This mostly reverts commit
8c1d2de09829d0930d1a7642b0729cd6cbf5ab67 ("Remove
TAP-Windows driver from installer, and update docs to reference Wintun's
default inclusion").
It appears that Wintun is not fully stable yet for OpenConnect VPN connections.
See #338 for two reports of instability (with #324 as a possible third), including
one where switching to TAP-Windows clearly resolved the issue.
Per https://gitlab.com/openconnect/openconnect/-/issues/338#note_731175712,
we should revert to installing and using TAP-Windows by default until we can figure out why.
OpenConnect will continue to use Wintun if TAP-Windows is unavailable, but will
issue a loud warning to the log.
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
WINTUNDRIVER = wintun-0.13.zip
WINTUNSHA256 = 34afe7d0de1fdb781af3defc0a75fd8c97daa756279b42dd6be6a1bd8ccdc7f0
+# OpenVPN TAP driver for Windows Vista/2003 and newer
+# (see https://community.openvpn.net/openvpn/wiki/GettingTapWindows)
+# XX: Newer releases exist, but are split between Win7+ and Win10+ versions.
+TAPDRIVER = tap-windows-9.21.2.exe
+TAPSHA256 = 645bee92ba4e9f32ddfdd9f8519dc1b9f9ff0b0a8e87e342f08d39da77e499a9
+
+$(TAPDRIVER):
+ curl https://build.openvpn.net/downloads/releases/tap-windows-9.21.2.exe -o $@
+
+# Validate file and also let make find it in VPATH
+file-list-$(TAPDRIVER).txt: $(TAPDRIVER)
+ echo $(TAPSHA256) $< | sha256sum -c
+ echo $< > $@
+
$(WINTUNDRIVER):
curl https://www.wintun.net/builds/$(WINTUNDRIVER) -o $@
# Rather than trying to get clever in NSIS and iterate over lists,
# just emit raw snippets to be included separately in the install
# and uninstall sections.
-instfiles.nsh: file-list.txt file-list-vpnc-script-win.js.txt
+instfiles.nsh: file-list.txt file-list-vpnc-script-win.js.txt file-list-$(TAPDRIVER).txt
$(AM_V_GEN) cat $^ | while read FILE; do echo "File \"$${FILE}\"" ; done > $@
-uninstfiles.nsh: file-list.txt file-list-vpnc-script-win.js.txt
+uninstfiles.nsh: file-list.txt file-list-vpnc-script-win.js.txt file-list-$(TAPDRIVER).txt
$(AM_V_GEN) cat $^ | while read FILE; do echo "Delete /rebootok \"\$$INSTDIR\\\\$${FILE##*/}\"" ; done > $@
# Theoretically makensis can define symbols with the -D command line
CreateShortCut "$DESKTOP\openconnect.exe.lnk" "$INSTDIR\.\openconnect.exe" "" "$INSTDIR\.\openconnect.exe" 0
SectionEnd
+Section "TAP-Windows driver"
+ MessageBox MB_OK \
+ "OpenConnect uses the TAP-Windows driver from OpenVPN to create virtual Ethernet adapters for \
+ VPN connections. If you haven't already installed this driver, you should now install v9.21.2, \
+ which works on Windows 2003, Windows Vista, or newer. \
+ More information on this driver, and available versions, can be found at \
+ https://community.openvpn.net/openvpn/wiki/GettingTapWindows"
+
+ MessageBox MB_YESNO "Install TAP-Windows driver v9.21.2?" /SD IDYES IDNO endTapWindows
+ DetailPrint "Running TAP-Windows driver setup..."
