Create a simple VPN application with the help of Microsoft Loop back adapter ?

NTDEV
1

I am trying to create a simple VPN application without any external drivers .

My Logic is :

I created a Microsoft Loop back adapter with the help of Devcon . Using this as my VPN driver for reading and writing packet (from Microsoft Loop back adapter ) . Also i want to create a Tunnel with this adapter . Can i do this logic ?

Next what i tried is , I opened this adapter handle with the help of “CreateFile” API and With the help of “ReadFile” API , i am reading packets .

code :

HANDLE hand;

// Obtain handle to Device File for custom driver with GUID of the microsoft Loopback adapter

hand = CreateFile(L"\\.\{GUID}", GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING,
FILE_FLAG_NO_BUFFERING, NULL);

if (hand == INVALID_HANDLE_VALUE){
printf(“handle failed with error: %ld\n”, GetLastError());
}
else{
printf(“Handle sucess\n”);

CHAR readBuffer[32];
DWORD bytesRead = 0;

BOOL success = ReadFile(hand, readBuffer, sizeof(readBuffer), &bytesRead, NULL);
if (success)
printf(“Read File status is success \n”);
else
{
DWORD error = GetLastError();
printf(“read file error code : %ld\n”, GetLastError());

}
}

But after running this application , i got reading error like :

read file error code : 50

But CreateFile handle is got success . Any suggestions ? Any help ?

2

On May 29, 2017, at 8:33 AM, xxxxx@gmail.com wrote:

I am trying to create a simple VPN application without any external drivers .

My Logic is :

I created a Microsoft Loop back adapter with the help of Devcon . Using this as my VPN driver for reading and writing packet (from Microsoft Loop back adapter ) . Also i want to create a Tunnel with this adapter . Can i do this logic ?

Next what i tried is , I opened this adapter handle with the help of “CreateFile” API and With the help of “ReadFile” API , i am reading packets .
code :

But after running this application , i got reading error like :

read file error code : 50

Error 50 is ERROR_NOT SUPPORTED. What makes you think the loopback adapter supports ReadFile and WriteFile requests? Where would those requests go? It expects to get network requests through the normal network stacks.

Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

3

@Tim Roberts . That is why i tried these read/write request . Anyway if there is no such request , it should be a default ICOTL call . Isn’t ? But i am getting ERROR_NOT SUPPORTED . This is interesting . So this means . i should create new driver . I can’t use Microsoft Loop back adapter as my driver . Isn’t ?

4

xxxxx@gmail.com wrote:

@Tim Roberts . That is why i tried these read/write request . Anyway if there is no such request , it should be a default ICOTL call . Isn’t ?

I don’t know what that means, and I don’t think you do, either. There
is no “default ioctl call”. If you send a read or write request to a
driver that doesn’t accept them, or if you send an ioctl code that is
not in the driver’s supported list, you’ll get ERROR_NOT SUPPORTED.
It’s just that simple.

So this means . i should create new driver . I can’t use Microsoft Loop back adapter as my driver . Isn’t ?

You cannot make direct application calls into a network driver. Network
drivers are accessed indirectly through socket calls.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

5

Use the RAS API’s from usermode. RasSetEntryProperties, RASDial etc
J

6

Note that socket handles are IFS handles on all reasonable versions of Windows, so from UM applications can and do call ReadFile / WriteFile on socket handles in addition to the Winsock functions.

This is clearly not true of network adapter drivers (loopback or otherwise) that have upper edges that NDIS protocol drivers are bound to. These protocol drivers (including TCP/IP) then expose interfaces into higher levels of the OS that ultimately expose a socket interface to applications via Winsock (and drivers via Kernel sockets)

Sent from Mailhttps: for Windows 10

From: Tim Robertsmailto:xxxxx
Sent: May 30, 2017 12:39 PM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: Re: [ntdev] Create a simple VPN application with the help of Microsoft Loop back adapter ?

xxxxx@gmail.com wrote:
> @Tim Roberts . That is why i tried these read/write request . Anyway if there is no such request , it should be a default ICOTL call . Isn’t ?

I don’t know what that means, and I don’t think you do, either. There
is no “default ioctl call”. If you send a read or write request to a
driver that doesn’t accept them, or if you send an ioctl code that is
not in the driver’s supported list, you’ll get ERROR_NOT SUPPORTED.
It’s just that simple.

