I like to make Windows installers for OpenVPN that include my CA key
and my configuration file. That way, the user only has to drop a
given client.key and client.crt file in the config directory and
they’re ready to go.
So now I’ve got someone that wants a Vista installer. Looking at the OpenVPN site, it seems I want OpenVPN 2.1 which has some kind of fixes for Vista, especially Vista on AMD64. Something to do with driver signing.
Also, there are notes here and there about how OpenVPN 2.1 will “include” the GUI.
When I want to rebuild OpenVPN 2.0 packages with the
GUI there are nice installer source Zip
files put out by the OpenVPN GUI author. I grab that, make an edit to
the .nsi file, add in my configuration file and my CA cert, rebuild
with NSIS and I’m done.
Problem: no such thing exists for OpenVPN 2.1, as of yet.
Further problem: building OpenVPN on Windows needs some Microsoft kits that I don’t care to get right now (I have to sign up, and register, and apply, and… bleh).
So here is the disgusting way that I made my own tree, suitable for rebuilding the installer, using nothing but the NSIS installer for 2.1rc4 given on the OpenVPN site.
Note: I really don’t recommend doing this. Though it does seem to work. When 2.1 is released as stable, I expect they’ll have a nice little package to help you roll your own installer.
Also, I’m going kind of fast, so these directions are probably not step-for-step perfect. If you don’t know what you’re doing, you will quite likely get lost.
You will need:
- MinGW (current version is 5.1.3)
- MSYS (same site as above, current version is 1.0.10… from 2004)
- Perl for Windows; I grabbed ActivePerl, which I guess is the “official” Perl binary offered for Windows?
- Total Commander, a Windows file manager; we’ll use this and the following plug-in to get the files out of the OpenVPN NSIS installer
- The InstallExplorer plug-in for Total Commander
- The OpenVPN 2.1rc4 Windows NSIS installer and the sources
- The OpenVPN GUI installer sources; the ones for 2.0.9/1.0.3 are fine
And the steps:
- Install MinGW and MSYS. You won’t actually need much out of MinGW, but I think I installed all the standard stuff.
- Install ActivePerl.
- Install Total Commander. It’s shareware.
-
Within Total Commander, double click on the InstallExplorer plug-in Zip file. Total Commander will offer to install this; tell it to install the plug-in. Maybe smash the “OK” or “whatever” buttoins on some following dialogs.
By the way, Total Commander doesn’t deal well if you can’t write to the directory it’s installed in, I believe. So people running non-admin (like me) will need to get a little creative. If the next step doesn’t work, it’s quite possibly because the plug-in wasn’t installed correctly. If you’re running non-admin, that’s probably why the plug-in didn’t get installed correctly; try installing the plug-in while running Total Commander as a user with administrative rights.
You may also need to restart Total Commander for the plug-in to work, I don’t know.
- Navigate to the directory containing the OpenVPN installer in Total Commander. Right click it to select it, then press Ctrl+PgDn to browse the archive. (It may take a second.)
- Go into
$INSTDIRwithin the installer. Copy the wholebindirectory out of the installer, as well asicon.ico. By “copy [...] out of the installer” I mean to copy those files to some directory outside of the installer. - Open the
bindirectory in Total Commander. You should see twotapinstall.exefiles: one is the i386 version, one is the AMD64 version. Copy both of them out of the installer anyway you’d like (I copied each into separate directories), but you’ll need both files. In the installer I have,tapinstall.exefor i386 is 74,752 bytes, AMD64 is 80,384 (and yes, that’s how I told the difference; another way: install OpenVPN 2.1rc4 on your machine, and then look at the size of the file installed inC:program filesopenvpnbin). - Go to
..driver. You should see two files each namedOemWin2k.inf,tap0901.cat, andtap0901.sys. Again, one is i386, one is AMD64. Copy both versions of each of these three files out of the installer. i386 files are sized 7,236 bytes, 7,851 bytes, and 25,088 bytes, respectively. AMD64 files are 7,253 bytes, 7,823 bytes, and 29,696 bytes, respectively. (As in the last step, you can also find out which is which by installing OpenVPN and looking at the size of the installed files). After this step, you’re done with Total Commander. - Extract the OpenVPN 2.1rc4 sources somewhere and navigate to that directory in a MSYS bash.
