| 52 | | Next run the steps requiring the NASM assembler: |
| 53 | | |
| 54 | | {{{ |
| 55 | | C:\openssl-1.0.0> ms\do_nasm |
| 56 | | }}} |
| 57 | | |
| 58 | | Next compile OpenSSL using the generated makefile: |
| 59 | | |
| 60 | | {{{ |
| 61 | | C:\openssl-1.0.0> nmake -f ms\ntdll.mak |
| 62 | | C:\openssl-1.0.0> nmake -f ms\ntdll.mak test |
| 63 | | C:\openssl-1.0.0> nmake -f ms\ntdll.mak install |
| 64 | | }}} |
| 65 | | |
| 66 | | '''MinGW buildsystem''' |
| 67 | | |
| 68 | | Launch ''MinGW command prompt'' and go to <openssl-sources>. The usual process goes like this: |
| 69 | | |
| 70 | | {{{ |
| 71 | | $ ./config |
| 72 | | $ make |
| 73 | | $ make test |
| 74 | | }}} |
| 75 | | |
| 76 | | OpenSSL installation has to be done manually using something like this: |
| 77 | | |
| 78 | | {{{ |
| 79 | | $ mkdir -p /c/openssl/include /c/openssl/bin /c/openssl/lib |
| 80 | | $ cp -r include/openssl /c/openssl/include/ |
| 81 | | $ cp apps/openssl.exe /c/openssl/bin |
| 82 | | $ cp libcrypto.a libssl.a /c/openssl/lib |
| 83 | | }}} |
| 84 | | |
| 85 | | = Building pkcs11-helper = |
| 86 | | |
| 87 | | '''Common steps''' |
| 88 | | |
| 89 | | Download latest release of ''pkcs11-helper'' from http://www.opensc-project.org and extract it somewhere. |
| 90 | | |
| 91 | | '''Python-based buildsystem''' |
| 92 | | |
| 93 | | The install process for Visual Studio is described in the ''INSTALL'' file. |
| 94 | | |
| 95 | | To build ''pkcs11-helper'', do the following: |
| 96 | | |
| 97 | | * Go to ''pkcs11-helper-<version>/lib'' |
| 98 | | * Copy ''<openssl-install-directory>/lib/libeay32.lib'' to that directory - this is required by the linker |
| 99 | | * Run ''nmake -f Makefile.w32-vc OPENSSL=1 OPENSSL_HOME=<path-to-openssl-sources>'' |
| 100 | | |
| 101 | | In theory this should do it. If you need to rebuild, clean up first with |
| 102 | | |
| 103 | | {{{ |
| 104 | | $ nmake -f Makefile.w32-vc clean |
| 105 | | }}} |
| 106 | | |
| 107 | | and then repeat the above steps. Unless you're using 1.08 or later, you probably get this error message during build: |
| 108 | | |
| 109 | | {{{ |
| 110 | | pkcs11h-threading.c(477) : error C2036: 'void *' : unknown size |
| 111 | | }}} |
| 112 | | |
| 113 | | If so, edit that file as suggested [http://thread.gmane.org/gmane.comp.encryption.opensc.devel/8381 here]. After this build should succeed, as long as ''libeay32.lib'' is present in the build directory. |
| 114 | | |
| 115 | | OpenVPN is only interested is ''lib/libpkcs11-helper-1.dll'' and uses it when generating the NSI installer. |
| 116 | | |
| 117 | | '''MinGW buildsystem''' |
| 118 | | |
| 119 | | You need to link ''pkcs11-helper'' against OpenSSL libraries. To do this, launch MinGW command-line and do something like this: |
| 120 | | |
| 121 | | {{{ |
| 122 | | $ openssl_home=/c/openssl |
| 123 | | $ ./configure --prefix=/ --disable-crypto-engine-gnutls --disable-crypto-engine-nss PKG_CONFIG=true OPENSSL_CFLAGS="-I${openssl_home}/include" OPENSSL_LIBS="-L${openssl_home}/lib -lcrypto" |
| 124 | | }}} |
| 125 | | |
| 126 | | = Building LZO = |
| 127 | | |
| 128 | | '''Common steps''' |
| 129 | | |
| 130 | | The [http://www.oberhumer.com/opensource/lzo/ LZO library] is required to build OpenVPN. Once you've unpacked the source package, open the ''B/00README.txt'' file to get an overview of the Windows build process. |
| 131 | | |
| 132 | | '''Python-based buildsystem''' |
| 133 | | |
