Wintun is a very simple and minimal TUN driver for the Windows kernel, which provides userspace programs with a simple network adapter for reading and writing packets. It is akin to Linux's /dev/net/tun and BSD's /dev/tun. Originally designed for use in WireGuard, Wintun is meant to be generally useful for a wide variety of layer 3 networking protocols and experiments. The driver is open source, so anybody can inspect and build it. Due to Microsoft's driver signing requirements, we also offer precompiled and signed versions, and ways of including it in Windows installers. The goal of the project is to be as simple as possible, opting to do things in the most pure and straight-forward way provided by NDIS.
This code is brand new, and it will likely take us another month to harden it from a security perspective, ensure it doesn't crash, and tune its performance. Read the mailing list announcement for more details on this matter. (This paragraph will be removed when those tasks are complete.)
The source code is provided under the GPL 2.0 and is available via git:
$ git clone https://git.zx2c4.com/wintun
Be sure to read the README.md, containing important instructions on building.
A prebuilt and signed version of Wintun is available for download alongside a detached PGP signature using AB99 42E6 D4A4 CFC3 4126 20A7 49FC 7012 A5DE 03AE. (Note: prebuilt and signed msis will be available following a security review; see status section above.)
Contribution & Contact
You may email the WireGuard mailing list with patches sent via git-send-email and formatted with git-format-patch. To report security vulnerabilities, please email security at wireguard dot com; you may use the PGP key listed above.