing certificate

Christ. Okay.

So to make Windows better, Microsoft made it harder to develop on unless you fork out $$$. In the past we were able to successfully distribute unsigned driver packages that worked fine in Windows. I see this change as a positive but also a bit more difficult to develop on.

Do you think I can disable Device Driver Signing in Windows 10 for testing purposes? I see some articles but really dont want to tamper unless I need to go there. Figured I would ask about before deep diving more. I'm willing to using the laptop for test purposes.

Otherwise than that, I think I'll give up for now. thanks again.

amp9020 avatar Jun 05 '20 17:06 amp9020

to top off the EV certificate, I think Windows drivers also need to be cosigned by Microsoft now as well. Just to make it even more difficult

I haven't done it in a long time, but it is possible to disable driver signing. IIRC, disabling driver signing in Windows 10 is a boot time option. And it's not sticky so if you reboot, you'll be back to normal driver signing rules.

glimberg avatar Jun 05 '20 17:06 glimberg

Could anyone share a working arm version of the tap driver?

sqwwqw5 avatar Sep 18 '21 06:09 sqwwqw5

this has been on the wishlist for a while, arm has become more popular. i was able to get it to compile but can't use the driver.
cost money to get the cert, so maybe we need a gofundme? :)

amp9020 avatar Sep 19 '21 02:09 amp9020

this has been on the wishlist for a while, arm has become more popular. i was able to get it to compile but can't use the driver. cost money to get the cert, so maybe we need a gofundme? :)

Last night I was able to finally compile the driver, though after turning on the test singing the driver still can't be properly loaded for some reason. In the meanwhile, I found a Chinese software called easyn2n, which uses n2n as core and Openvpn tap as driver which can be installed and loaded properly on m1 parallels windows virtual machine. Finally, I'm able to play grim dawn and torchlight2 with my girlfriend. :D

sqwwqw5 avatar Sep 19 '21 03:09 sqwwqw5

lets wait for official ZeroTier support. your driver didn't load because It's not signed with a valid EV driver signing certificate. i appreciate the thrid party solution though.

amp9020 avatar Sep 19 '21 17:09 amp9020

lets wait for official ZeroTier support. your driver didn't load because It's not signed with a valid EV driver signing certificate. i appreciate the thrid party solution though.

@amp9020 I have a Pro X as well and would love to get this working. I also have an EV code signing cert for some other testing/debug/development I do. Any chance you can share what you built and I can probably get it signed for testing.

jakevis avatar Oct 17 '21 20:10 jakevis

Missing this on my SPX badly . BUMP

bledMS82 avatar Oct 20 '21 16:10 bledMS82

@jakevis you're not going to like my reply. my system crashed and did not have a backup of the project folder. =\ It wasn't to hard to compile under Visual Studio. now that we have some interest in restarting this, I can try to recompile it. i'll msg you if i have success.

amp9020 avatar Oct 22 '21 20:10 amp9020

@jakevis you're not going to like my reply. my system crashed and did not have a backup of the project folder. =\ It wasn't to hard to compile under Visual Studio. now that we have some interest in restarting this, I can try to recompile it. i'll msg you if i have success.

As long as the crash wasnt a result of this driver 😉 But sounds good - I can look at doing it as well, but will be take a little longer for me to get VS up and running (using VS Code only at the moment personally).

jakevis avatar Oct 22 '21 21:10 jakevis

Not sure if this helps but openvpn works on windows arm64 and they have a program called "add a new Tap-Windows6 virtual network adapter" tapctl.exe. https://openvpn.net/community-downloads/

bledMS82 avatar Oct 28 '21 22:10 bledMS82

Any official update on the topic? Some similar software has official support of win on arm.

woaiwinnie2 avatar Mar 07 '22 03:03 woaiwinnie2

I switched over to tailscale which uses the wireguard protocol with wintun. While parts of the software still run via x86 emulation (due to upstream Go dependencies), it ships with compatible wintun drivers for arm, arm64, x86, and x86_64. Give it a try is you're just looking at the same functionality that zerotier provides.

rgnv avatar Mar 07 '22 14:03 rgnv

Yeah by referring to similar software I actually mean tailscale. However it lack some of the functionality such as specifying IP for devices. I am currently working on using one computer with both zerotier and tailscale as gateway between two virtual networks.

woaiwinnie2 avatar Mar 09 '22 06:03 woaiwinnie2

@amp9020 @woaiwinnie2 - I just build, signed, and had Microsoft approve/sign an arm64 driver, you can download the signed files, linked in the text over at: https://github.com/zerotier/ZeroTierOne/pull/1949

jakevis avatar Mar 30 '23 20:03 jakevis