+ ExecWait "$INSTDIR\tap-windows-9.21.2.exe"
+ DetailPrint "Finished TAP-Windows driver setup"
+ endTapWindows:
+SectionEnd
+
Section "Uninstall"
Delete /rebootok "$DESKTOP\openconnect.exe.lnk"
Delete /rebootok "$SMPROGRAMS\OpenConnect\openconnect.exe.lnk"
get_adapter_index(vpninfo, guid);
- vpn_progress(vpninfo, PRG_INFO, _("Using %s device '%s', index %d\n"),
+ vpn_progress(vpninfo, adapter_type ? PRG_ERR : PRG_INFO,
+ _("Using %s device '%s', index %d\n"),
adapter_type ? "Wintun" : "TAP-Windows",
vpninfo->ifname, vpninfo->tun_idx);
+ if (adapter_type == ADAPTER_WINTUN)
+ vpn_progress(vpninfo, PRG_ERR,
+ _("WARNING: Support for Wintun is experimental and may be unstable. If you\n"
+ " encounter problems, install the TAP-Windows driver instead. See\n"
+ " https://www.infradead.org/openconnect/building.html\n"));
return ret;
}
<h2>TUN/TAP driver</h2>
+<h3>Mac OS</h3>
+
<p>Mac OS X users with OS X 10.6 or older, or using OpenConnect 6.00 or older,
will also need to install the <a href="http://tuntaposx.sourceforge.net/">Mac OS X tun/tap driver</a>.
Newer versions of OpenConnect will use the <tt>utun</tt> device on OS X which does not
<p>Solaris/OpenIndiana users will need the <a href="http://www.whiteboard.ne.jp/~admin2/tuntap/">Solaris TAP driver</a>.
Note that for IPv6 support, the Solaris tun/tap driver from 16th Nov 2009 or newer is required.</p>
-<p>On Windows, OpenConnect can use either the
+<h3>Windows</h3>
+
+<p>On Windows, OpenConnect uses the
<a href="https://community.openvpn.net/openvpn/wiki/GettingTapWindows">TAP-Windows driver from OpenVPN</a> (version 9.9 or
-later; requires Windows 2003 or newer) or the <a href="https://www.wintun.net">Wintun layer-3 driver from Wireguard</a>
-(requires Windows 7 or newer). The more modern Wintun driver is included in the OpenConnect installer, starting
-with OpenConnect v9.00.</p>
+later; requires Windows 2003 or newer). This driver is only available for the 32-bit and 64-bit x86
+architectures.</p>
+
+<p>OpenConnect v9.00 also contains <b><i>experimental</i></b> support for the
+<a href="https://www.wintun.net">Wintun layer-3 driver from Wireguard</a>
+(requires Windows 7 or newer). This is a more modern driver, and supports 32-bit and 64-bit ARM
+architectures as well, however it does not yet appear to be fully stable
+(see <a href="https://gitlab.com/openconnect/openconnect/-/issues/338">issue #338</a>).
+OpenConnect v9.00 will only attempt to use Wintun if TAP-Windows is unavailable.</p>
<INCLUDE file="inc/footer.tmpl" />
</PAGE>
<li>Restore compatibility with newer Cisco servers, by no longer sending them the <tt>X-AnyConnect-Platform</tt> header (<a href="https://gitlab.com/openconnect/openconnect/-/issues/101">#101</a>, <a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/175">!175</a>)</li>
<li>Add support for PPP-based protocols, currently over TLS only (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/165">!165</a>).</li>
<li>Add support for two PPP-based protocols, F5 with <tt>--protocol=f5</tt> and Fortinet with <tt>--protocol=fortinet</tt> (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/169">!169</a>).</li>
- <li>Add
support for <a href="https://www.wintun.net/">Wintun</a> Layer 3 TUN driver under Windows, and make it the default on Windows (<a href="https://gitlab.com/openconnect/openconnect/-/issues/231">#231</a>, <a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/178">!178</a>).</li>
+ <li>Add
experimental support for <a href="https://www.wintun.net/">Wintun</a> Layer 3 TUN driver under Windows (<a href="https://gitlab.com/openconnect/openconnect/-/issues/231">#231</a>, <a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/178">!178</a>).</li>
<li>Clean up and improve Windows routing/DNS configuration script (<a href="https://gitlab.com/openconnect/vpnc-scripts/-/merge_requests/26">vpnc-scripts!26</a>).</li>
<li>On Windows, reclaim needed IP addresses from down network interfaces so that configuration script can succeed (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/178">!178</a>).</li>
<li>Fix output redirection under Windows (<a href="https://gitlab.com/openconnect/openconnect/-/issues/229">#229</a>)</li>
projects / users / dwmw2 / openconnect.git / commitdiff