| 134 | | If all goes well, you'll only need to run one .bat file: |
| 135 | | |
| 136 | | {{{ |
| 137 | | C:\lzo-2.0.4> B\win32\vc_dll.bat |
| 138 | | }}} |
| 139 | | |
| 140 | | Note that this ''does not'' install lzo; in fact, you need to copy the relevant files to openvpn's build directory manually as shown below. |
| 141 | | |
| 142 | | '''MinGW buildsystem''' |
| 143 | | |
| 144 | | The usual autotools process applies here: |
| 145 | | |
| 146 | | {{{ |
| 147 | | $ ./configure |
| 148 | | $ make |
| 149 | | $ make check |
| 150 | | $ make test |
| 151 | | }}} |
| 152 | | |
| 153 | | = OpenVPN build = |
| 154 | | |
| 155 | | == Setting up dependencies == |
| 156 | | |
| 157 | | '''Python-based buildsystem''' |
| 158 | | |
| 159 | | The new Python-based build system we're using in this article has gone through significant changes during late 2010 and early 2011. You're strongly encouraged to fetch latest Git development code using ''Git for Windows'' (Git shell) or ''!GitExtensions'' (GUI). Check [wiki:TesterDocumentation these instructions] to see which Git URI to use. Alternatively get OpenVPN 2.2.0 or later, where all the major buildsystem changes have been implemented. |
| 160 | | |
| 161 | | OpenVPN has several build and runtime dependencies that need to be placed into a strict directory hierarchy along with OpenVPN sources: |
| 162 | | |
| 163 | | * '''<openvpn-build-root>''': root build directory, e.g. ''C:\openvpn-build'' |
| 164 | | * '''<openvpn-sources>''': a directory containing openvpn sources (from tarball/zip/git) |
| 165 | | * '''tapinstall''' |
| 166 | | * '''7600''': copy of [http://support.microsoft.com/kb/311272 devcon.exe] ''build directory''. Can be found from ''C:\WINDDK\7600.16385.1\src\setup\devcon'' or similar, depending on the version of WINDDK. Note that in OpenVPN world ''devcon.exe'' is (confusingly) also known as ''tapinstall.exe''. This directory is not needed if you use prebuilt TAP-drivers. '''NOTE:''' This directory gets copied during configuration phase (win/config_ti.py) to ''<openvpn-sources>/tapinstall''. |
| 167 | | * '''pkcs11-helper''': copy of pkcs11-helper ''build directory'' |
| 168 | | * '''lib''': must also contain ''libpkcs11-helper-1.dll'' and ''libpkcs11-helper-1.dll.manifest'' files produced by pkcs11-helper build |
| 169 | | * '''openssl''': copy of the openssl ''install directory'' |
| 170 | | * '''lzo''' |
| 171 | | * '''include''': a copy of the ''include'' directory in the lzo ''build directory'' |
| 172 | | * '''lzo''': the directory with actual lzo header files |
| 173 | | * '''bin''': must also contain the ''lzo2.dll'' and ''lzo2.dll.manifest'' files generated by lzo build |
| 174 | | * '''lib''': must also contain the ''lzo2.lib'' file generated by lzo build |
| 175 | | * '''Microsoft.VC90.CRT''': a copy of ''C:\Program Files\MicrosofT Visual Studio 9.0\VC\redist\x86\Microsoft.VC90.CRT'' directory; the exact path may vary. Note that using the wrong version will cause issues on 32-bit or 64-bit Windows versions. |
| 176 | | * '''tap-prebuilt''': this directory contain prebuilt, signed TAP-drivers and tapinstall.exe extracted from an OpenVPN installer. This is only needed if you don't build the TAP-drivers yourself. |
| 177 | | * '''i386''': should contain 32-bit versions of the TAP-driver and ''tapinstall.exe'' |
| 178 | | * '''amd64''': should contain 64-bit versions of the above |
| 179 | | * '''openvpn-gui''': this directory should contain the ''openvpn-gui*.exe'' executable (see ''win/settings.in'') |