- Edit
install-win32/settings.in, comment out the line starting with!define SVC_TEMPLATE, save. -
mkdir images. Move theicon.icoyou pulled out of the installer intoimages. - Find
install-whirl.bmpin the OpenVPN GUI installer sources and extract it into theimagesdirectory as well. - Move the
bindirectory you extracted from the OpenVPN 2.1rc4 installer into your OpenVPN sources directory (that’s the OpenVPN 2.1rc4 sources, not the OpenVPN GUI sources; keep up here). - Delete
tapinstall.exefrom thebindirectory. mkdir -p bin/{tapinstall,driver}/{i386,amd64}- Copy each
tapinstall.exefor i386 and AMD64 intobin/tapinstall/i386andbin/tapinstall/amd64, respectively. -
Copy the
OemWin2k.inf,tap0901.cat, andtap0901.sysfiles for the appropriate architectures intobin/driver/i386andbin/driver/amd64. Here’s what yourbindirectory should look like after this step:bin bin/driver bin/driver/amd64 bin/driver/amd64/OemWin2k.inf bin/driver/amd64/tap0901.cat bin/driver/amd64/tap0901.sys bin/driver/i386 bin/driver/i386/OemWin2k.inf bin/driver/i386/tap0901.cat bin/driver/i386/tap0901.sys bin/libeay32.dll bin/libssl32.dll bin/openssl.exe bin/openvpn-gui-1.0.3.exe bin/openvpn.exe bin/openvpnserv.exe bin/tapinstall bin/tapinstall/amd64 bin/tapinstall/amd64/tapinstall.exe bin/tapinstall/i386 bin/tapinstall/i386/tapinstall.exe - Make sure you’ve got
perlin your path by running something likeperl -e1. You shouldn’t get an error. - Run
sh -x install-win32/winconfig. It is important that you run this from the root of the OpenVPN sources (supposedly). -
echo '!define OPENVPN_GUI_DEFINED' >autodefs/guidefs.nsi(seeinstall-win32/getgui). - Install NSIS.
- You should now be able to right click the
openvpn.nsiand hit “Compile NSIS script.” NSIS should compile you a nice shinyopenvpn-2.1_rc4-install.exe. This is the basic installer.
At this point, you can make mods to openvpn.nsi as you see fit, just
like you might with OpenVPN GUI (i.e., with OpenVPN 2.0.9, GUI 1.0.3).
I’d like to give one note to possibly justify this ugliness: first of all, I don’t feel confident that I’d be able to build a Windows binary that works as well as the “official” one, built by people who probably know a lot more about what they’re doing on Windows than I do. What version of OpenSSL should I use? LZO? I don’t see something called (exactly) the “Driver Development Kit.” Of course, I’m sure these are surmountable; in fact, there are some hints in the OpenVPN sources about what versions you should use.
But another note about the OpenVPN binaries: they are supposedly signed by a real key that an OpenVPN developer has. This signing is supposedly necessary to make TAP-Win32 get installed on Vista/AMD64, where driver signing is apparently enforced. So will it be possible to build normally working binaries for Vista/x64 if you don’t have the ability to sign these binaries with some kind of real SSL key (i.e., one issued by a CA approved by Vista, for example Verisign).
Any chance we could get a copy of this .zip to space us the pain you had to go through?
I think I didn’t put this up because I (a) didn’t want to post a kind of “unauthorized” set of OpenVPN software, especially when I perceived a real release was coming up shortly; and (b) I didn’t really want to support people using this method for building an installer because it’s so ugly.
I see a release hasn’t been made, unfortunately. Since you asked nicely, I went and found some Zip file I created: http://www.codefu.org/people/darkness/openvpn-2.1_rc4-installer-build-tree.zip . Theoretically this is the tree I was working off of when I built my installer. I really don’t guarantee it’ll work for you. I kind of suspect it will, but I don’t remember if that last step where you run some Perl to generate stuff in the “autodeps” directory had anything system-dependent that might be true on my system and wrong elsewhere.
Hey darkness,
thanks for the great “ugly” howto. It worked fine for me with the 2.1rc7-Branch although I had to combine Total-Commander and Universal Extractor from “legroom.net”, to get all files out of the original installer.
To contribute to the community, here is the final working zip-file:
http://wiki.lug-reutlingen.de/openvpn-2.1_rc7.zip
I didn’t test it on AMD64 but see no reason why it shouldn’t work there also.
