Il 02/04/20 20:43, Nathan Stratton Treadway ha scritto:
> On Thu, Apr 02, 2020 at 20:17:23 +0300, Samuli Seppänen wrote:
>> Il 02/04/20 19:22, Nathan Stratton Treadway ha scritto:
>>> On Thu, Apr 02, 2020 at 12:17:17 -0400, Nathan Stratton Treadway wrote:
>>>> On Thu, Apr 02, 2020 at 18:07:26 +0200, Gert Doering wrote:
>>>>> Hi,
>>>>>
>>>>> On Thu, Apr 02, 2020 at 11:48:14AM -0400, Nathan Stratton Treadway wrote:
>>>>>> So it does seem like the driver is signed by OpenVPN (and not
>>>>>> Microsoft)... but the version is 9.24. Does that mean it actually is
>>>>>> the "tap0901" driver, or can the tap-windows6 driver also have a version
>>>>>> of 9.24?
>>>>>
>>>>> All these are "tap-windows6", "tap0901".
>>>>>
>>>>> 2.4.7 ships with 9.23 of the tap-windows6 driver, 2.4.8 with 9.24
>>>>>
>>>>> There used to be a tap-windows with NDIS5, but I think we never
>>>>> shipped a 2.4 installer with it - the installer versions with "-I001"
>>>>> in the name had tap5, the "I601, I602, ..."" ones have tap6.
>>>>
>>>> Okay, thanks, that helps.
>>>>
>>>> So does the openvpn-install-2.4.8-i602-Win10.exe installer contain both
>>>> the Windows 7 and Windows 10 versions of the tap-windows6 driver?
>>>>
>>>
>>> Or, I guess a more precise question is: does the tapinstall.exe file
>>> included in the openvpn-install-2.4.8-i602-Win10.exe installer (which I
>>> guess is tapinstall v602 , right?) contain both Win 7 and Win 10
>>> drivers?
>>
>> The OpenVPN installers should contain only Windows 7 (cross-signed) or
>> Windows 10 (attestation-signed) drivers in i386, amd64 and arm64
>
> Are you saying that the openvpn-install-2.4.8-i602-Win10.exe installer
> should contain *only* the Win 10 version of the TAP-windows driver?
Yes, exactly. I had to double-check that from openvpn-build and
tap-windows6 buildsystems to be sure.
> If so, then the question is where the cross-signed driver is coming from
> on this box (which has never had any OpenVPN [or TAP] installer other
> then openvpn-install-2.4.8-i602-Win10.exe run on it)?
That is a very good question. I just launched my lovely arm64 Windows 10
laptop to check the catalog signatures. I'll report back.
>> flavors. Verifying that is fairly easy by extracting the installer with
>> p7zip and checking the signatures of all the *.cat files in it.
>
> p7zip on my Ubuntu box (Xenial) refused to open the .exe file, as did
> 7zr ("Can not open file as archive"). Can you sent a pointer to a
> website which discusses the type of unpacking-of-installer-file you are
> talking about?
I've only ever done it on Windows. Verifying the authenticode signature
signer might be challenging on Linux.
> (Note that I don't run Windows myself, and only have limit access to the
> Windows machines in question.)
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
