feat: per-tunnel ifname for WG service, UAPI pipe, and SCM for Windows

2026-06-23 02:00:20 +07:00 · 2026-05-25 14:53:50 +00:00
parent 39f9bcfd50
commit 72147d3a67
5 changed files with 37 additions and 26 deletions
@@ -37,11 +37,14 @@ int WindowsDaemonTunnel::run(QStringList& tokens) {
  QCoreApplication::setApplicationName("Amnezia VPN Tunnel");
  QCoreApplication::setApplicationVersion(Constants::versionString());
-  if (tokens.length() != 2) {
+  if (tokens.length() < 2 || tokens.length() > 3) {
-    logger.error() << "Expected 1 parameter only: the config file.";
+    logger.error() << "Expected: <config> [<ifname>]";
    return 1;
  }
  QString maybeConfig = tokens.at(1);
  QString name = tokens.length() == 3 && !tokens.at(2).isEmpty()
                     ? tokens.at(2)
                     : WireguardUtilsWindows::s_defaultInterfaceName();
  if (!maybeConfig.startsWith("[Interface]")) {
    logger.error() << "parameter Does not seem to be a config";
@@ -64,7 +67,6 @@ int WindowsDaemonTunnel::run(QStringList& tokens) {
    WindowsUtils::windowsLog("Failed to get WireGuardTunnelService function");
    return 1;
  }
  auto name = WireguardUtilsWindows::s_interfaceName();
  if (!tunnelProc(maybeConfig.utf16(), name.utf16())) {
    logger.error() << "Failed to activate the tunnel service";
    return 1;
@@ -15,9 +15,8 @@
 #include "platforms/windows/windowsutils.h"
 #include "windowsdaemon.h"
-#define TUNNEL_NAMED_PIPE \
+#define TUNNEL_NAMED_PIPE_PREFIX \
-  "\\\\."                 \
+  "\\\\.\\pipe\\ProtectedPrefix\\Administrators\\AmneziaWG\\"
  "\\pipe\\ProtectedPrefix\\Administrators\\AmneziaWG\\AmneziaVPN"
 constexpr uint32_t WINDOWS_TUNNEL_MONITOR_TIMEOUT_MSEC = 2000;
@@ -28,6 +27,10 @@ Logger logger("WindowsTunnelService");
 static bool stopAndDeleteTunnelService(SC_HANDLE service);
 static bool waitForServiceStatus(SC_HANDLE service, DWORD expectedStatus);
 std::wstring WindowsTunnelService::serviceNameForIfname(const QString& ifname) {
  return (QStringLiteral("AmneziaWGTunnel$") + ifname).toStdWString();
 }
 WindowsTunnelService::WindowsTunnelService(QObject* parent) : QObject(parent) {
  MZ_COUNT_CTOR(WindowsTunnelService);
  logger.debug() << "WindowsTunnelService created.";
@@ -37,7 +40,7 @@ WindowsTunnelService::WindowsTunnelService(QObject* parent) : QObject(parent) {
    WindowsUtils::windowsLog("Failed to open SCManager");
  }
-  // Is the service already running? Terminate it.
+  // Is the legacy single-tunnel service still around? Terminate it.
  SC_HANDLE service =
      OpenService((SC_HANDLE)m_scm, TUNNEL_SERVICE_NAME, SERVICE_ALL_ACCESS);
  if (service != nullptr) {
@@ -108,8 +111,11 @@ void WindowsTunnelService::timeout() {
  emit backendFailure();
 }
-bool WindowsTunnelService::start(const QString& configData) {
+bool WindowsTunnelService::start(const QString& configData, const QString& ifname) {
-  logger.debug() << "Starting the tunnel service";
+  logger.debug() << "Starting the tunnel service for" << ifname;
  m_ifname = ifname;
  const std::wstring serviceName = serviceNameForIfname(ifname);
  m_logworker = new WindowsTunnelLogger(WindowsCommons::tunnelLogFile());
  m_logworker->moveToThread(&m_logthread);
@@ -128,10 +134,9 @@ bool WindowsTunnelService::start(const QString& configData) {
    m_logworker = nullptr;
  });
-  // Let's see if we have to delete a previous instance.
+  service = OpenService(scm, serviceName.c_str(), SERVICE_ALL_ACCESS);
  service = OpenService(scm, TUNNEL_SERVICE_NAME, SERVICE_ALL_ACCESS);
  if (service) {
-    logger.debug() << "An existing service has been detected. Let's close it.";
+    logger.debug() << "A stale service was detected. Cleaning it up.";
    if (!stopAndDeleteTunnelService(service)) {
      return false;
    }
@@ -143,12 +148,12 @@ bool WindowsTunnelService::start(const QString& configData) {
  {
    QTextStream out(&serviceCmdline);
    out << "\"" << qApp->applicationFilePath() << "\" tunneldaemon \""
-        << configData << "\"";
+        << configData << "\" \"" << ifname << "\"";
  }
  logger.debug() << "Service:" << qApp->applicationFilePath();
-  service = CreateService(scm, TUNNEL_SERVICE_NAME, L"Amnezia VPN (tunnel)",
+  service = CreateService(scm, serviceName.c_str(), L"Amnezia VPN (tunnel)",
                          SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS,
                          SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL,
                          (const wchar_t*)serviceCmdline.utf16(), nullptr, 0,
@@ -236,8 +241,9 @@ static bool stopAndDeleteTunnelService(SC_HANDLE service) {
 }
 QString WindowsTunnelService::uapiCommand(const QString& command) {
-  // Create a pipe to the tunnel service.
