Our customer had a working Virtual Private Network that was functional on Linux and Mac. It was built on top of Strong swan, an open-source IPSec-based VPN. This solution was not working on Windows Systems as Windows did not have any inbuilt support to add Virtual IP Addresses, a must for this solution to work.
A one-line problem statement from the client that required a lot of research to understand the blocking issue.
No Virtual Adapter or plugins available on windows to readily use.
Good understanding of Windows/Mac/Linux OS architecture.
More than 10 years of experience in developing cybersecurity solutions.
Kernel programming required on all 3 Operating Systems.
After digging into the issue and doing a comparative study of Linux and Mac setup we discovered that the reason we couldn’t add a Virtual IP to windows systems is because Windows does not have support for adding virtual adapter on just one command.
Solution we delivered was:
1. A Virtual Network adapter that would act as a TAP device.https://en.wikipedia.org/wiki/TUN/TAP.
2. Captured packets at the Ethernet layer of the network removed the Ethernet header and sent the packets to user mode service.
3. Added IP header to the packets and encrypting the packets at user mode and sent them to a custom secure server of the client.
4. Received packets from Client’s secure custom server, decrypted, removed the header and reinjected it back in the system’s network stack.
This helped our client toprovide a comprehensive VPN solution across platforms and helped its business capture the major part of the customer base.
Understanding of Windows Network Stack.
Understanding of Windows Encryption Decryption.
Understanding of network headers.