| 180 | | * '''signtool''': this directory should contain ''signtool.exe'', which can be found from the Microsoft SDK directory (e.g. ''C:\Program Files\Microsoft SDKs\Windows\V6.0A\bin''). However, it's Python wrapper (''Sign'' class) is only available internally at OpenVPN Technologies, so you can skip this dependency. |
| 181 | | |
| 182 | | '''MinGW buildsystem''' |
| 183 | | |
| 184 | | Refer to [http://openvpn.net/prebuilt old dependency packages] to get an idea about the proper layout. |
| 185 | | |
| 186 | | == Setting build parameters == |
| 187 | | |
| 188 | | After setting up the directories, you should check if OpenVPN's build configuration files need modifications. |
| 189 | | |
| 190 | | '''Python-based buildsystem''' |
| 191 | | |
| 192 | | * ''<openvpn-sources>\win\settings.in'': build configuration for Python-based builds. Most build configuration - if any - is done in this file. |
| 193 | | * ''<openvpn-sources>\win\config.h.in'': static header file, functionally the same as config.h generated by autotools; not usually modified. |
| 194 | | * ''<openvpn-sources\version.m4'': contains TAP-driver version information. Normally there's no need to modify this. |
| 195 | | |
| 196 | | '''NOTE:''' You may need to add ''vcvarsall.bat'' to PATH manually. On 64-bit platforms it usually lives in the ''C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC'' directory. |
| 197 | | |
| 198 | | '''MinGW buildsystem''' |
| 199 | | |
| 200 | | * ''<openvpn-sources>/install-win32/settings.in'': build configuration file for MinGW builds. Usually only this file needs to be edited. |
| 201 | | * ''<openvpn-sources>/version.m4'': contains TAP-driver version information. Normally there's no need to modify this. |
| 202 | | |
| 203 | | |
| 204 | | == Building OpenVPN == |
| 205 | | |
| 206 | | '''Python-based buildsystem''' |
| 207 | | |
| 208 | | Next fire up a ''Visual Studio 2008 Command Prompt'' and go to ''<openvpn-sources>\win'' directory. You should now build OpenVPN + the TAP driver using |
| 209 | | |
| 210 | | {{{ |
| 211 | | C:\openvpn-build\openvpn-testing\win> python build_all.py --unsigned |
| 212 | | }}} |
| 213 | | |
| 214 | | This builds ''openvpn.exe'', ''openvpnserv.exe'' and the TAP driver and copies the results to ''<openvpn-sources>\dist''. The ''--unsigned'' switch disables TAP driver signing, which would not work anyways because the ''Sign'' Python module is only available internally at OpenVPN Technologies. In case you want to test new TAP-driver versions on Windows Vista/7 64-bit you need to self-sign them and jump through several hoops. If you intend to use signed TAP drivers from an existing OpenVPN installer, you can extract signed TAP drivers from an existing installer and skip building the TAP driver altogether: |
| 215 | | |
| 216 | | {{{ |
| 217 | | C:\openvpn-build\openvpn-testing\win> python build_all.py --unsigned --notap |
| 218 | | }}} |
| 219 | | |
| 220 | | To clean up before or after the build, issue |
| 221 | | |
| 222 | | {{{ |
| 223 | | C:\openvpn-build\openvpn-testing\win> python build.py clean |
| 224 | | }}} |
| 225 | | |
| 226 | | To see all available build options, use |
| 227 | | |
| 228 | | {{{ |
| 229 | | C:\openvpn-build\openvpn-testing\win> python build_all.py --help |
| 230 | | }}} |
| 231 | | |
| 232 | | '''MinGW buildsystem''' |
| 233 | | |
| 234 | | Build process is very simple: |
| 235 | | |
| 236 | | {{{ |
| 237 | | $ cd <openvpn-sources> |
