openvpn-build icon indicating copy to clipboard operation
openvpn-build copied to clipboard
verified publisher icon OpenVPN

OpenVPN Wintun driver is not compatitible with standard Wintun driver form Wireguard used in AdguardVPN

Open shamarin opened this issue 1 year ago • 10 comments

IMPORTANT NOTE Bugs about OpenVPN Access Server, OpenVPN Connect or any other product by OpenVPN Inc. should be directly reported to OpenVPN Inc. at https://support.openvpn.net

Describe the bug OpenVPN Wintun driver is not compatitible with standard Wintun driver form Wireguard used in AdguardVPN (wintun.sys). You are using patched library form Wireguard and thats why now I have conflict with AdguardVPN. If i enable using of Wintun in AdguardVPN all my Wintun adapters get deleted by Adgurd. https://github.com/AdguardTeam/AdGuardVPNForWindows/issues/661 Adguard advise you to use another name for Wintun adapter in Windows wintun.dll library that you are using.

Version information (please complete the following information):

  • OS: Windows 11 x64 22635.1076
  • OpenVPN version: 2.6.11

Additional context Watch the last comment from Adguard developers https://github.com/AdguardTeam/AdGuardVPNForWindows/issues/661

shamarin avatar Aug 20 '24 18:08 shamarin

Also rename the library name for compatibility.

shamarin avatar Aug 20 '24 18:08 shamarin

The comment from Adguard developers in English "the reason for the conflict is that both OpenVPN and AdGuard VPN in Wintun mode use the same wintun.sys driver. OpenVPN uses a modified library, we use the original wintun.dll from WireGuard, into which the wintun.sys driver is embedded. At the moment, our policy is that we do not modify the wintun.dll library, and therefore we cannot change the name of the driver that is hardcoded in it. However, this can be done in OpenVPN, since they still use modified code of this library. Alternatively, you can contact them so that they change the file name. For our part, we may change the original library, and as part of these changes, we will change the name of the driver file. This will solve the conflict with OpenVPN."

shamarin avatar Aug 20 '24 18:08 shamarin

The author of wintun has requested to only ship the binaries of wintun that he builds himself and use the installation way that the current binaries have builtin. We respect his intents and have never updated to the newer versions of wintun as consequence. Instead we are focusing on ovpn-dco-win for windows.

Our wintun driver is not patched or modifed. Where did you get the idea that we are patching it? It is just an older version/last version before breaking changes in upstream. The observed behaviour of deleting all wintun interfaces is by design by the newer wintun driver version/dll.

From my understanding, the license of the new version also only allows using the wintun driver only if you use the signed binaries. So that means that you cannot build the wintun driver yourself and use/distribute OpenVPN with a driver that is built from soure as GPL is incompatible with Apache2 license that is used by OpenSSL in OpenVPN. OpenVPN itself has an exception for this.

schwabe avatar Aug 20 '24 22:08 schwabe

The author of wintun has requested to only ship the binaries of wintun that he builds himself and use the installation way that the current binaries have builtin. We respect his intents and have never updated to the newer versions of wintun as consequence. Instead we are focusing on ovpn-dco-win for windows.

Our wintun driver is not patched or modifed. Where did you get the idea that we are patching it? It is just an older version/last version before breaking changes in upstream. The observed behaviour of deleting all wintun interfaces is by design by the newer wintun driver version/dll.

From my understanding, the license of the new version also only allows using the wintun driver only if you use the signed binaries. So that means that you cannot build the wintun driver yourself and use/distribute OpenVPN with a driver that is built from soure as GPL is incompatible with Apache2 license that is used by OpenSSL in OpenVPN. OpenVPN itself has an exception for this.

It's not my idea, i wrote only those from devs of Adguard, it's their words that yours library is patched. Watch the link.

shamarin avatar Aug 21 '24 03:08 shamarin

And how to be??? Now i can't use OpenVPN with Wintun and at the same time AdguardVPN with it's Wintun. If i connect to VPN server with AdguardVPN then OpenVPN tunnel being removed from Windows device manager. Even if i install it again then each time i connecting to AdguardVPN it's removing.

shamarin avatar Aug 21 '24 03:08 shamarin

JFTR: OpenVPN Wintun driver is a Wintun version 0.8.1, and indeed by no means patched.

lstipakov avatar Aug 21 '24 05:08 lstipakov

JFTR: OpenVPN Wintun driver is a Wintun version 0.8.1, and indeed by no means patched.

Yes, OpenVPN using Wintun driver version 0.8.1 and Adguard VPN using newer version 1.14.0. As I understand AdgurdVPN devs the problem is that both are with the same name and using the same lib wintun.sys in the same path of Windows. Will it be fixed?

shamarin avatar Aug 21 '24 06:08 shamarin

And how to be??? Now i can't use OpenVPN with Wintun and at the same time AdguardVPN with it's Wintun. If i connect to VPN server with AdguardVPN then OpenVPN tunnel being removed from Windows device manager. Even if i install it again then each time i connecting to AdguardVPN it's removing.

As @schwabe wrote - OpenVPN recommends to use dco-win instead of wintun since 2.6.0.

Since the wintun issues are stemming from restrictions imposed on us by the wintun developers, it's unlikely that we're going to invest developer time into working around that problem (or that we could even fix it if we had the time).

cron2 avatar Aug 21 '24 08:08 cron2

And how to be??? Now i can't use OpenVPN with Wintun and at the same time AdguardVPN with it's Wintun. If i connect to VPN server with AdguardVPN then OpenVPN tunnel being removed from Windows device manager. Even if i install it again then each time i connecting to AdguardVPN it's removing.

As @schwabe wrote - OpenVPN recommends to use dco-win instead of wintun since 2.6.0.

Since the wintun issues are stemming from restrictions imposed on us by the wintun developers, it's unlikely that we're going to invest developer time into working around that problem (or that we could even fix it if we had the time).

What are the benefits (speed) of dco-win compared to Wintun???

shamarin avatar Aug 21 '24 08:08 shamarin

And how to be??? Now i can't use OpenVPN with Wintun and at the same time AdguardVPN with it's Wintun. If i connect to VPN server with AdguardVPN then OpenVPN tunnel being removed from Windows device manager. Even if i install it again then each time i connecting to AdguardVPN it's removing.

As @schwabe wrote - OpenVPN recommends to use dco-win instead of wintun since 2.6.0. Since the wintun issues are stemming from restrictions imposed on us by the wintun developers, it's unlikely that we're going to invest developer time into working around that problem (or that we could even fix it if we had the time).

What are the benefits (speed) of dco-win compared to Wintun???

Founded myself. Will try new ovpn-dco-win driver.

shamarin avatar Aug 21 '24 09:08 shamarin