This article describes in detail how you can rebuild OpenVPN v2.5.4 for use on older operating systems.
Topic Overview
- Introduction
- Prerequisites
- Build Machine Setup
- Build OpenSSL v1.1.1m
- Build LZO v2.10 DLL
- Build PKCS11-Helper v1.28 DLL
- Build OpenVPN v2.5.4 include files
- Build OpenVPN v2.5.4
- Build OpenVPN-GUI v11.26 include files
- Build OpenVPN-GUI v11.26
- Build TAP-Driver v9.9.2
- Build NSIS-Installer
- OpenVPN configuration file changes for Windows XP
- Test if OpenVPN is working correctly
- OpenVPN v2.5.4 Windows XP SP3 bug
- Version and download link
- History
1. Introduction
OpenVPN v2.3.18 was the last version that officially supports Windows XP and Windows Server 2003. We lately had the need to use the newer version 2.5.4 of OpenVPN to support stronger data ciphers like AES-256-CBC. Therefore we decided to rebuild the whole package from the ground up to make it compatible with Windows XP and Windows Server 2003. The following article describes in detail how you can rebuild OpenVPN v2.5.4 for use on these older operating systems. The build process was a long journey, because it seems that all official build instructions are partly useless and lead to a dead end most of the time. For example, the official instructions state that OpenVPN for Windows is cross compiled on Linux, which is not true at all. We checked the binary and can say for sure that it is a native Windows Visual Studio build!
The benefits of this new version include:
- support of stronger data ciphers like AES-256-CBC
- new TAP-Driver with a network speed of 1 GBit/s instead of 10 MBit/s
- severe bug on Windows XP SP3 solved where we can't connect to the VPN server
If you don't care about the build steps, simply install OpenVPN v2.5.4 on Windows XP and Windows Server 2003 by running the installer package "OpenVPN-v2.5.4.exe" in the root of this archive.
Important: The following steps to build OpenVPN can be done completely in offline mode. You do not need an internet connection at all.
2. Prerequisites
We included all prerequisite packages in the download archive with the exception of the operating system, compiler suite and an unpacker for 7-Zip archives. We used the following listed packages to build the dependencies.
OpenSSL v1.1.1m
- Operating System: Windows 10 x64 Build 21H2
- Compiler Suite: Visual Studio 2019
- OpenSSL_v1.1.1m\ActivePerl-5.20.2.2002-MSWin32-x86-64int-299195.msi
- OpenSSL_v1.1.1m\dmake-4.11.20080107.ppd
- OpenSSL_v1.1.1m\dmake-4.11.20080107.tar.gz
- OpenSSL_v1.1.1m\nasm-2.15.05-installer-x86.exe
- OpenSSL_v1.1.1m\openssl-v1.1.1m.7z
LZO v2.10 DLL
- Operating System: Windows 10 x64 Build 21H2
- Compiler Suite: Visual Studio 2019
- LZO_v2.10\lzo-2.10.7z
PKCS11-Helper v1.28 DLL
- Operating System: Windows 10 x64 Build 21H2
- Compiler Suite: Visual Studio 2019
- PKCS11-Helper_v1.28.0\pkcs11-helper-1.28.0.7z
OpenVPN v2.5.4 include files
- Operating System: Windows 10 x64 Build 21H2
- Compiler Suite: Visual Studio 2019
- OpenVPN_v2.5.4\openvpn-2.5.4.7z
OpenVPN v2.5.4
- Operating System: Windows 10 x64 Build 21H2
- Compiler Suite: Visual Studio 2019
- OpenVPN_v2.5.4\block_dns.c
- OpenVPN_v2.5.4\config-msvc-version.h
- OpenVPN_v2.5.4\openvpn-2.5.4.7z
- OpenVPN_v2.5.4\route.c
- OpenVPN_v2.5.4\tap-windows.h
- OpenVPN_v2.5.4\tap-windows-master_for_XP.7z
- OpenVPN_v2.5.4\tun.c
- OpenVPN_v2.5.4\versionhelpers.h
OpenVPN-GUI v11.26 include files
- Operating System: Windows 10 x64 Build 21H2
- Compiler Suite: Visual Studio 2019
- MSYS2\msys2-i686-20160205.exe
- MSYS2\packages_20160205.7z
- OpenVPN-GUI_v11.26\openvpn-gui-11.7z
OpenVPN-GUI v11.26
- Operating System: Windows 10 x64 Build 21H2
- Compiler Suite: Visual Studio 2019