| 238 | | $ ./domake-win |
| 239 | | }}} |
| 240 | | |
| 241 | | Watch what error it gives, fix and retry. Repeat until everything builds properly. |
| 242 | | |
| 243 | | == Using signed TAP-drivers from an OpenVPN installer == |
| 244 | | |
| 245 | | First [wiki:ManagingWindowsTAPDrivers extract TAP-drivers] from an OpenVPN installer. Then do the following: |
| 246 | | |
| 247 | | * Place 32-bit signed TAP drivers and corresponding ''tapinstall.exe'' to ''<openvpn-build-root>\tap-prebuilt\i386'' |
| 248 | | * Place 64-bit versions to ''<openvpn-build-root>\tap-prebuilt\amd64'' |
| 249 | | |
| 250 | | == Packaging OpenVPN == |
| 251 | | |
| 252 | | '''Python-based buildsystem''' |
| 253 | | |
| 254 | | Once OpenVPN build is finished, you may want to make an installer executable. OpenVPN installers are packaged using [http://nsis.sourceforge.net/Main_Page NSIS], which you can download from [http://nsis.sourceforge.net/Download here]. The buildsystem, or more correctly ''<openvpn-sources>\win\make_dist.py'' - puts most of what the NSI script (''<openvpn-sources>\win\openvpn.nsi'') needs to ''<openvpn-sources>\dist''. The NSI script still (as of 2.2-RC2) pulls some files from directories other that ''dist'', but that will be fixed later. |
| 255 | | |
| 256 | | OpenVPN installer is driven by the ''<openvpn-sources>\win\openvpn.nsi'' NSI script, which has to be loaded with the [http://nsis.sourceforge.net/Main_Page MakeNSIS] application to generate an installer. If the ''<openvpn-sources>\dist'' directory has been properly set up, you should not encounter any errors. However, if ''MakeNSIS'' complains about missing files, make sure the ''<openvpn-sources>\dist'' directory contains all of the packaging dependencies: |
| 257 | | |
| 258 | | * '''amd64''' |
| 259 | | * OemWin2k.inf |
| 260 | | * tap0901.cat |
| 261 | | * tap0901.sys |
| 262 | | * tapinstall.exe |
| 263 | | * '''bin''' |
| 264 | | * '''Microsoft.VC90.CRT''' |
| 265 | | * msvcr90.dll |
| 266 | | * Microsoft.VC90.CRT.manifest |
| 267 | | * libeay32.dll |
| 268 | | * libpkcs11-helper-1.dll |
| 269 | | * lzo2.dll |
| 270 | | * openssl.exe |
| 271 | | * openvpn-gui-1.0.3.exe |
| 272 | | * openvpn.exe |
| 273 | | * openvpnserv.exe |
| 274 | | * ssleay32.dll |
| 275 | | * '''i386''' |
| 276 | | * OemWin2k.inf |
| 277 | | * tap0901.cat |
| 278 | | * tap0901.sys |
| 279 | | * tapinstall.exe |
| 280 | | * '''samples''' |
| 281 | | * client.ovpn |
| 282 | | * sample.ovpn |
| 283 | | * server.ovpn |
| 284 | | |
| 285 | | '''MinGW buildsystem''' |
| 286 | | |
| 287 | | = Using unverified TAP-drivers on 64-bit Windows = |
| 288 | | |
| 289 | | The 64-bit versions of Windows Vista/7 (and later) only allow installing drivers with certificates that have Microsoft as CA. Or, in other words, drivers verified by Microsoft. Installation of unsigned nor unauthorized device drivers is not allowed by default. This is very problematic when testing the TAP-driver, as signing it after every small change makes no sense. Fortunately there are two ways to work around this: |
| 290 | | |
| 291 | | * Self-sign the TAP-driver and configure Windows to accept ''self-signed'' (unauthorized) drivers. |
| 292 | | * Switch on ''Test mode'' during boot. This allows loading ''unsigned'' drivers. |
| 293 | | |
| 294 | | To get a good idea how this all works, read these two documents: |
| 295 | | |
| 296 | | * [http://msdn.microsoft.com/en-us/windows/hardware/gg487332 Digital Signatures for Kernel Modules on Windows] |
