TUN_IFACE_CREATE, cannot acquire TAP handle

[gznail]

When I use openvpn3, I get an error when I use TapWindows6.

[Log]Fri Aug 26 10:38:08 2022 TAP ADAPTERS:Open TAP device "" PATH="" FAILED
[Log]Fri Aug 26 10:38:08 2022 TUN Error: cannot acquire TAP handle
[Event]Fri Aug 26 10:38:08 2022 TUN_IFACE_CREATE, cannot acquire TAP handle, error:1, fatal:1

When TAP_WIN_COMPONENT_ID is defined as tap0901, tun can be created,Why does TAP_WIN_COMPONENT_ID have no defined value?

Does Windows use TapWindows driver in openvpn3 need admin privileges?

[lstipakov]

How do you build core library? Note that official CMake scripts set TAP_WIN_COMPONENT_ID to tap0901.

Using of tap-windows6 driver doesn't require admin privileges.

[gznail]

@lstipakov Thanks Reply！
I follow the usage of cli.cpp，just test the functionality.

class ClientBase : public ClientAPI::OpenVPNClient {
public:
	bool socket_protect(int socket, std::string remote, bool ipv6) override;
};

namespace VPN {
	class Client : public ClientBase {
	public:
		void print_stats();
		std::string read_profile(const char* fn, const std::string* profile_content);
	private:
		virtual void event(const ClientAPI::Event& ev) override;
		virtual void log(const ClientAPI::LogInfo& log) override;
		virtual void external_pki_cert_request(ClientAPI::ExternalPKICertRequest& certreq) override;
		virtual void external_pki_sign_request(ClientAPI::ExternalPKISignRequest& signreq) override;
		virtual bool pause_on_connection_timeout() override;
	};
}

bool ClientBase::socket_protect(int socket, std::string remote, bool ipv6)
{
	//std::cout << "NOT IMPLEMENTED: *** socket_protect " << socket << " " << remote << std::endl;
	return true;
}

void VPN::Client::print_stats()
{

}

void VPN::Client::event(const ClientAPI::Event& ev)
{
	if (ev.name != "" && m_reportEvent != nullptr) {
		m_reportEvent(ev.name.c_str(), ev.info.c_str(), m_reportEventPtr);
	}
	
	VPN::Log::GetInstance()->WriteLog("[Event]%s %s, %s, error:%d, fatal:%d\n", date_time().c_str(), ev.name.c_str(), ev.info.c_str(), ev.error, ev.fatal);
}

void VPN::Client::log(const ClientAPI::LogInfo& log)
{
	VPN::Log::GetInstance()->WriteLog("[Log]%s %s\n", date_time().c_str(), log.text.c_str());
}

void VPN::Client::external_pki_cert_request(ClientAPI::ExternalPKICertRequest& certreq)
{

}

void VPN::Client::external_pki_sign_request(ClientAPI::ExternalPKISignRequest & signreq)
{

}

bool VPN::Client::pause_on_connection_timeout()
{
	return false;
}

std::string VPN::Client::read_profile(const char* fn, const std::string* profile_content)
{
	ProfileMerge pm(fn, "ovpn", "", ProfileMerge::FOLLOW_FULL,
					ProfileParseLimits::MAX_LINE_SIZE, ProfileParseLimits::MAX_PROFILE_SIZE);
	if (pm.status() != ProfileMerge::MERGE_SUCCESS) 
		return "";
	return pm.profile_content();
}

But when I am a non-admin account, the client assigns the IP successfully, but the setting of the virtual network IP is unsuccessful.

[lstipakov]

To manipulate network settings, you need to either run openvpn process with elevated privileges or use agent service.

[gznail]

To manipulate network settings, you need to either run openvpn process with elevated privileges or use agent service.
That is to say, windows must be under administrator privileges to use openvpn3 normally.

[gznail]

If I do not install the Tapwindows/wintun driver through the openvpn-2.xx client, is there any other way to install it separately?

[lstipakov]

This repo is a library, not full-fledged client. Installing the driver is outside the scope of this library. The easiest way to get the driver is to install openvpn2 client.

[OPstriker]

If I do not install the Tapwindows/wintun driver through the openvpn-2.xx client, is there any other way to install it separately?

It is possible but you would need Admin Privileges to set it up and I'm not sure whether it's possible with WinTun.

1. Get the driver from here. (tap-windows-9.24.6.zip in my case.)
2. Extract it and Go inside the desired directory using cmd or powershell with Admin Privileges.
3. then run .\tapinstall.exe install .\OemVista.inf tap0901 to install the driver.
4. To uninstall run .\tapinstall.exe remove tap0901

My Drivers are installed during the installion of the Client and likewise removed during un-install.

[gznail]

If I do not install the Tapwindows/wintun driver through the openvpn-2.xx client, is there any other way to install it separately?

It is possible but you would need Admin Privileges to set it up and I'm not sure whether it's possible with WinTun.

1. Get the driver from here. (tap-windows-9.24.6.zip in my case.)
2. Extract it and Go inside the desired directory using cmd or powershell with Admin Privileges.
3. then run .\tapinstall.exe install .\OemVista.inf tap0901 to install the driver.
4. To uninstall run .\tapinstall.exe remove tap0901

My Drivers are installed during the installion of the Client and likewise removed during un-install.
@OPstriker Thank you very much, the method can achieve Tapwindows installation, but wintun does not seem to be feasible. Is there any way to install wintun independently?

[OPstriker]

Sorry for the late reply, but WinTun seems tricky and I failed to install it (Create the Adapter).

build.openvpn.net provides merge module files such as wintun-amd64-0.8.1.msm, and is installed using Microsoft Visual Studio Installer Projects (or idk an installer that supports merge modules.) I Tried it except it didn't create my Adapter :/, or maybe i'm missing something?

The other option would be to look at WinTun and look at how they create the Adapter. I haven't Yet, got to implement WinTun into my App, so I can't really provide much help...

Hope this Helps...