FEDAnet project

Proposal Readings Download License Donate

previous • index

What do we do with Win/*: request for suggestions

Wed Mar 4 02:45:35 2026 UTC

Dear visitors,

I'm not very familiar with Windows/* platform, so I have insufficient background to understand how to support FEDAnet on Windows. Well, there's a deliberate decision to make it impossible or at least hard to run the node implementation (well, let's call it a full version of fedaserv) on Win machines; however, I feel we actually need some level of support for running point software on them, just to allow node masters popularize the network among those Windows users who won't switch from Windows even for a ton of gold.

The problem is that Windows don't natively support the tun/tap userspace VPN implementation framework, on which FEDAnet depends heavily. As planned, the FEDAnet itself shall provide connectivity between IPv6 subnets corresponding to nodes and points, while all the application software will use this connecivity in a more or less usual manner, that is, connecting to each other using TCP (and perhaps sometimes UDP as well). For all this to work, there must be a clear way to pass a packet to FEDAnet for delivery, and to inject a packet back to the local TCP/IPv6 stack implementation once the packet is delivered from a remote node. Both in Linux and BSDs, FEDAnet is going to use virtual interfaces of the tun type (usually named feda0) for this purpose.

Initially I planned to support a kind of special functioning mode, in which the "client" daemon opens some ports locally on its own and forwards traffic between them and the node (which runs somewhere else, presumably on a server or the like). Well, perhaps this is not too hard to achieve for UDP. For TCP, however, I suddently realized I'd have to implement a good working replacement for the TCP itself, which, roughly speaking, is all about providing a virtual stream connection atop of unreliable packets: for TCP, those are IP packets, and for FEDAnet, they would be UDP dgrams, but the problem is essentially the same: all those transfer windows, MTU path discoveries, confirmation packets and all the mess. Having tun/tap interfaces on decent operating systems, we can leave all the trouble to the existing TCP/IP stack, which is already there in the kernel, ready to serve us. On Windows there's no tun/tap interface, so we can't: the implementation is there, but there's no way to access it.

What solutions I see here. First, there perhaps will be something for Android, actually there must be no big problem to create it, as Android is a (bad kind of) Linux, and it supports the tun/tap interface. Perhaps we can make an Android device serve as a "router", which the client application(s) running on a Windows PCs (and perhaps organized as large multi-purpose executables) will use to connect to servers in FEDAnet. An appropriate IPv6 address and route will have to be configured on such a PC, but this is solvable (well, even by that bundle application itself).

Another direction I see is that WSL thing. I'm not sure if it really supports tun/tap, but chances are it does. To use it, we'll perhaps need to prepare 'special' minimalistic Linux distro which only solves the task of running fedaserv in a simplified (client) mode (which, BTW, isn't implemented as of now). Well, any steps in this direction should only be taken once someone confirms (experimentally) that fedaserv can run on WSL and provide IPv6 connectivity for the whole machine (that is, for applications running on the host Win/* system natively). Unfortunately, this approach has a fundamental flaw: WSL is a relatively new thing, and the versions of Windows that support it won't run on older machines.

May be I overlook something here. Any opinions/suggestions?

P.S. Folks, one more thing: no matter what we discuss around Windows, there must be no steps towards any devices produced by Apple, be it an iPhone, or a MacBook, or whatever. Ideally, no FEDAnet software should ever run on those. I realize this is perhaps not achievable to the full extent, and eventually someone will come up with a 'port' to macs, but we should at least try not to help those lunatics in any way.

comment on this

From Parthen (unverified) Wed Mar 4 19:54:40 2026 UTC

Virtual machines

I'm newbie in networks, so excuse my non-awareness. Anyway,
1) I have WSL at my work (with Win11), so I can check it on 6-7 of March
2) Can't we just provide linux distro for virtual machines? As I know, using Linux in virtual machines is primary way of using Linux for Windows users.

P.S. There is privacy-focused Whonix distro, which is kinda usable by "average PC user" (well, I managed to install it when I was a 11yo paranoia-kiddie).

From Andrey Stolyarov Wed Mar 4 21:09:40 2026 UTC in reply to this comment

Re: Virtual machines

Providing a linux image for a virtual machine may be the best possible idea, I only don't know the situation with software that runs those VMs on Win/*. How hard it is for an average Win/* user to run a virtual Linux? Are the virtualization instruments freely available?

From Parthen (unverified) Thu Mar 5 07:37:31 2026 UTC in reply to this comment

Re: Re: Virtual machines

TLDR: people most likely will use the simpliest proprietary Virtualbox, but we don't need any special support for it.

