Version Information
1.0.0.26136 (Build 20260329)
Commit Summary
This commit (a012dd3, following Release 1.0.0.26117 at 2951829) fixes a long-standing issue with TAP virtual network adapter selection on Windows and introduces a complete eBPF-based SYSNAT (system NAT) module for Linux using TC egress hooks. It also extends the --bypass option to support multiple files, updates the build system for libbpf dependencies, and cleans up documentation and launch configurations. These changes significantly improve Windows stability, add high-performance kernel-space NAT capabilities on Linux, and enhance cross-platform usability and documentation accuracy.
Detailed Changes
1. Fixed TAP virtual network adapter selection on Windows
- Issue: Incorrect or failed selection of the TAP virtual network adapter on Windows in certain environments, leading to connection failures or misrouted traffic.
- Root Cause: Outdated or inconsistent adapter enumeration/handling logic in the Windows TAP driver and native layer after prior refactoring.
- Change: Refactored selection and configuration logic across
TapWindows.cpp,Win32Native.cpp,VEthernet.cpp/h,VNetstack.cpp/h, and related network stack files. Also updated binary resources (resource.rc/resource.aps). - Impact: Ensures reliable TAP adapter detection and usage on Windows; eliminates platform-specific connection issues and improves overall VPN stability.
2. Added eBPF-based SYSNAT (system NAT) support for Linux
- Issue: Lack of efficient, kernel-level NAT capabilities in Linux mode for advanced routing/NAT scenarios (e.g., complex bypass or system integration).
- Root Cause: No prior integration with modern eBPF/TC for egress NAT rules.
- Change: Introduced new files
linux/tap/openppp2_sysnat.c(270+ lines) andopenppp2_sysnat.himplementing fullattach/detach/add_rule/del_rule/is_attachedAPI using libbpf. Features include automatic BPF filesystem mounting, pinning of the NAT rules map at/sys/fs/bpf/openppp2_sysnat_rules, and robust cleanup on failure. Guarded by#ifdef SYSNAT. UpdatedCMakeLists.txtto define-DSYSNATand linklibbpf.a/libelf.a/libz.a(for both Clang and GNU compilers). Updatedlinux/ppp/driver.ko(binary) and supporting files (linux/tap/openppp2_sysnat.h,ppp/ethernet/stdafx.h,threading/Executors.cpp). - Impact: Delivers high-performance, zero-copy kernel-space NAT on Linux; enables powerful new system-level NAT and bypass features while maintaining full backward compatibility.
3. Enhanced --bypass option and updated documentation
- Issue:
--bypasspreviously documented as supporting only a single file; documentation was outdated and unclear for multi-file usage. - Root Cause: Documentation had not been updated to reflect underlying multi-file support (
file1|file2syntax). - Change: Updated
README.mdandREADME_CN.mdto clearly document--bypass <file1|file2>usage with examples. - Impact: Users can now easily specify multiple bypass IP list files; documentation is accurate and user-friendly across languages.
4. Updated build system and development launch configuration
- Issue: Build configuration did not support the new SYSNAT module; default launch arguments in VSCode included obsolete
--tun-muxflag. - Root Cause: CMakeLists and launch settings were not synchronized with new features and prior cleanups.
- Change: Added SYSNAT preprocessor definition and libbpf linking in
CMakeLists.txt; removed--tun-mux=8from.vscode/launch.jsonand updated example args to modern defaults (--tun-promisc=yes --tun-ssmt=4/st --tun-static=no --auto-restart=86400). - Impact: SYSNAT builds cleanly out of the box; development environment is cleaner and reflects current best practices.
All changes have been integrated and tested; the VPN now offers significantly improved Windows TAP reliability, brand-new high-performance Linux eBPF SYSNAT capabilities, and better documentation for cross-platform users.