Comments (4)
@wojcik91 Please describe status of your initial analysis in that matter.
from wireguard-rs.
@kchudy some key aspects of what I found out:
- WireGuard provides official DLLs for embedding WireGuard within Windows apps: https://www.wireguard.com/embedding/
- on the Go side of thing there are already wrappers for
wintun.dll
etc that largely simplify things; those are use for example by Netbird - I tried to play around with loading DDLs manually, but was not succesfull yet
- I did not test those yet, but there are some crates which claim to provide wintun wrappers: https://crates.io/crates/wintun (important to note that this driver is lower level and not WireGuard specific)
- there are official Microsoft-provided binding for interacting with Windows APIs: https://github.com/microsoft/windows-rs
- since we already have a precedent in macOS with wireguard-go, we could potentially get away with just using the official client
wg.exe
which provides a basic CLI for creating tunnels; this could later be swapped for a more robust embedded solution - following previous UNIX implementations we should probably communicate with running interfaces using native IPCs like
wg-quick
: https://git.zx2c4.com/wireguard-tools/tree/src/ipc-windows.h
from wireguard-rs.
Conclusions so far:
- Implementation should focus mainly on: implementing wireguard-rs for windows, preparing an MSI package that installs defguard-client and runs defguard-service as a superuser service.
- boringtun was dropped as it only provides a C library for windows. There's no binary ready to use for windows.
- Both embeddable-dll-service and the WireGuardNT project assume that a process with the loaded DLL is a tunnel. The process needs to be kept alive in order to have the tunnel running. The tunnel can then be managed using the functions provided in the DLL. This approach would require creating a windows service capable of spawning the tunnel processes, storing tunnel handles and providing an API for managing the tunnels. The implementation should not be part of wireguard-rs as the library is stateless by design and relies on external components that do the actual tunnel management (kernel or userspace).
- The latest approach assumes using the official wireguard client for windows. The plan is to install the wireguard client after installing the defguard client using the official MSI and a silent install mode (
msiexec \quiet
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/msiexec#syntax-1). The windows defguard-service could then create a tunnel using the wireguard.exe command https://git.zx2c4.com/wireguard-windows/about/docs/enterprise.md#tunnel-service. The tunnel service can then be managed using system calls (like sc) or by sockets (same as with macos implementation, this needs to be checked if the tunnel service can be managed using sockets).
from wireguard-rs.
About silent install https://r-pufky.github.io/docs/services/wireguard/windows-setup.html#slient-install
After silent wireguard install wireguard GUI is displayed anyway. Here's how to disable this https://www.ericlight.com/getting-wireguard-on-windows-quietly.html
from wireguard-rs.
Related Issues (20)
- Wireguard-rs on crates.io HOT 1
- Presharedkey support HOT 8
- How work write and delete peer ? HOT 3
- Can clone trait cause damage to host and WGApi ? HOT 3
- OS Error 19 with defguard_wireguard_rs 0.2.0 from crates.io for the server example HOT 1
- Unable to change existing WireGuard interface address on Linux HOT 1
- Sequence of creating peers and host blurry HOT 3
- Mutiple allowed ips not working in peer (wg show) HOT 1
- Enrich example with how to use preshared key inside the server.rs
- Route adding when creating the interface not working
- Mandatory steps for configuring the peer ?
- Clone trait for the WGApi ? HOT 1
- Release wireguard-rs 0.3
- After disconnecting DNS rules are not removed
- Release wireguard_rs 0.3.1
- Provide Example for presharedkey implementation HOT 1
- Update README Wireguard-RS with Windows
- Remove sensitive info from debug logs on Windows
- Add option to set MTU
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wireguard-rs.