- OpenVPN-GUI_v11.26\config.h
- OpenVPN-GUI_v11.26\openvpn-gui-11.7z
- OpenVPN-GUI_v11.26\versionhelpers.h
TAP-Driver v9.9.2
- Operating System: Windows XP SP3 or Windows Server 2003 R2 SP2
- Compiler Suite: Windows Driver Development Kit v7.1.0 (7600.16385.1)
- NSIS-Installer\nsis-2.50-setup.exe
- TAP-Driver_v9.9.2\tap-windows-master_for_XP.7z
NSIS-Installer for OpenVPN v2.5.4
- Operating System: Windows XP SP3 or Windows Server 2003 R2 SP2
- NSIS-Installer\nsis-2.50-setup.exe
- NSIS-Installer\openvpn.nsi
- NSIS-Installer\openvpn-build-release-2.3.7z
- NSIS-Installer\OpenVPN-v2.3.18_last_version_for_XP.exe
- NSIS-Installer\VC-Redistributable_v14.27.29114.0_x86.exe
3. Build Machine Setup
We need two machines for building OpenVPN v2.5.4. The first one with "Windows XP SP3 x86" or "Windows Server 2003 R2 SP2 x86" and "Windows Driver Development Kit v7.1.0 (7600.16385.1)", the second one with "Windows 10 x64 Build 21H2" and "Visual Studio Enterprise 2019 Version 16.0.1". On both machines, we need an unpacker for 7-Zip archives.
Packages build on first machine
- TAP-Driver v9.9.2
- NSIS-Installer for OpenVPN v2.5.4
Packages build on second machine
- OpenSSL v1.1.1m
- LZO v2.10 DLL
- PKCS11-Helper v1.28 DLL
- OpenVPN v2.5.4 include files
- OpenVPN v2.5.4
- OpenVPN-GUI v11.26 include files
- OpenVPN-GUI v11.26
Install Visual Studio 2019 on the second machine with the following workloads:
- Desktop development with C++
- On the "Installation details" on the right side check:
- MSVC v141 - VS 2017 C++ x64/x86 build tools (v14.16)
- Choose tab "Individual components" and select the following on the left side under the category "Compilers, build tools, and runtimes":
- C++ Windows XP Support for VS 2017 (v141) tools [Deprecated]
4. Build OpenSSL v1.1.1m
- Operating System: Windows 10 x64 Build 21H2
- Compiler Suite: Visual Studio 2019
- Install "OpenSSL_v1.1.1m\ActivePerl-5.20.2.2002-MSWin32-x86-64int-299195.msi" to "C:\Perl"
- Install "OpenSSL_v1.1.1m\nasm-2.15.05-installer-x86.exe" to "C:\Program Files (x86)\NASM"
- Copy "OpenSSL_v1.1.1m\dmake-4.11.20080107.ppd" to "C:\dmake-4.11.20080107.ppd"
- Copy "OpenSSL_v1.1.1m\dmake-4.11.20080107.tar.gz" to "C:\dmake-4.11.20080107.tar.gz"
- Unpack "OpenSSL_v1.1.1m\openssl-v1.1.1m.7z" to "C:\openssl-v1.1.1m"
- To build the shared release version, open an administrative command prompt and type the following commands:
cd C:\
ppm install dmake-4.11.20080107.ppd
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvars32.bat"
set "PATH=C:\Program Files (x86)\NASM;%PATH%"
cd C:\openssl-v1.1.1m
perl Configure VC-WIN32 -D_WIN32_WINNT=0x0501 --prefix=C:\openssl-v1.1.1m-shared
nmake
nmake test
nmake install
After these steps, the OpenSSL files will be present in the directory which you specified with the "--prefix
" parameter for the perl Configure command. In our case, the shared release DLLs of OpenSSL are present in the directory "C:\openssl-v1.1.1m-shared". The include files we need are placed in "C:\openssl-v1.1.1m-shared\include\openssl". The library files we need are placed in "C:\openssl-v1.1.1m-shared\lib". We packed the complete directory into the included archive named "OpenSSL_v1.1.1m\openssl-v1.1.1m-shared.7z".
5. Build LZO v2.10 DLL
- Operating System: Windows 10 x64 Build 21H2
- Compiler Suite: Visual Studio 2019
- unpack "LZO_v2.10\lzo-2.10.7z" to "C:\lzo-2.10"
- to build the DLL release version, open an administrative command prompt and type the following commands:
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvars32.bat"
cd C:\lzo-2.10
B\win32\vc_dll.bat
We packed the complete directory into the included archive named "LZO_v2.10\lzo-2.10-shared-DLL.7z".