| 297 | | * [http://msdn.microsoft.com/en-us/library/ff546236%28v=vs.85%29.aspx How to Test-Sign a Driver Package] |
| 298 | | |
| 299 | | == Method 1: Self-signing the TAP-drivers == |
| 300 | | |
| 301 | | '''IMPORTANT:''' so far (18th March 2011) I have not managed to make Windows 7 64-bit accept self-signed certificates created on WinXP 32-bit. Until this is fixed, please use method 2 to test 64-bit TAP-drivers. |
| 302 | | |
| 303 | | === Creating a test certificate on build computer === |
| 304 | | |
| 305 | | Creating a test certificate (and it's keystore) is easy if Visual Studio is is installed. Open the Visual Studio command-line and issue |
| 306 | | |
| 307 | | {{{ |
| 308 | | Makecert -r -pe -ss teststore -n “CN=OpenVPN project test labs” teststore.cer |
| 309 | | }}} |
| 310 | | |
| 311 | | For details on the syntax see [http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.80).aspx Makecert.exe reference]; for higher-level details look [http://msdn.microsoft.com/en-us/windows/hardware/gg487332 here]. |
| 312 | | |
| 313 | | === Installing the test certificate to build and target computers === |
| 314 | | |
| 315 | | Both build and target computers need to have the test certificate in their keystores. The ''build computer'' needs it for signing the driver catalog with ''signtool.exe''. The ''target computer'', on the other hand, needs to have the certificate installed or it won't trust the driver and won't allow loading it to the kernel. |
| 316 | | |
| 317 | | In both cases the certificate is imported using [http://msdn.microsoft.com/en-us/library/e78byta0%28v=vs.80%29.aspx certmgr.exe]: |
| 318 | | |
| 319 | | {{{ |
| 320 | | certmgr.exe -add teststore.cer -s -r localMachine root |
| 321 | | certmgr.exe -add teststore.cer -s -r localMachine trustedpublisher |
| 322 | | }}} |
| 323 | | |
| 324 | | You can also launch ''certmgr.exe'' without parameters and use the certificate import wizard. Although usage of ''certmgr.exe'' is straightforward, it is included (only?) in the massive [http://www.microsoft.com/downloads/en/details.aspx?FamilyID=71deb800-c591-4f97-a900-bea146e4fae1&displaylang=en Microsoft Windows SDK for Windows 7 and .NET Framework 3.5 SP1] package, which you need to install. |
| 325 | | |
| 326 | | === Creating the catalog file using makecat === |
| 327 | | |
| 328 | | There are two ways to create the catalog file that contains hashes of the TAP-driver files. It is this ''catalog'' file that is signed and verified by Windows kernel. The first option is to create a catalog definition file (.cdf) with a text editor and generate the real catalog file from it using [http://msdn.microsoft.com/en-us/library/aa386967%28v=vs.85%29.aspx MakeCat.exe]. The problem with this approach is that ''makecat'' does not warn about errors in the .cdf file. This results in everything looking just fine, but failing when loading the driver into the kernel. |
| 329 | | |
| 330 | | Nevertheless, if you want to try this approach, go to ''<openvpn-sources>/dist/amd64'' after building There you'll find ''tap0901.sys'' and ''OemWin2k.inf'' files. Create a catalog definition file (e.g. ''tap.cdf'') with a text editor; it contents should be ''similar'' to the one below: |
| 331 | | |
| 332 | | {{{ |
| 333 | | [CatalogHeader] |
| 334 | | Name=tap0901.cat |
| 335 | | PublicVersion=0x00000010 |
| 336 | | ResultDir=.\ |
| 337 | | EncodingType= |
| 338 | | |