1) Virtualbox and VMware are most popular ones. Both are proprietary, but first one is free as in free beer (and it's most popular among average users) and second one is paid (and used by Windows admins, as I know).

2) Out of FOSS, I only know QEMU and GUI version of it -- AQEMU. Well, *I* failed to setup it, and I'm not really an average user.

But there is a good news: both of them works perfectly fine with average .ISOs, so we can give them the distro and instructions for Virtualbox/QEMU/whatever.
Virtualbox is simple (the most hard part would be enable virtualiation support in BIOS, if it's disabled), literally kids can use it.

From Andrey Stolyarov Thu Mar 5 12:42:36 2026 UTC in reply to this comment

Re: Re: Re: Virtual machines

Well, kids can use more things than most of adults can :-)

Looks like we can't create a bundle of the take this, double-click it and everything will work kind. Well, may be it is possible with qemu, and if it is, perhaps one day someone will come up with a solution. Unfortunately, instructions of more than one step, like "go download Virtualbox, then install it, then copy this ISO image, then launch them together like this, then open this setup program, then take the point key file you must have received from your node master, ..." — things like this are fine for node masters but perhaps not for end-users. Well, let's hope node masters will help their points with setting the things up :-)

From Parthen (unverified) Thu Mar 5 15:02:14 2026 UTC in reply to this comment

Re: Re: Re: Re: Virtual machines

I *guess* we can with so called .ova -- compressed virtual machine. In Virtualbox, you will go Import -- select file -- then double press the VM to run.

I never did that outside of my machine (so, maybe it has some pitfalls) but it's advertised like this.

From Andrey Stolyarov Thu Mar 5 15:13:58 2026 UTC in reply to this comment

Re: Virtual machines

> In Virtualbox, you will go

To do so, I first need to install Virtualbox itself and make it run, right? This is exactly why I consider any external dependencies strictly inappropriate: it is about writing instructions for the users in the hope the users will do the job, instead of preparing software in a way that makes that job unnecessary.

From Anonymous (unverified) Sat Mar 7 17:31:48 2026 UTC in reply to this comment

Re: Re: Re: Virtual machines

In fact, Oracle VirtualBox also have a community version, which is really free. But guest-system drivers, for VirtualBox virtual videocard, virtual USB bridge and so on are propreitarly anyway.

However, building absolutly free (as in freedom) image (in .ova format) is possible.

From Andrey Stolyarov Sat Mar 7 17:51:41 2026 UTC in reply to this comment

Re: Re: Re: Re: Virtual machines

> virtual videocard, virtual USB bridge

Well, we don't need them. What about the networking? In particular, if we establish a tun network interface within the virtual machine, is it possible to access its connection from the host system?

From Anonymous (unverified) Sat Mar 7 17:56:30 2026 UTC in reply to this comment

Re: Virtual machines

Yes, as NAT, as NAT network, as network bridge and as virtual host adapter.

VirtualBox can emulate many network cards, by default it's PCnet-FAST III (Am79C973).

From Andrey Stolyarov Sat Mar 7 20:13:04 2026 UTC in reply to this comment

Re: Re: Virtual machines

NAT looks weird in our situation, we've got more than enough IPv6 addresses for each point. Well, network bridging looks more promising.

From Parthen (unverified) Sat Mar 7 19:29:28 2026 UTC in reply to this comment

Re: Virtual machines

> 1) I have WSL at my work (with Win11), so I can check it on 6-7 of March

I managed to connect to my own node as peer from WSL, but I failed to pass it to Windows itself. I think it's possible, just my lack of Windows administrating skills

From Andrey Stolyarov Sat Mar 7 19:58:07 2026 UTC in reply to this comment

Re: Re: Virtual machines

> I managed to connect to my own node as peer from WSL

Great! Thanks. At least we now know it's possible.

From windowzzz (unverified) Wed Mar 4 09:53:21 2026 UTC

Wintun

> Wintun is a very simple and minimal TUN driver for the Windows kernel, which provides userspace programs with a simple network adapter for reading and writing packets.

Can that help?

https://www.wintun.net

From Andrey Stolyarov Wed Mar 4 11:35:01 2026 UTC in reply to this comment

Re: Wintun

I don't think this can be of any help, not only for FEDAnet, but for anything at all. Take a look at this page: https://git.zx2c4.com/wintun/about/. First of all, they use L-strings for basic API primitives, which is too bad already. Furthermore, the L-strings are used for obvious identifiers, where any steps beyond ASCII are to be considered, well, criminal. Besides that, they declare a driver is needed for all this to work, and the driver must be "signed", so they distribute it as a signed binary; please note distribution in the form of signed binaries is explicitly prohibited by the license used for the FEDAnet project.

