Hi!
Finally, I have some MSI material to share with community. My playground is at https://github.com/rozmansi/tap-windows6. It proved a lot more work than I estimated back in Karlsruhe. The core problem was driver install and TAP interface creation within the MSI package. Well actually, the core problem was lack of my time. 1. tapctl.exe Anyway, a tapctl.exe utility was developed (msi/src/tapctl). It is a command line utility to manage TAP interfaces. It is not a snap-in replacement for devcon/tapinstall - it is GPLv2 licenced and was designed from ground up especially for OpenVPN. Main features of tapctl.exe are: * Creation of (named) TAP interfaces - being able to set the name of the TAP interface to be created allows automation. The "Local Area Connection 2", "Ethernet 2" and random names like that just don't. * Removal of individual network interfaces (by name or GUID) * Network interface listing * It does not install or update TAP driver. The TAP driver must be installed by other means. It only manipulates (TAP) network interfaces. The network interface management source is located in separate tap.h/.c files suitable to be reused in OpenVPN project itself (imagine --mktun on Windows). That's why I chose C language in the end - though I would prefer C++. I remember David had an idea at our lunch discussion to be nice to be able to reuse the code in OpenVPN. For the time being, there is no "remove all TAP interfaces" function. If people will miss it, I can add it. 2. Driver installation The TAP driver installation/upgrade is handled by WiX. WiX already provides MSI custom actions for this task and that functionality was reused. Since the driver will need to be build on Windows anyway, I'll leave TAP-Windows6 MSI packaging to WiX. Note that OpenVPN itself will have quite simple setup in comparison and should allow us to use msitools for packaging. The MSI package also installs OpenVPN Inc.'s certificate before installing the driver. This avoids the trust prompt on driver install and is important when installing MSI package using GPO or some other unattended mean deployment. 3. Initial TAP interface installation Rather than using tapctl.exe to create the initial TAP interface on first install, an MSI custom action DLL was developed (msi/src/tapca). It features: * Existing TAP interface enumeration on initialization * A custom MSI table is used to list the TAP interfaces to create on install and delete on uninstall. This allows IT admins to author MSI with own set of TAP interfaces to install. * A complete set of execute/rollback/commit functionality is implemented, allowing complete rollback on install failure. By default, the MSI packages are authored to install a single TAP interface named "OpenVPN" if there are no existing TAP interfaces on computer: fresh installs will create "OpenVPN" TAP interface, upgrades will leave TAP interfaces intact. 4. The MSI packages The MSI packages are built using WiX Toolset. They provide simple UI (no EULA nagging). They detect the previous setup of TAP-Windows6 (including the NSIS one) and reuse the installation folder. The NSIS leftover files and registry data is cleaned. As mention before, the MSI setup installs/updates TAP driver and install "OpenVPN" TAP interface on first install. When any TAP interface exists (even from NSIS installs) it will skip creation of "OpenVPN" interface. There is one MSI file for each platform. ARM and ARM64 platforms are ready but commented for the time being - waiting for ARM64 driver support (Jon Kunkee patch), WiX support for ARM64 platform, somebody actually having an ARM64 Windows 10 device to test etc. 5. Building The building how-to is described in msi/README.rst. Meanwhile, I have published binaries for testing at https://github.com/rozmansi/tap-windows6/releases/tag/9.21.2-1. Remember: this is TAP driver and TAP network interface installation MSI only. 6. TODO * Thoroughly test upgrading (use old TAP drivers to make MSI packages for past versions) * Prepare self-extracting EXE installer to contain all MSI packages and a bootstrapper to launch msiexec /i with the platform-specific MSI * Integrate into tap-windows6 build process - discuss options to revise building process (Jon Kunkee proposals) * Prepare MSI packages for OpenVPN Best regards, Simon
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
