Build a VPN Tunnel with Wintun on Windows – Part 1

Summary

Introduction# I’ve been using Tailscale for years to access my home lab without the need for a public IP. Tailscale can be installed on almost any device, allowing you to securely connect and access them from anywhere. It works as a peer-to-peer, mesh-style VPN, is opensource, and completely free for up to 100 devices and 10 users. They also offer a business plan for larger setups. What always fascinated me was how Tailscale works seamlessly across platforms like Linux, macOS, Android, and Windows. Since I use both Linux and Windows in a dual-boot setup, I started digging deeper. On Linux, it’s straightforward they rely on a TUN interface. But on Windows, I was curious about the Layer 3 adapter being used under the hood. After exploring the Tailscale GitHub repo, I discovered that it uses Wintun a TUN driver for Windows developed by the WireGuard project. Tailscale secures user-space packets using public and private key encryption. That made me curious about how peer-to-peer (P2P) communication could be achieved without encryption by simply exchanging plain packets. In this blog, This part lays the groundwork for creating a VPN tunnel on Windows, which I’ll explore in detail in Part 2. Wintun Windows TUN virtual network interface# Wintun acts as a Layer 3 virtual adapter that allows user-space applications such as VPN software to directly work with IP packets. It functions as a TUN interface, creating a virtual network adapter that provides direct access to network layer (IP) packets through simple file read and write operations. Much like a physical network card, it supports assigning IP addresses, configuring routes, and transmitting data. The key difference is that, unlike real hardware, all packet transmission and handling are managed entirely by user-defined programs in user space. In order to develop WireGuard for Windows, Wintun was developed and open sourced, distributed as a dynamic library. Download wintun# Wintun is developed in C language and distributed...