> So this means . i should create new driver . I can’t use Microsoft Loop back adapter as my driver . Isn’t ?

You cannot make direct application calls into a network driver. Network
drivers are accessed indirectly through socket calls.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.


NTDEV is sponsored by OSR

Visit the list online at: http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:></mailto:xxxxx></mailto:xxxxx></https:>

7

Thanks @Tim Roberts @Jason Stephenson @M M for your valuable suggestions . From your suggestion i can understand that Network drivers are accessed indirectly through socket calls.

Can you please suggest any useful doc/links for how to write samples to access Network drivers indirectly through socket calls ?

And still i have a doubt : can i use Microsoft loop back adapter as a virtual device driver with assigning some static IP address ? After that can i communicate with this drivers via through socket calls ?

8

On May 30, 2017, at 11:21 PM, xxxxx@gmail.com wrote:

Thanks @Tim Roberts @Jason Stephenson @M M for your valuable suggestions . From your suggestion i can understand that Network drivers are accessed indirectly through socket calls.

Can you please suggest any useful doc/links for how to write samples to access Network drivers indirectly through socket calls ?

If you don’t know socket calls, then you are obviously not ready to write or simulate network drivers.

And still i have a doubt : can i use Microsoft loop back adapter as a virtual device driver with assigning some static IP address ? After that can i communicate with this drivers via through socket calls ?

The loopback adapter will show up as any other network adapter. You can assign a static IP address to it just like you assign a static IP address to any other network adapter. If you create a socket that routes to that IP address, then the data will go through the loopback adapter. But then what?

Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

9

The “loopback adapter” is almost never what you want. It would be better named the “blackhole adapter”: all Tx traffic gets dumped into /dev/null, and it simply doesn’t support Rx at all. It only exists for rare cases where an application insists on partying on *some* network interface, but you don’t want it to see any real network.

If you want an easy way to create a custom VPN, start here: https://docs.microsoft.com/en-us/uwp/api/windows.networking.vpn

If you have to build something that works on Windows 7 or earlier operating systems, then you’ll need something else. You can build your own kernel driver. Or (and this is not an endorsement, but merely a mention), many companies elect to reuse TAP from OpenVPN.

10

@Tim Roberts thanks for your suggestions . Ok . I can give static Ip address to that loop back adapter . Can i do VPN tunneling over Loop back adapter ? I am not sure with this adapter .

@Jeffrey I went through the UWP VPN APIs . But this is only for windows 10 and later version . I want to create application for windows 7 onward OS . Most of the companies use TAP from openVPN . But i don’t want to create any external driver , Here i am trying to create VPN application with using existing Microsoft Loop back adapter . Is this possible ?

11

Note too that the class A network 127.0.0.0/8 is reserved for loopback addresses. While it is possible to use another address, it would be a non standard configuration. By default Windows, and just about every other platform in existence, has a loopback adapter installed with 127.0.0.1 as the IP address.

In Windows, using Kernel Mode Sockets, it is certainly possible to communicate with a driver, but why would you want to? The only reasonable answer is to allow your UM software to communicate with a KM server that may or may not be located locally without using any special case code.

Obviously, you don?t communicate with the loopback adapter per se, you communicate over the loopback adapter with some other process or driver on your system

To learn about IP and socket operations, start with google. There is a wealth of information on the net as the basics of this are 40+ years old

Sent from Mailhttps: for Windows 10

From: Tim Robertsmailto:xxxxx
Sent: May 31, 2017 2:55 AM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: Re: [ntdev] Create a simple VPN application with the help of Microsoft Loop back adapter ?

On May 30, 2017, at 11:21 PM, xxxxx@gmail.com wrote:
>
> Thanks @Tim Roberts @Jason Stephenson @M M for your valuable suggestions . From your suggestion i can understand that Network drivers are accessed indirectly through socket calls.
>
> Can you please suggest any useful doc/links for how to write samples to access Network drivers indirectly through socket calls ?

If you don’t know socket calls, then you are obviously not ready to write or simulate network drivers.