Quick-Howto for users:
1. Download zip-file
2. install nsis (maybe perl too?)
3. go to install-win32 and edit openvpn.nsi to your needs.
4. change the files in the config-dir to something useful
5. right-click on openvpn.nsi and hit “Compile NSIS script”
Excellent work! I really appreciate this article and especially the .zip included in the comment. I was able to get OpenVPN to work in XP and Vista with a custom installer and configuration files in less than an hour.
Kudos Darkness!
Hello! if somebody could help me I would be forever greatful…I need to install OpenVPN on a Vista computer to connect a client PC (on windows XP). I’m pretty clueless when it comes to open source programs and networking so I need all the help I can get to get OpenVPN installed successfully. I tried to follow the instructions step by step but unfortunately they arent written for dummies so I got lost quite quickly. If anybody is able to help me please send me an email at pgaralis@gmail.com.
Thank you in advance for any help!
OpenVPN 2.1_rc15 — released on 2008.11.19
Can anybody help me how to translate and compile openvpn_gui?
I came across your howto because I had trouble compiling my own installer for OpenVPN 2.1.1.
There is a cleaner way with openvpn 2.1.1.
You will still need mingw and friends, but you can take advantage of the prebuilt tarball that OpenVPN provides.
In short:
* Download the OpenVPN source tarball
* Inside you will find a script called domake-win
* Read the comments on top of this script. It explains how to use the prebuilt tarball.
* In the same script, comment out the two lines regarding tap and tapinstall. You will use the prebuilt ones instead.
* now go and customize install-win32/settings.in to your likings
* be sure to uncomment the prebuilt directory in there
from the openvpn directory, run domake-win
If all goes well, this should generate the openvpn installer. In my case it didn’t go well, because of a bug in install-win32/trans.pl. I had to add ‘\s*’ to the regular expression that parses the ‘!include’ lines. After that, it worked fine. This bug may have been fixed in more recent openvpn sources.
Good luck.
Geert
Hi Geert,
Can you tell me how to add ‘\s*” to the regular expression that parses thee “!include” lines. When I compile openvpn-2.1.1 with the ./domake-win command on MSYS enviroment. There is an error.
can’t parse this line: !include “autodefs/version.in”.
In file install-win32/trans.pl, you should change
/^!include\s+”(.+)”$/
to read
/^!include\s+”(.+)”\s*$/
That fixed it for me.
Hi,
Geert pls can you help me how can I may change sources,
when I want add my configs with cert and .opvn files?
Can you give me example, because file settings.in seem to be different like I was changing file for nss script.
Thanks for reply :)
To add custom config files and ovpn files, I edited the nsi configuration file as you would otherwise to configure the installer. The file to modify is in install-win32 and is called openvpn.nsi.
Hello,
Referring to your site guidance, I downloaded everything. Withut changing anything just tried to run openvpn.nsi script from /install-win32 by right clicking and selecting “Compile NSIS Script”. This is the result that I get :
Processing script file: "C:\MinGW\msys\1.0\home\Admin\openvpn-2.1_rc22\install-win32\openvpn.nsi"
SetCompressor: lzma
!include: "C:\NSIS\Include\MUI.nsh"
!include: "C:\NSIS\Contrib\Modern UI\System.nsh"
NSIS Modern User Interface version 1.8 - Copyright 2002-2009 Joost Verburg (C:\NSIS\Contrib\Modern UI\System.nsh:8)
!define: "MUI_INCLUDED"=""
!define: "MUI_SYSVERSION"="1.8"
!define: "MUI_VERBOSE"="3"
!include: closed: "C:\NSIS\Contrib\Modern UI\System.nsh"
!include: closed: "C:\NSIS\Include\MUI.nsh"
!include: could not find: "defs.nsi"
Error in script "C:\MinGW\msys\1.0\home\Admin\openvpn-2.1_rc22\install-win32\openvpn.nsi" on line 14 -- aborting creation process
defs.nsi is already present in gen-prebuilt folder. I have added C:\MinGW\bin, C:\MinGW\msys\1.0\bin and C:\MinGW\msys\1.0\home\Admin to path.
Can you tell why it cuoldn’t find the “defs.nsi”. Am I missing anything or any settings ?
