| | 2 | |
| | 3 | TAP-Windows is an [https://github.com/OpenVPN/tap-windows OpenVPN subproject] in [https://github.com/ GitHub]. TAP-Windows is built on a Windows box, and the [wiki:BuildingUsingGenericBuildsystem OpenVPN cross-compile buildsystem] takes care of embedding the produced TAP-Windows installer into the OpenVPN Windows installer. |
| | 4 | |
| | 5 | = Setting up the Windows build computer = |
| | 6 | |
| | 7 | First install a recent version of Windows DDK and [http://nsis.sourceforge.net NSIS]. |
| | 8 | |
| | 9 | Next clone the ''tap-windows'' repository, e.g. using ''Git Bash'': |
| | 10 | |
| | 11 | {{{ |
| | 12 | $ git clone https://github.com/OpenVPN/tap-windows |
| | 13 | }}} |
| | 14 | |
| | 15 | Next you need to set some environment variables. For self-signed test certificates use something like this: |
| | 16 | |
| | 17 | {{{ |
| | 18 | set CODESIGN_PKCS12=c:\Users\John\tap-windows\my-self-signed-certificate.p12 |
| | 19 | set CODESIGN_PASS=mypassphrase |
| | 20 | set CODESIGN_ISTEST=yes |
| | 21 | }}} |
| | 22 | |
| | 23 | For paid-for software publisher certificates (SPC) you'd use something like this: |
| | 24 | |
| | 25 | {{{ |
| | 26 | set CODESIGN_PKCS12="c:\Users\John\tap-windows\my-software-publisher-certificate.p12" |
| | 27 | set CODESIGN_PASS=mypassphrase |
| | 28 | set CODESIGN_ISTEST=no |
| | 29 | set CODESIGN_CROSS="C:\Users\John\tap-windows\ca-cross-certificate.crt" |
| | 30 | set CODESIGN_TIMESTAMP="http://timestamp.domain.com" |
| | 31 | }}} |
| | 32 | |
| | 33 | If you imported the kernel-mode code-signing certicate using Internet Explorer, you can use ''certmgr.exe'' to export it in PFX (=PKCS12) format. Just make sure to include the private key in the file and to give it a sufficiently strong password, which you then define using ''CODESIGN_PASS'' variable. The CA cross certificate can be obtained from your CA and most likely needs no modifications. The URL for the timestamping service is CA-specific, but trivial to locate. |
| | 34 | |
| | 35 | = Building TAP-windows = |
| | 36 | |
| | 37 | First you need to configure the tap-windows build to use these using a Visual Studio command prompt: |
| | 38 | |
| | 39 | {{{ |
| | 40 | > configure |
| | 41 | }}} |
| | 42 | |
| | 43 | This copies the variables to ''tap-windows\config-env.bat'', which is included during build. All that's left is to build the tap-windows drivers: |
| | 44 | |
| | 45 | {{{ |
| | 46 | > build |
| | 47 | }}} |
| | 48 | |
| | 49 | Further customization for MSVC can be done using ''config-local.m4'' file which overrides variables or with environment variables which override auto detection code. This can be used, for example, to specify a custom DDK location. For details, see |
| | 50 | |
| | 51 | {{{ |
| | 52 | > configure --help |
| | 53 | }}} |
| | 54 | |
| | 55 | Finally, if you're generating an OpenVPN installer with the your modified TAP-Windows driver, put the TAP-Windows installer on a webserver and point the [wiki:BuildingUsingGenericBuildsystem OpenVPN cross-compile buildsystem] to it. |
