= Introduction = The OpenVPN's Windows TAP-drivers consists of four files for each platform (32/64-bit): * ''.cat:'' contains cryptographic signature for the actual drivers * ''.sys:'' contains the actual driver * ''.inf:'' contains driver metadata If you need to run OpenVPN on Windows Vista/7 64-bit you have to use signed TAP drivers. Unless you sign them yourself, you need to extract drivers from an existing OpenVPN installer. See below for instructions. OpenVPN installers come bundled with a command-line tool called ''\bin\devcon.exe'' for managing the TAP-driver. Two wrapper scripts, ''addtap.bat'' and ''deltapall.bat'' are also available in the same directory. For details on ''devcon.exe'' usage look at [http://support.microsoft.com/kb/311272 Microsoft's Devcon.exe documentation]. '''NOTES:''' * OpenVPN 2.3_alpha1 and earlier ''devcon.exe'' was called ''tapinstall.exe''. * OpenVPN 2.3_rc2 installer does not install TAP utilities by default. [ticket:255 This bug] is fixed in later releases. = Manual configuration of the TAP-Windows adapter = On XP Go to ''Start -> Control Panel -> Network Connections''. You should see a "TAP-Windows Adapter" with a name like "Local Area Connection 3". Right click and rename this to something shorter and without embedded spaces such as "my-tap". Now right click again and select properties. Select Internet Protocol (TCP/IP) from the list and click on "Properties". Set the IP address and subnet mask of your new TAP device. For the example below we will use an IP of 10.3.0.1 and a subnet mask of 255.255.255.0. Other fields can be left as they are. Note also that the command line tool "netsh" can do many of these same functions. For example, the following command will set the IP and subnet for my-tap: {{{ $ netsh interface ip set address my-tap static 10.3.0.1 255.255.255.0 }}} This setting is persistent across reboots. = Installing and uninstalling TAP-drivers = Occasionally you may need play with different TAP-driver versions. In this case you can use ''devcon.exe'' from the Windows command-prompt. Below are some common commands: List available TAP-Windows adapters: {{{ $ openvpn --show-adapters Available TAP-Windows devices: [1] 'my-tap' }}} List network interfaces (incl. TAP-Windows adapters): {{{ $ ipconfig }}} View information about an installed driver: {{{ $ devcon.exe hwids }}} Uninstall a TAP-driver: {{{ $ devcon.exe remove }}} Install a new TAP-driver: {{{ $ devcon.exe install }}} Update a TAP-driver: {{{ $ devcon.exe update }}} Notes: * '''' refers to the driver identifier which is ''tap0901'' for OpenVPN 2.2+, but may be different in older/newer OpenVPN versions. * '''' is typically ''OemWin2k.inf''. By installing multiple times, you will create additional TAP-Windows adapter instances, which can be used for multiple concurrent VPN tunnels. It is also possible to install using ''Control Panel -> Add New Hardware'', and it is possible to uninstall using ''Control Panel -> System -> Hardware -> Device Manager''. = Extracting TAP-drivers from OpenVPN installers = Extracting TAP-drivers from an OpenVPN installer is relatively easy: you can use [http://www.7-zip.org/ 7-zip] to open the installer executable. There are both 32-bit and 64-bit versions, but the latter are larger in size. = Windows TAP device naming = Basically what happens when you install the TAP-Windows driver is that you get a new network adapter that shows up in your network control panel. You right click on the TAP adapter and set the TCP/IP properties, i.e. IP address and netmask. Then you rename the TAP adapter icon to something like "my-tap" and reference it using the --dev-node option in OpenVPN. Windows also has command line utilities to accomplish these same kinds of tasks such as "devcon", "netsh", and "ipconfig". = Renaming the TAP-driver = Look at [wiki:TapRenameScript this page] for a script that can be used to rename TAP-drivers.