One more question, how do I build the “domake-win” file present in openvpn-2.1_rc folder. I fuond that to recompile openvpn with any new changes, we got to make changes in settings.in and run domake-win script at http://article.gmane.org/gmane.network.openvpn.user/22590. But, couldn’t make out how to run the domake-win script.
I hope you can help me out. Have spend almost whole day trying to build as you have instructed, but just couldn’t make it.
Thanks
Terry
Unfortunately I don’t use Windows anymore at all, so I can’t be much help with this. Sorry!
Thanks darness, I got that part working. Am building it using MingW, MYSYS bash. I get the following error for LZO :
res_init UNDEFINED
configure: checking for working epoll implementation…
checking for epoll_create… no
LoadLibrary DEFINED
configure: checking for LZO Library and Header files…
checking lzo/lzo1x.h usability… no
checking lzo/lzo1x.h presence… no
checking for lzo/lzo1x.h… no
checking lzo1x.h usability… no
checking lzo1x.h presence… no
checking for lzo1x.h… no
LZO headers were not found
LZO library available from http://www.oberhumer.com/opensource/lzo/
configure: error: Or try ./configure –disable-lzo
make: *** No targets specified and no makefile found. Stop.
cp: cannot stat `windest/sbin/openvpn.exe’: No such file or directory
cp: cannot stat `windest/sbin/openvpnserv.exe’: No such file or directory
Not building TAP driver — DDK version 6001.18002 NOT FOUND
Not building tapinstall — DDK version 6001.18002 NOT BUILT
Uninstall: 4 pages (256 bytes),
1 section (1048 bytes), 396 instructions (11088 bytes), 216 strings (3490 bytes)
, 1 language table (282 bytes).
Datablock optimizer saved 15434 bytes (~0.9%).
Its building the openvpn file, but not working properly.
Greet, Thanks your idea to make changes in “install-win32/trans.pl” helped me solve the same problem with !include autodef/versin.in” statement.
Can anyone help me how to handle with this LZO header files that. The dir name of lzo I have from prebuilt is /lzo-2.02. I had read somewhere on net reg this problem, but couldn’t find now. Any help is highly appreciated.
Thanks
Terry, is there an lzo1x.h anywhere under your lzo-2.02 directory? If so, you might need to add something to your environment variable such as CFLAGS=-I/directory/that/contains/lzo/header. If not, maybe you need a 1.x version of LZO? (Again, these are total guesses without looking at the code for even a second.)
darkenss, I configured, build & installed LZO using MinGW and got all required .h files in \lzo-2.02\include\lzo folder and also got the library created under \lzo-2.02\src\.libs (contains liblzo2.a, liblzo2.la & liblzo2.lai).
In my settings.in I have ,
!define LZO_DIR “C:/MinGW/msys/1.0/home/Admin/lzo-2.02″
In makeopenvpn file,
–with-lzo-headers=$H/$LZO_DIR/include \
–with-lzo-lib=$H/$LZO_DIR/src \
I tried alot. Even added /usr/local/lib in lzo-lib, but nothing works. It is able to find headers but not library. I get the error and it quits :
LoadLibrary DEFINED
configure: checking for LZO Library and Header files…
checking lzo/lzo1x.h usability… yes
checking lzo/lzo1x.h presence… yes
checking for lzo/lzo1x.h… yes
checking for lzo1x_1_15_compress in -llzo2… no
checking for lzo1x_1_15_compress in -llzo… no
configure: error: LZO headers were found but LZO library was not found
make: *** No targets specified and no makefile found. Stop.
cp: cannot stat `windest/sbin/openvpn.exe’: No such file or directory
cp: cannot stat `windest/sbin/openvpnserv.exe’: No such file or directory
Uninstall: 4 pages (256 bytes),
How to solve this Problem ? Am stuck up ? Please help me out. Does it make any difference if I execute any commands in MinGW and in normal dos using bash command ? I had configured, build & installed lzo and doing domake-win in MingW only, but previously was doing on cmd.
Sorry, I’ve got no idea. Maybe someone else can happen by and offer advice. Good luck!
Does anyone know the name of library file of LZO2-02 generated? I compiled, build and installed but dont’ see any dll or lib file ? But I see liblzo2.a, liblzo2.ai and liblzo.lai
Which is the library file of LZO and where is it located ?
Having the same LZO problem! I’m trying to fix it somehow. no luck so far.