From 8c1d2de09829d0930d1a7642b0729cd6cbf5ab67 Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Tue, 30 Mar 2021 17:52:19 -0700 Subject: [PATCH] Remove TAP-Windows driver from installer, and update docs to reference Wintun's default inclusion Signed-off-by: Daniel Lenski --- Makefile.am | 19 ++++--------------- openconnect.nsi.in | 15 --------------- www/building.xml | 9 ++++++--- www/changelog.xml | 2 +- 4 files changed, 11 insertions(+), 34 deletions(-) diff --git a/Makefile.am b/Makefile.am index 2cd27afa..05f118dc 100644 --- a/Makefile.am +++ b/Makefile.am @@ -293,19 +293,8 @@ export V AM_DEFAULT_VERBOSITY bindir OBJDUMP file-list.txt: Makefile.dlldeps openconnect$(EXEEXT) libopenconnect.la $(WINTUN_DLL) @$(MAKE) --no-print-directory -f $< $@ -# OpenVPN TAP driver for Windows Vista/2003 and newer -# (see https://community.openvpn.net/openvpn/wiki/GettingTapWindows) -TAPDRIVER = tap-windows-9.21.2.exe -TAPSHA256 = 645bee92ba4e9f32ddfdd9f8519dc1b9f9ff0b0a8e87e342f08d39da77e499a9 - -$(TAPDRIVER): - curl https://build.openvpn.net/downloads/releases/tap-windows-9.21.2.exe -o $@ - -# Validate file and also let make find it in VPATH -file-list-$(TAPDRIVER).txt: $(TAPDRIVER) - echo $(TAPSHA256) $< | sha256sum -c - echo $< > $@ - +# Wintun Layer 3 TUN driver for Windows 7 and newer +# (see https://wintun.net) WINTUNDRIVER = wintun-0.10.2.zip WINTUNSHA256 = fcd9f62f1bd5a550fcb9c21fbb5d6a556214753ccbbd1a3ebad4d318ec9dcbef @@ -327,10 +316,10 @@ file-list-%.txt: % # Rather than trying to get clever in NSIS and iterate over lists, # just emit raw snippets to be included separately in the install # and uninstall sections. -instfiles.nsh: file-list.txt file-list-vpnc-script-win.js.txt file-list-$(TAPDRIVER).txt +instfiles.nsh: file-list.txt file-list-vpnc-script-win.js.txt $(AM_V_GEN) cat $^ | while read FILE; do echo "File \"$${FILE}\"" ; done > $@ -uninstfiles.nsh: file-list.txt file-list-vpnc-script-win.js.txt file-list-$(TAPDRIVER).txt +uninstfiles.nsh: file-list.txt file-list-vpnc-script-win.js.txt $(AM_V_GEN) cat $^ | while read FILE; do echo "Delete /rebootok \"\$$INSTDIR\\\\$${FILE##*/}\"" ; done > $@ # Theoretically makensis can define symbols with the -D command line diff --git a/openconnect.nsi.in b/openconnect.nsi.in index c6d89472..1a0c4795 100644 --- a/openconnect.nsi.in +++ b/openconnect.nsi.in @@ -71,21 +71,6 @@ Section "Desktop Icons" CreateShortCut "$DESKTOP\openconnect.exe.lnk" "$INSTDIR\.\openconnect.exe" "" "$INSTDIR\.\openconnect.exe" 0 SectionEnd -Section "TAP-Windows driver" - MessageBox MB_OK \ - "OpenConnect uses the TAP-Windows driver from OpenVPN to create virtual Ethernet adapters for \ - VPN connections. If you haven't already installed this driver, you should now install v9.21.2, \ - which works on Windows 2003, Windows Vista, or newer. \ - More information on this driver, and available versions, can be found at \ - https://community.openvpn.net/openvpn/wiki/GettingTapWindows" - - MessageBox MB_YESNO "Install TAP-Windows driver v9.21.2?" /SD IDYES IDNO endTapWindows - DetailPrint "Running TAP-Windows driver setup..." - ExecWait "$INSTDIR\tap-windows-9.21.2.exe" - DetailPrint "Finished TAP-Windows driver setup" - endTapWindows: -SectionEnd - Section "Uninstall" Delete /rebootok "$DESKTOP\openconnect.exe.lnk" Delete /rebootok "$SMPROGRAMS\OpenConnect\openconnect.exe.lnk" diff --git a/www/building.xml b/www/building.xml index be108924..eb3e8458 100644 --- a/www/building.xml +++ b/www/building.xml @@ -5,7 +5,7 @@ - +

Building OpenConnect

@@ -118,8 +118,11 @@ require additional kernel modules to be installed.

Solaris/OpenIndiana users will need the Solaris TAP driver. Note that for IPv6 support, the Solaris tun/tap driver from 16th Nov 2009 or newer is required.

-

On Windows, version 9.9 or later of the TAP-Windows driver from the OpenVPN project is required. The easiest way to install the driver is to use the Windows installer from the Community Downloads page. The 64-bit installer contains signed drivers suitable for use on Windows 7 and later versions.

+

On Windows, OpenConnect can use either the +TAP-Windows driver from OpenVPN (version 9.9 or +later; requires Windows 2003 or newer) or the Wintun layer-3 driver from Wireguard +(requires Windows 7 or newer). The more modern Wintun driver is included in the OpenConnect installer, starting +with OpenConnect v9.00.

- diff --git a/www/changelog.xml b/www/changelog.xml index ca2a6885..2a9551c9 100644 --- a/www/changelog.xml +++ b/www/changelog.xml @@ -38,7 +38,7 @@
  • Restore compatibility with newer Cisco servers, by no longer sending them the X-AnyConnect-Platform header (#101, !175)
  • Add support for PPP-based protocols, currently over TLS only (!165).
  • Add support for two PPP-based protocols, F5 with --protocol=f5 and Fortinet with --protocol=fortinet (!169).
    • -
  • Add support for Wintun Layer 3 TUN driver under Windows.
    • +
  • Add support for Wintun Layer 3 TUN driver under Windows (#231).
  • Fix output redirection under Windows (#229)
  • More gracefully handle Pulse/NC idle timeouts and other Pulse fatal errors (!187)
  • Ignore failures to fetch the NC landing page if the authentication was successful.
    • -- 2.50.1