| 339 | | [CatalogFiles] |
| 340 | | tap0901.sys=.\tap0901.sys |
| 341 | | OemWin2k.inf=.\OemWin2k.inf |
| 342 | | |
| 343 | | }}} |
| 344 | | |
| 345 | | Make sure you have a linefeed at the end. Please note that this file did not work properly for unknown reasons, and the .cdf file format seems mostly undocumented. Once the catalog definition file is finished you can create the real catalog file using ''makecat'': |
| 346 | | |
| 347 | | {{{ |
| 348 | | makecat -v tap.cdf |
| 349 | | }}} |
| 350 | | |
| 351 | | === Creating the catalog file using inf2cat === |
| 352 | | |
| 353 | | [http://msdn.microsoft.com/en-us/library/ff547089%28v=vs.85%29.aspx Inf2Cat.exe] is a tool used to generate an unsigned catalog file from driver's INF file. It should be more easier to use than ''makecat'', as it can automatically generate a .cat file with correct syntax. This tool is included in the ''Windows Driver Kit'', which you have to install. Use it like this: |
| 354 | | |
| 355 | | {{{ |
| 356 | | cd C:\WINDDK\\7600.16385.1\bin\selfsign |
| 357 | | Inf2Cat.exe /driver:<openvpn-sources>\dist\i386 /os:XP_X86 |
| 358 | | Inf2Cat.exe /driver:<openvpn-sources>\dist\amd64 /os:Vista_X64 |
| 359 | | }}} |
| 360 | | |
| 361 | | Where <openvpn-sources> is something like ''C:\openvpn-build\openvpn-macbook''. |
| 362 | | |
| 363 | | === Signing the catalog file === |
| 364 | | |
| 365 | | * Sign the catalog file (.cat) with [http://msdn.microsoft.com/en-us/library/8s9b9yaz%28v=vs.80%29.aspx Signtool.exe] |
| 366 | | |
| 367 | | Now sign the catalog file with ''signtool'': |
| 368 | | |
| 369 | | {{{ |
| 370 | | signtool sign /v /s teststore /n "OpenVPN project test labs" tap0901.cat |
| 371 | | }}} |
| 372 | | |
| 373 | | As long as the test certificate has been imported using ''certmgr.exe'' (see above), this command should work. |
| 374 | | |
| 375 | | If you want, repeat this process for 32-bit version of the TAP-driver starting from ''<openvpn-sources>/dist/i386''. |
| 376 | | |
| 377 | | == Method 2: Enabling test mode on target computer == |
| 378 | | |
| 379 | | Test mode ''boot setting'' allows loading test-signed drivers to the Windows kernel. You can use the [http://www.ngohq.com/home.php?page=dseo Driver Signature Enforcement Overrider] tool to enable it. After a reboot you should see |
| 380 | | |
| 381 | | {{{ |
| 382 | | Test Mode |
| 383 | | Windows 7 |
| 384 | | Build xxxx |
| 385 | | }}} |
| 386 | | |
| 387 | | Or similar at bottom left corner of the desktop. Windows kernel should now load unsigned drivers without any issues. |
| 388 | | |
| 389 | | = Troubleshooting = |
| 390 | | |
| 391 | | == Compiler warnings during OpenSSL build == |
| 392 | | |
| 393 | | When building OpenSSL you're most likely encounter issues with trivial compiler warnings stopping the entire build. To circumvent this remove the ''/WX'' flag in the makefile as suggested in ''INSTALL.W32'' file. This is harder than it seems for two reasons: |
| 394 | | |
| 395 | | * The correct makefile is ''ms\ntdll.mak'' (not the ''Makefile'' in build root) |
| 396 | | * You need to use ''Wordpad'' or other UNIX linefeed-aware editor to open and save the makefile |
| 397 | | |
| 398 | | == VS 2008 cross-tools issues during OpenSSL build == |
| 399 | | |
| 400 | | OpenSSL build is likely to break at several places if you're running ''Visual Studio 2008 x64 Cross-Tools Command Prompt'' instead of plain ''Visual Studio 2008 Command prompt''. Consider reinstalling Visual Studio without cross-tools if you encounter either of these errors: |