6. Build PKCS11-Helper v1.28 DLL
- Operating System: Windows 10 x64 Build 21H2
- Compiler Suite: Visual Studio 2019
- Unpack "PKCS11-Helper_v1.28.0\pkcs11-helper-1.28.0.7z" to "C:\pkcs11-helper-1.28.0"
- To build the DLL release version, open an administrative command prompt and type the following commands:
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvars32.bat"
cd C:\pkcs11-helper-1.28.0\lib
nmake -f Makefile.w32-vc OPENSSL=1 OPENSSL_HOME=C:\openssl-v1.1.1m-shared
We packed the complete directory into the included archive named "PKCS11-Helper_v1.28.0\pkcs11-helper-1.28.0-shared-DLL.7z". The DLL we use is located at "PKCS11-Helper_v1.28.0\pkcs11-helper-1.28.0-shared-DLL.7z\lib\libpkcs11-helper-1.dll".
7. Build OpenVPN v2.5.4 Include Files
The include file config-msvc-version.h is auto generated by the Visual Studio solution of OpenVPN. The standard OpenVPN source code does not include this file, which is absolutely necessary to build OpenVPN. In the following steps, we describe how to generate the include file config-msvc-version.h. The generated include file by this procedure is already present in the directory "OpenVPN_v2.5.4".
- Operating System: Windows 10 x64 Build 21H2
- Compiler Suite: Visual Studio 2019
- Unpack "OpenVPN_v2.5.4\openvpn-2.5.4.7z" to "C:\openvpn-2.5.4"
- To build the file "config-msvc-version.h", open an administrative command prompt and type the following commands:
cd C:\openvpn-2.5.4\build\msvc\msvc-generate
cscript //Nologo msvc-generate.js --config="C:\openvpn-2.5.4\version.m4"
--input="C:\openvpn-2.5.4\config-msvc-version.h.in"
--output="C:\openvpn-2.5.4\config-msvc-version.h"
After these steps, the resulting file is located at "C:\openvpn-2.5.4\config-msvc-version.h".
Pay attention: This file does contain errors! It seems the PRODUCT_VERSION_PATCH
has a wrong value
of ".4
" instead of simply "4
". Therefore also the PACKAGE_VERSION
and PRODUCT_VERSION
are wrong and
have both the value "2.5..4
". This error is triggered by the file "C:\openvpn-2.5.4\version.m4" which has the following define
:
define([PRODUCT_VERSION_PATCH], [.4])
If we correct this line and remove the point, we get another error in the config-msvc-version.h file. After this change, the PACKAGE_STRING
is "OpenVPN 2.54", which is missing a point, but both the PACKAGE_VERSION
and PRODUCT_VERSION
are correct. We already corrected these errors manually in the included file "OpenVPN_v2.5.4\config-msvc-version.h".
The file tap-windows.h is copied from the archive "OpenVPN_v2.5.4\tap-windows-master_for_XP.7z\src\tap-windows.h". The file versionhelpers.h is copied from the Windows 10 SDK version 10.0.17763.0 which comes with Visual Studio 2019. We slightly modified it to make it work without additional include files like winapifamily.h. The original file is located at "C:\Program Files (x86)\Windows Kits\10\Include\10.0.17763.0\um\VersionHelpers.h" after Visual Studio 2019 is installed.
8. Build OpenVPN v2.5.4
- Operating System: Windows 10 x64 Build 21H2
- Compiler Suite: Visual Studio 2019
- unpack "OpenVPN_v2.5.4\openvpn-2.5.4.7z" to "C:\openvpn-2.5.4"
This step is not necessary if you compiled OpenVPN v2.5.4 include files before! - Start Visual Studio 2019 > Create a new project > Empty Project > Next >
Project name: openvpn
Location: C:\Users\Public
Solution name: openvpn
check "Place solution and project in the same directory"
> Create - Copy all files and directories from "C:\openvpn-2.5.4\src\openvpn" to "C:\Users\Public\openvpn".
Do not overwrite the files "openvpn.vcxproj" and "openvpn.vcxproj.filters". - Delete the following files from the directory "C:\Users\Public\openvpn":
Makefile.am
Makefile.in - Copy the file "C:\openvpn-2.5.4\config-msvc.h" to "C:\Users\Public\openvpn"
- Copy the file "C:\openvpn-2.5.4\include\openvpn-msg.h" to "C:\Users\Public\openvpn"
- Copy the file "C:\openvpn-2.5.4\include\openvpn-plugin.h" to "C:\Users\Public\openvpn"
- Copy the file "OpenVPN_v2.5.4\block_dns.c" to "C:\Users\Public\openvpn" and overwrite the existing file.
