Peer-to-Peer Networking: Building a VPN Tunnel with Wintun on Windows - Part 1
Key Takeaways
- Tailscale uses the Wintun TUN driver on Windows to create a secure, peer-to-peer VPN connection.
- Wintun acts as a Layer 3 virtual network adapter, allowing user-space applications to directly manipulate IP packets.
- Wintun was originally developed for the WireGuard project and is open-sourced and distributed as a dynamic library.
- The author explores setting up a custom tunnel by downloading Wintun and using Go to interface with its capabilities.
- Configuring the virtual network card, including assigning IP addresses and routes, requires using specific Windows APIs after obtaining the device's LUID.
The author, a long-time user of Tailscale for accessing their home lab securely, delves into the underlying technology used on Windows, contrasting it with the straightforward TUN interface on Linux. They discovered that Tailscale leverages Wintun, a TUN driver for Windows created and open-sourced by the WireGuard project, to manage Layer 3 virtual networking. Wintun enables user-space applications like VPN software to interact directly with IP packets via simple read/write operations, functioning much like a hardware network card but entirely managed by software. The article then guides the reader through the practical steps of using Wintun, which is written in C and distributed as a dynamic library, requiring selection of the correct architecture (amd64 or x86). The author demonstrates how to compile a Go program that utilizes the Wintun GO interface binding to create a virtual network card, noting potential DLL loading errors if wintun.dll is misplaced. Finally, the process concludes with using Windows APIs, referenced from WireGuard's source code, to programmatically assign an IP address (e.g., 100.64.1.1/24) and configure routing for the newly created virtual adapter.
