Version 27 (modified by 13 years ago) (diff) | ,
---|
Table of Contents
Introduction
The traditional way to build OpenVPN for Windows is to cross-compile it on *NIX. This works, but does not allow signing the TUN/TAP driver, which is required for Windows Vista/7 and later. Due to this a new, relatively simple Python-based build system was written. This new build system allows building OpenVPN on Windows more easily, but requires the use of a commercial version of Visual Studio development environment. However, the new build system is "external" from Visual Studio's viewpoint, so meddling with VS's graphical user interface is not necessary.
Installing prequisites
Visual Studio 2008 Professional
Visual Studio 2008 Professional is required to build OpenVPN on Windows. Note that the free Express edition
Windows Software Development Kit
Windows Software Development Kit (Wikipedia page) may be necessary to build OpenVPN (verify this).
Windows Driver Kit
Windows Driver Kit (Wikipedia page) is required to build the TUN/TAP driver.
Python
The new Windows build system is written in Python.
WinRAR
WinRAR or some other tool capable of extracting .tar.gz and .tar.bz2 archives is necessary to extract the LZO and OpenSSL release archives.
ActivePerl
ActivePerl is required to build OpenSSL, which in turn is required to build OpenVPN. Look here for details. Probably a standard Perl installation would also do the trick.
LZO library
Sources for the LZO library are required to build OpenVPN.
OpenSSL
Sources for the OpenSSL library are required to build OpenVPN.
Installing optional Git support
Git support is needed if you want to conveniently build the latest development code. You don't need Git support if you fetch the sources from another computer and copy them over, or use source code from release tar.gz or zip files.
Git for Windows
Git for Windows or msysgit is required to work with Git repositories on Windows.
GitExtensions
GitExtensions makes working with Git easier on Windows. It includes Visual Studio 2008 plugin, Windows explorer support and a GUI to configure and use Git repositories.
KDiff3
KDiff3 is used in handling merge conflicts. It's required by GitExtensions.
Git Source Control Provider
Git Source Control Provider is a Visual Studio 2008/2010 plugin. It can also be used to launch Git for Windows and GitExtensions from within Visual Studio.
Building OpenSSL
First download the latest (0.9.8) release from here and extract it somewhere. Using the latest one ensures there are no (known) security holes in OpenSSL. For the most part you can then follow the instructions in INSTALL.W32 and INSTALL.W64 files. Before you start, though, launch the Visual Studio 2008 x64 Cross Tools Command Prompt, which can be found from the Start menu. Unlike the standard command prompt it has all the paths to VC binaries set correctly.
From within this command prompt you'll first configure OpenSSL using the provided Perl script:
cd c:\<directory-with-openssl-sources> perl Configure VC-WIN32 --prefix=c:/<openssl-install-directory>
Some of the crypto routines are written in assembler to increase performance, so you need to/should use an assembler (e.g. MASM) in the next step:
ms\do_masm
Next compile OpenSSL using the generated makefile:
nmake -f ms\ntdll.mak nmake -f ms\ntdll.mak test nmake -f ms\ntdll.mak install
Preparing the source tree for building
If you want to build the latest development code fetch it using Git for Windows (Git shell) or GitExtensions (GUI). Check these instructions to see which Git URI to use. Once you have fetched OpenVPN sources you need to copy openssl and lzo these header file directories the root build directory:
- <lzo-directory>/include/lzo
- <openssl-directory>/include/openssl
After this the OpenVPN build directory should look like this (files omitted):
|-- contrib |-- debug |-- easy-rsa |-- images |-- install-win32 |-- lzo |-- management |-- msvc |-- openssl |-- plugin |-- sample-config-files |-- sample-keys |-- sample-scripts |-- service-win32 |-- suse |-- tap-win32 |-- win
Building OpenVPN
Fire up a console/MS DOS prompt and go to <openvpn-root-build-directory>/win. Then just start the build:
C:\Python27\python.exe build.py
To clean up before or after the build, issue
C:\Python27\python.exe build.py clean
Integrating Git with Visual Studio (optional)
If you wish to use Windows for OpenVPN development integrating Git with Visual Studio (2008) may make sense.
Troubleshooting
Compiler warnings during OpenSSL build
When building OpenSSL you're most likely encounter issues with trivial compiler warnings stopping the entire build. To circumvent this remove the /WX flag in the makefile as suggested in INSTALL.W32 file. This is harder than it seems for two reasons:
- The correct makefile is ms\ntdll.mak (not the Makefile in build root)
- You need to use Wordpad or other UNIX linefeed-aware editor to open and save the makefile
Wrong processor architecture during OpenSSL build
Second problem you may encounter is incorrect target processor architecture being used by the linker:
fatal error LNK1112: module machine type 'X86' conflicts with target machine type 'x64'
You can check the correct processor architecture with a tool like SIW. Once you know the proper target architecture you need to define it manually. If you have integrated OpenVPN to Visual Studio's graphical development environment, you can set in project properties. If you're just running the VC command-line tools, you can either append the correct architecture via linker options to the build command-line or define it in environment variables:
- http://msdn.microsoft.com/en-us/library/wk97ab1b%28v=VS.80%29.aspx
- http://msdn.microsoft.com/en-us/library/y0zzbyt4%28v=VS.80%29.aspx
Probably the easiest fix is to set the environment variable from the command-line:
c:\openssl-0.9.8o> set LINK=/MACHINE:x86
Linker can't find link.obj
During OpenSSL build the linker will look for object files from directories specified by environment variable TMP or TEMP. By default, both are set to %USERPROFILE%\Local Settings\Temp. However, if you have Cygwin installed, the chances are that it has a different idea about where to put temporary files. You can verify this with the env command:
c:\openssl-0.9.8o> env --- SNIP --- TMP=/tmp TEMP=/tmp --- SNIP --- TERM=cygwin
Unfortunately these environment variables can't be set manually with set command.
External links
- Compiling OpenVPN on Windows
- Build OpenVPN for Windows using Mingw32
- Compiling 2.1rc7 on Windows with VC (email thread)
- Installing Test-Signed Driver Packages
- Visual Studio article on Wikipedia
- Visual Studio Guide (in Italian)
- Another Visual Studio Guide (in Italian)
- Visual Studio C compiler command-line arguments
- System Information for Windows: a useful tool for debugging processor architecture issues