+  const std::wstring pipeName = std::wstring(TEXT(TUNNEL_NAMED_PIPE_PREFIX))
-  LPTSTR tunnelName = (LPTSTR)TEXT(TUNNEL_NAMED_PIPE);
+                              + m_ifname.toStdWString();
  LPCWSTR tunnelName = pipeName.c_str();
  HANDLE pipe = CreateFile(tunnelName, GENERIC_READ | GENERIC_WRITE, 0, nullptr,
                           OPEN_EXISTING, 0, nullptr);
  if (pipe == INVALID_HANDLE_VALUE) {
@@ -9,6 +9,7 @@
 #include <QObject>
 #include <QThread>
 #include <QTimer>
 #include <string>
 #include "windowstunnellogger.h"
@@ -20,11 +21,13 @@ class WindowsTunnelService final : public QObject {
  WindowsTunnelService(QObject* parent = nullptr);
  ~WindowsTunnelService();
-  bool start(const QString& configData);
+  bool start(const QString& configData, const QString& ifname);
  void stop();
  bool isRunning();
  QString uapiCommand(const QString& command);
  static std::wstring serviceNameForIfname(const QString& ifname);
 signals:
  void backendFailure();
@@ -36,6 +39,7 @@ class WindowsTunnelService final : public QObject {
  QTimer m_timer;
  QThread m_logthread;
  WindowsTunnelLogger* m_logworker = nullptr;
  QString m_ifname;
  // These are really SC_HANDLEs in disguise.
  void* m_scm = nullptr;
@@ -12,6 +12,7 @@
 #include <QFileInfo>
 #include "killswitch.h"
 #include "leakdetector.h"
 #include "logger.h"
 #include "windowsfirewall.h"
@@ -110,15 +111,14 @@ bool WireguardUtilsWindows::addInterface(const InterfaceConfig& config) {
    configString.truncate(peerStart);
  }
-  if (!m_tunnel.start(configString)) {
+  m_ifname = config.m_ifname.isEmpty() ? s_defaultInterfaceName() : config.m_ifname;
  if (!m_tunnel.start(configString, m_ifname)) {
    logger.error() << "Failed to activate the tunnel service";
    return false;
  }
  // Determine the interface LUID
  NET_LUID luid;
-  const QString ifname = config.m_ifname.isEmpty() ? interfaceName() : config.m_ifname;
+  DWORD result = ConvertInterfaceAliasToLuid((wchar_t*)m_ifname.utf16(), &luid);
  DWORD result = ConvertInterfaceAliasToLuid((wchar_t*)ifname.utf16(), &luid);
  if (result != 0) {
    logger.error() << "Failed to lookup LUID:" << result;
    return false;
@@ -127,11 +127,11 @@ bool WireguardUtilsWindows::addInterface(const InterfaceConfig& config) {
  m_routeMonitor = new WindowsRouteMonitor(luid.Value, this);
  if (config.m_killSwitchEnabled) {
    // Enable the windows firewall
    NET_IFINDEX ifindex;
    ConvertInterfaceLuidToIndex(&luid, &ifindex);
    m_firewall->allowAllTraffic();
    m_firewall->enableInterface(ifindex);
    KillSwitch::instance()->addAllowedRange({});
  }
  logger.debug() << "Registration completed";
@@ -27,10 +27,8 @@ class WireguardUtilsWindows final : public WireguardUtils {
  ~WireguardUtilsWindows();
  bool interfaceExists() override { return m_tunnel.isRunning(); }
-  QString interfaceName() override {
+  QString interfaceName() override { return m_ifname; }
-    return WireguardUtilsWindows::s_interfaceName();
+  static const QString s_defaultInterfaceName() { return "AmneziaVPN"; }
  }
  static const QString s_interfaceName() { return "AmneziaVPN"; }
  bool addInterface(const InterfaceConfig& config) override;
  bool deleteInterface() override;
@@ -54,6 +52,7 @@ class WireguardUtilsWindows final : public WireguardUtils {
  void buildMibForwardRow(const IPAddress& prefix, void* row);
  quint64 m_luid = 0;
  QString m_ifname;
  WindowsTunnelService m_tunnel;
  QPointer<WindowsRouteMonitor> m_routeMonitor;
  QPointer<WindowsFirewall> m_firewall;