Hi again,
Il 02/04/20 20:52, Samuli Seppänen ha scritto:
> Il 02/04/20 20:43, Nathan Stratton Treadway ha scritto:
>> On Thu, Apr 02, 2020 at 20:17:23 +0300, Samuli Seppänen wrote:
>>> Il 02/04/20 19:22, Nathan Stratton Treadway ha scritto:
>>>> On Thu, Apr 02, 2020 at 12:17:17 -0400, Nathan Stratton Treadway wrote:
>>>>> On Thu, Apr 02, 2020 at 18:07:26 +0200, Gert Doering wrote:
>>>>>> Hi,
>>>>>>
>>>>>> On Thu, Apr 02, 2020 at 11:48:14AM -0400, Nathan Stratton Treadway wrote:
>>>>>>> So it does seem like the driver is signed by OpenVPN (and not
>>>>>>> Microsoft)... but the version is 9.24. Does that mean it actually is
>>>>>>> the "tap0901" driver, or can the tap-windows6 driver also have a version
>>>>>>> of 9.24?
>>>>>>
>>>>>> All these are "tap-windows6", "tap0901".
>>>>>>
>>>>>> 2.4.7 ships with 9.23 of the tap-windows6 driver, 2.4.8 with 9.24
>>>>>>
>>>>>> There used to be a tap-windows with NDIS5, but I think we never
>>>>>> shipped a 2.4 installer with it - the installer versions with "-I001"
>>>>>> in the name had tap5, the "I601, I602, ..."" ones have tap6.
>>>>>
>>>>> Okay, thanks, that helps.
>>>>>
>>>>> So does the openvpn-install-2.4.8-i602-Win10.exe installer contain both
>>>>> the Windows 7 and Windows 10 versions of the tap-windows6 driver?
>>>>>
>>>>
>>>> Or, I guess a more precise question is: does the tapinstall.exe file
>>>> included in the openvpn-install-2.4.8-i602-Win10.exe installer (which I
>>>> guess is tapinstall v602 , right?) contain both Win 7 and Win 10
>>>> drivers?
>>>
>>> The OpenVPN installers should contain only Windows 7 (cross-signed) or
>>> Windows 10 (attestation-signed) drivers in i386, amd64 and arm64
>>
>> Are you saying that the openvpn-install-2.4.8-i602-Win10.exe installer
>> should contain *only* the Win 10 version of the TAP-windows driver?
>
> Yes, exactly. I had to double-check that from openvpn-build and
> tap-windows6 buildsystems to be sure.
>
>> If so, then the question is where the cross-signed driver is coming from
>> on this box (which has never had any OpenVPN [or TAP] installer other
>> then openvpn-install-2.4.8-i602-Win10.exe run on it)?
>
> That is a very good question. I just launched my lovely arm64 Windows 10
> laptop to check the catalog signatures. I'll report back.
So, with 7zip on Windows I opened
openvpn-install-2.4.8-i602-Win10.exe
-> $TEMP
-> tap-windows.exe
-> driver
That contains OemVista.inf, tap0901.cat and tap0901.sys in three
flavors: i386, amd64 and arm64. I extracted the cat and sys files and
checked their signatures. They were all signed by Microsoft. With
"Get-AuthenticodeSignature <filename>" all showed SignerCertificate
starting with 87D211E3. Checking the File Properties showed that
corresponds to Microsoft.
The installer I extracted had a sha1sum of
9c3fa39b6dc1ca9a02bf940c0509cf58a13fdf7d
That matches the sha1sum of openvpn-install-2.4.8-i602-Win10.exe's which
I just a few minutes ago downloaded from the official download page and
our alternative download server:
<https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.8-I602-Win10.exe>
<https://build.openvpn.net/downloads/releases/openvpn-install-2.4.8-I601-Win10.exe>
At this point I have no clue where a Windows 7 version of the driver
could have appeared from, unless:
- The installer you're using is somehow accidentally not the correct one
- Windows has the Windows 7 driver hidden somewhere (Driver Store)
It is getting late here (9:15 PM) so I won't be around anymore, but will
check back in my morning.
>>> flavors. Verifying that is fairly easy by extracting the installer with
>>> p7zip and checking the signatures of all the *.cat files in it.
>>
>> p7zip on my Ubuntu box (Xenial) refused to open the .exe file, as did
>> 7zr ("Can not open file as archive"). Can you sent a pointer to a
>> website which discusses the type of unpacking-of-installer-file you are
>> talking about?
>
> I've only ever done it on Windows. Verifying the authenticode signature
> signer might be challenging on Linux.
>
>> (Note that I don't run Windows myself, and only have limit access to the
>> Windows machines in question.)
>
>
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