> And still i have a doubt : can i use Microsoft loop back adapter as a virtual device driver with assigning some static IP address ? After that can i communicate with this drivers via through socket calls ?

The loopback adapter will show up as any other network adapter. You can assign a static IP address to it just like you assign a static IP address to any other network adapter. If you create a socket that routes to that IP address, then the data will go through the loopback adapter. But then what?
?
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.


NTDEV is sponsored by OSR

Visit the list online at: http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:></mailto:xxxxx></mailto:xxxxx></https:>

12

Yes, it is possible to create a VPN tunnel over a loopback adapter, as long as the VPN client and server run on the same machine, but other than for debugging purposes this is a useless config.

Surely you can see why its only value would be for debugging the connection sequence (not even data transfer)

Sent from Mailhttps: for Windows 10

From: xxxxx@gmail.commailto:xxxxx
Sent: June 1, 2017 11:20 AM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: RE:[ntdev] Create a simple VPN application with the help of Microsoft Loop back adapter ?

@Tim Roberts thanks for your suggestions . Ok . I can give static Ip address to that loop back adapter . Can i do VPN tunneling over Loop back adapter ? I am not sure with this adapter .

@Jeffrey I went through the UWP VPN APIs . But this is only for windows 10 and later version . I want to create application for windows 7 onward OS . Most of the companies use TAP from openVPN . But i don’t want to create any external driver , Here i am trying to create VPN application with using existing Microsoft Loop back adapter . Is this possible ?


NTDEV is sponsored by OSR

Visit the list online at: http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:></mailto:xxxxx></mailto:xxxxx></https:>

13

vinay kp wrote:

Can i do VPN tunneling over Loop back adapter ?

I just wanted to make sure everyone saw this.

This is possibly the most absurd question I have ever seen on this list in 10+ years.

Vinay, I think it might be time to talk about a career change.

14

> If you don’t know socket calls, then you are obviously not ready to write or simulate

network drivers.

Well, the OP just asks you, in their parlance, to “guide him on it” . Therefore, I guess you should
help him with this part (plus provide him with some “guidance” on “VPN over loopback interface” topic as well) - after all, we were all inexperienced once, right…

Anton Bassov

15

> Can i do VPN tunneling over Loop back adapter ?

Actually, it seems to be a pretty good topic for the one of the 1st of April RFCs, along with “Electricity over IP”, " TCP over Avian Carriers" and all other humourous stuff. In other words, Vinay has finally managed to do at least something useful in his career…

Anton Bassov

16

Thanks for your valuable suggestion guys . After lot of research i change the idea of Microsoft Loop back adapter . I am trying to create new kernel driver .

Now also i am confused : which driver should i wrote ? I am newbie for creating a driver . But i will try by researching documents and I can get driver samples from Microsoft .This is not a problem . but how can i choose the suitable driver ?

I have several options like NDIS netvmini adapter , Miniport with filter driver , NDIS MUX Intermediate Driver , NDIS filter driver alone . But which is more suitable for creating a simple VPN application ?
What is the difference between each type of driver ?

17

This is what i done :

I have designed a server that accepts TCP packets specialized for Tunneling. It can not support IPSEC, L2TP and PPTP . In Windows , I need to create a virtual Adapter, so that It accepts packets from all the system, and creates a final TCP packet and forwards it to server . But which driver should i write ? an suggestions ?

I have several options like NDIS netvmini adapter , Miniport with filter driver , NDIS MUX Intermediate Driver , NDIS filter driver alone . But which is more suitable for creating a simple VPN application ? What is the difference between each type of driver ?

18

A brief check of the archives shows that you have been posting your NDIS-related questions to this list since September 2015, and have posted 182 of them in so far. In June 2017 you are telling us that you are still unaware of either the most basic networking concepts or NDIS driver types. I am afraid getting ANY help here may get quite problematic for you under these circumstances.

I would suggest going through kind of"reincarnation" process - just change your display name from Vinay KP to something like Praveen MP or Aditya PC, and keep on asking. At this point you will start getting help again, no matter how obtuse you are - the usual suspects will be saying something to the effect of “we were all inexperienced once”, and it will work this way for quite a while. In two years or so everyone will give up on you again, so that you go through another “reincarnation” and so on and so forth…

Anton Bassov