| 401 | | |
| 402 | | * ''fatal error LNK1112: module machine type X86 conflicts with target machine type x64'' (in the middle of the build) |
| 403 | | * ''Linker can't find link.obj'' (at the end of the build) |
| 404 | | |
| 405 | | == Issues with self-signed TAP-driver certificates == |
| 406 | | |
| 407 | | [http://social.technet.microsoft.com/wiki/contents/articles/certificates-console.aspx Certificates Console] can be used to view and move around certificates stored for the local computer or the current user. The ''Device Manager'' can be used to view driver status and the cause of malfunctions. ''Event viewer'' can be used to view ''Code integratity events'', including failures to verify driver signatures. These can be found from ''Applications and Services Logs -> Microsoft -> Windows -> CodeIntegrity''. |
| 408 | | |
| 409 | | == File vcvarsall.bat not found == |
| 410 | | |
| 411 | | Sometimes - not always - the ''"Visual Studio Command Prompt"'' might not find ''vcvarsall.bat'', which is needed to build OpenVPN using the Python-based buildsystem. In this case you can [http://vlaurie.com/computers2/Articles/environment.htm add it to PATH manually]. The path is ''C:\Program Files (x86)\Microsoft Visual Studio 9.0\vc'' or similar. |
| 412 | | |
| 413 | | = Code debugging = |
| 414 | | |
| 415 | | Visual Studio (2008+ at least) has a [http://msdn.microsoft.com/en-us/library/5hs4b7a6.aspx Just in time debugger] that - by default - launches automatically when a binary crashes. This can be very useful when debugging openvpn.exe, as the debugger show on which line the error occured, which files it tried to access, etc. |
| 416 | | |
| 417 | | To use the debugger, you need to compile openvpn.exe with appropriate debug flags. This is done by uncommenting the enabling PRODUCT_OPEVPN_DEBUG in ''win/settings.in'', as shown below: |
| 418 | | |
| 419 | | {{{ |
| 420 | | # Build debugging version of openvpn.exe |
| 421 | | !define PRODUCT_OPENVPN_DEBUG |
| 422 | | }}} |
| 423 | | |
| 424 | | In most cases, full uninstall/reinstall procedure is not necessary. If that's the case, you can quickly test the binary like this from Git Bash with administrator rights (adapt as necessary for different shells): |
| 425 | | |
| 426 | | {{{ |
| 427 | | $ cd /C/Program\ Files\ \(x86\)\OpenVPN\config |
| 428 | | $ cp <openvpn-sources>/dist/bin/openvpn.exe ../bin/ |
| 429 | | $ ../bin/openvpn.exe --config <your-openvpn-config-file> |
| 430 | | }}} |
| 431 | | |
| 432 | | If/when the process crashes, the Visual Studio JIT debugger pops up. Provided you built OpenVPN with debugging information (see above), you should be able to pinpoint the issue fairly easily. |
| 433 | | |
| 434 | | = External links = |
| 435 | | |
| 436 | | * Building OpenVPN (other resources) |
| 437 | | * [http://d.ream.at/build-openvpn-2-2-0-with-visual-studio-2010/ Build OpenVPN 2.2.0 with Visual Studio 2010] |
| 438 | | * [http://d.ream.at/build-openvpn-2-1-4-with-vs2010/ Build OpenVPN 2.1.4 with Visual Studio 2010] |
| 439 | | * [http://yegle.net/2010/05/19/compile-openvpn-2-1-1-in-windows/ Compile OpenVPN 2.2.1 in Windows] (in Chinese) |
| 440 | | * ''<openvpn-sources>/domake-win'': the core build script for OpenVPN MinGW builds. Contains explanation of the entire build process. |
| 441 | | * [http://ehsanakhgari.org/blog/2008-05-04/compiling-openvpn-windows Compiling OpenVPN on Windows] |