Actually, it looks like that any implementation of the tun/tap interface for win/* will have to rely on a "signed" driver, so none of them can ever be adopted by the project. As of any potential attempt to craft something compatible outside of the mainline project, I don't think anyone would volunteer to do so. For such a thing, the FEDAprotocol will have to be implemented from scratch, using no code from the mainline (because the mainline code's license is incompatible with signed binaries), and even an absolutely minimal subset of it (needed for the client/point to work in the simplest possible mode, which means everything is done through the node) will take a lot of work, and this is a kind of work which provides little to no satisfaction.

By the way, if I remember the things right, windows version of the select call doesn't work with generic file descriptors, only with sockets, while tun virtual interface model by its design involves a non-socket file descriptor. Well, I didn't dive into the Wintun docs that deep, but I suspect they don't use sockets for this. Hence, any wintun-based application will have to be multithreaded. This is, again, a crime that deserves a death penalty; well, this sentence may be disputed, but what can't be disputed is that FEDAnet code is absolutely incompatible with multithreading and I won't change this, as a matter of principle. Multithreading has no right to exist.

Perhaps we shouldn't expect a native Windows implementation at all. It is simply impossible to make anything decent for that damn line of operating systems.

From Ilya Fri Mar 6 02:24:43 2026 UTC in reply to this comment

Re: Re: Wintun

> they declare a driver is needed for all this to work, and the driver must be "signed", so they distribute it as a signed binary

End users can enable loading unsigned drivers by running "bcdedit /set nointegritychecks on" in admin console.

> they use L-strings for basic API primitives

Which in no way oblidges us to use anything other than ASCII in FEDAnet source.

> By the way, if I remember the things right, windows version of the select call doesn't work with generic file descriptors, only with sockets, while tun virtual interface model by its design involves a non-socket file descriptor. Well, I didn't dive into the Wintun docs that deep, but I suspect they don't use sockets for this. Hence, any wintun-based application will have to be multithreaded.

Even if that is true, can't we just use normal processes?

From Andrey Stolyarov Fri Mar 6 07:02:11 2026 UTC in reply to this comment

Re: Re: Re: Wintun

> Which in no way oblidges us to use anything other than ASCII in FEDAnet source.

Yes, but L-strings as such are too bad already: they are from C99. Even if they weren't, they are a kind of thing one should never touch by hands, heh.

> can't we just use normal processes?

In Windows, there's no fork call. It is way too complicated thing to launch a process there.

From Ilya Fri Mar 6 08:34:38 2026 UTC in reply to this comment

Re: Re: Re: Re: Wintun

Would you be against someone making a program with this library using FEDAnet codebase (provided one will distribute it together with an unsigned driver)?

I'm afraid this is the only way, WSL and VMs are too difficult for the normies - they are incapable of anything more than double-clicking an icon on the desktop.

And don't put your hopes up for Android either, starting next September, all Android developers will be forced to upload their passports and sign their binaries through Google. Furthermore, almost every major phone manufacturer already removed a way to unlock the bootloader in new device models.

From Andrey Stolyarov Fri Mar 6 10:16:13 2026 UTC in reply to this comment

Re: Re: Re: Re: Re: Wintun

> Would you be against someone making a program with this library using FEDAnet codebase (provided one will distribute it together with an unsigned driver)?

Well, this is okay. I will not take a part in this, but there's no reason to stand against. However, the codebase is, let me say this again, technically incompatible with multithreading.

> starting next September, all Android developers will be forced to upload their passports and sign their binaries through Google

So Android is dead. Okay. There are older smartphones, though. However, yes, this means there will never be FEDAnet software for mainstream Android devices.

Damn European Union has no right to exist. I really hope it's gonna disintegrate soon.

From Anonymous (unverified) Sat Mar 7 17:43:03 2026 UTC in reply to this comment

Re: Re: Re: Re: Wintun

CreateProcess minimal example: https://learn.microsoft.com/en-us/windows/win32/procthread/creating-processes

CreateProcess MSDN: https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa

From Andrey Stolyarov Sat Mar 7 17:55:55 2026 UTC in reply to this comment

Re: Re: Re: Re: Re: Wintun

Well, knowing what Win/* is, I'm nearly sure a minimal example doesn't reveal some things we'll inevitably run into. However, the message is clear: okay, perhaps it is possible to port a FEDAprotocol speaker to Win/* as a native application. Like I said earlier, I will not stand against it.