| 442 | | * [http://rfc2324.org/howto/openvpn4win Build OpenVPN for Windows using Mingw32] |
| 443 | | * [http://article.gmane.org/gmane.network.openvpn.user/22590 Compiling 2.1rc7 on Windows with VC] (email thread) |
| 444 | | * Visual studio toolchain |
| 445 | | * [http://msdn.microsoft.com/en-us/library/ff547649.aspx Installing Test-Signed Driver Packages] |
| 446 | | * [http://en.wikipedia.org/wiki/Visual_studio Visual Studio article on Wikipedia] |
| 447 | | * [http://editor.html.it/guide/leggi/139/guida-visual-studio-2008/ Visual Studio Guide] (in Italian) |
| 448 | | * [http://www.mrwebmaster.it/editor/guide/guida-visual-studio-2008/ Another Visual Studio Guide] (in Italian) |
| 449 | | * [http://blog.kowalczyk.info/article/clexe-cmd-line-args.html Visual Studio C compiler command-line arguments] |
| 450 | | * [http://msdn.microsoft.com/en-us/library/aa314791%28v=VS.60%29.aspx NMAKE Reference] |
| 451 | | * [http://msdn.microsoft.com/en-us/library/ms235591%28v=vs.80%29.aspx How to: Embed a Manifest Inside a C/C++ Application] |
| 452 | | * Windows driver signing |
| 453 | | * [http://msdn.microsoft.com/en-us/windows/hardware/gg487317 Driver Signing Requirements for Windows] |
| 454 | | * [http://msdn.microsoft.com/en-us/windows/hardware/gg487332 Digital Signatures for Kernel Modules on Windows] (very good overview) |
| 455 | | * [http://msdn.microsoft.com/en-us/library/ff546236%28v=vs.85%29.aspx How to Test-Sign a Driver Package] |
| 456 | | * [http://msdn.microsoft.com/en-us/library/aa388164%28v=vs.85%29.aspx Using MakeCat] |
| 457 | | * [http://msdn.microsoft.com/en-us/library/bfsktky3%28v=vs.80%29.aspx Makecert.exe reference] |
| 458 | | * [http://msdn.microsoft.com/en-us/library/8s9b9yaz%28v=vs.80%29.aspx Signtool.exe reference] |
| 459 | | * [http://msdn.microsoft.com/en-us/library/aa386967%28v=vs.85%29.aspx MakeCat.exe reference] |
| 460 | | * [http://msdn.microsoft.com/en-us/library/ff547089%28v=vs.85%29.aspx Inf2Cat.exe reference] |
| 461 | | * [http://msdn.microsoft.com/en-us/library/ff553952%28v=VS.85%29.aspx Viewing Code Integrity Events] |
| 462 | | * [http://social.technet.microsoft.com/wiki/contents/articles/certificates-console.aspx Certificates Console] |
| 463 | | * [http://technet.microsoft.com/en-us/library/cc737187%28WS.10%29.aspx Export a certificate with the private key] |
| 464 | | * Other tools |
| 465 | | * [http://www.7-zip.org/ 7-zip]: useful for extracting files (e.g. OpenVPN's signed TAP drivers) from NSI installers |
| 466 | | * [http://gitscc.codeplex.com/ Git Source Control Provider] is a Visual Studio 2008/2010 plugin. It can also be used to launch ''Git for Windows'' and ''!GitExtensions'' from within Visual Studio. |
| 467 | | * Debugging |
| 468 | | * [http://www.gtopala.com/ System Information for Windows]: a useful tool for debugging processor architecture issues |
| 469 | | * [http://www.dependencywalker.com/ Dependency Walker]: a tool to debug DLL issues in DLLs and EXEs |
| 470 | | * [http://weblogs.asp.net/kennykerr/archive/2007/07/10/manifest-view-1-0.aspx Manifest view]: a tool to view contents of embedded manifests in EXEs and DLLs |
| 471 | | * Windows ''Device Manager'' (for driver signing issues) |
| 472 | | * [http://msdn.microsoft.com/en-us/library/958x11bc(v=vs.80).aspx Visual C compiler debug flags] |
| | 39 | Supported platforms are x64, ARM64 and Win32. Remember to install dependency for specific platform before building openvpn. |