This newly created C source file contains code to support DNS leak blocking for Windows XP. - Copy the file "OpenVPN_v2.5.4\config-msvc-version.h" to "C:\Users\Public\openvpn".
- Copy the file "OpenVPN_v2.5.4\route.c" to "C:\Users\Public\openvpn" and overwrite the existing file.
This changes the function get_default_gateway_ipv6 and simply returns, because Windows XP does not support IPv6 at all correctly without a dual stack in combination with IPv4. We can discard this completely and simply return from the function. The implementation of GetBestRoute
in Windows XP does not support IPv6 at all. - Copy the file "OpenVPN_v2.5.4\tap-windows.h" to "C:\Users\Public\openvpn".
- Copy the file "OpenVPN_v2.5.4\tun.c" to "C:\Users\Public\openvpn" and overwrite the existing file.
This changes the function windows_set_mtu to compile on Windows XP. The patch and function will not work at all. We tried several methods to set the MTU without success. Read the comments inside the code for more details. - Copy the file "OpenVPN_v2.5.4\versionhelpers.h" to "C:\Users\Public\openvpn".
- Copy "C:\openssl-v1.1.1m-shared" to "C:\Users\Public\openvpn\OpenSSL_v1.1.1m".
- Delete the following directories:
C:\Users\Public\openvpn\OpenSSL_v1.1.1m\bin
C:\Users\Public\openvpn\OpenSSL_v1.1.1m\html - Copy "C:\lzo-2.10" to "C:\Users\Public\openvpn\lzo-2.10".
- Delete all files and directories in the folder "C:\Users\Public\openvpn\lzo-2.10" except "include", "lzo2.dll" and "lzo2.lib".
- Copy "C:\pkcs11-helper-1.28.0" to "C:\Users\Public\openvpn\pkcs11-helper-1.28.0".
- Delete all files and directories in the folder "C:\Users\Public\openvpn\pkcs11-helper-1.28.0" except "include" and "lib".
- Delete the following files:
C:\Users\Public\openvpn\pkcs11-helper-1.28.0\include\Makefile.am
C:\Users\Public\openvpn\pkcs11-helper-1.28.0\include\Makefile.in
C:\Users\Public\openvpn\pkcs11-helper-1.28.0\include\pkcs11-helper-1.0\Makefile.am
C:\Users\Public\openvpn\pkcs11-helper-1.28.0\include\pkcs11-helper-1.0\Makefile.in
C:\Users\Public\openvpn\pkcs11-helper-1.28.0\include\pkcs11-helper-1.0\pkcs11h-version.h.in - Delete all files in the folder "C:\Users\Public\openvpn\pkcs11-helper-1.28.0\lib" except "libpkcs11-helper-1.dll" and "pkcs11-helper.dll.lib".
- In VS2019 Solution Explorer, right click on openvpn "Header Files" > Add > Existing Item... > in the "File name" field, enter "*.h" and press Enter > select first header file. Press Shift and click on the last header file > Add.
- Right click on openvpn "Resource Files" > Add > Existing Item... > select "openvpn_win32_resources.rc" > Add.
- Right click on openvpn "Source Files" > Add > Existing Item... > in the "File name" field enter "*.c" and press Enter > select first C source file, press Shift and click on the last C source file > Add.
- In Solution Explorer, right click on "Solution 'openvpn' (1 project)" > Add > New Project... >
Empty Project > Next >
Project Name: compat
Location: C:\Users\Public
> Create - Copy all files from "C:\openvpn-2.5.4\src\compat" to "C:\Users\Public\compat".
Do not overwrite the files "openvpn.vcxproj" and "openvpn.vcxproj.filters". - Delete the following files from the directory "C:\Users\Public\compat":
Debug.props
Makefile.am
Makefile.in
PropertySheet.props
Release.props - Copy the file, "C:\openvpn-2.5.4\config-msvc.h" to "C:\Users\Public\compat".
- Copy the file, "OpenVPN_v2.5.4\config-msvc-version.h" to "C:\Users\Public\compat"
- In VS2019 Solution Explorer, right click on compat "Header Files" > Add > Existing Item... > in the "File name" field, enter "*.h" and press Enter > select first header file, press Shift and click on the last header file > Add.
- Right click on compat "Source Files" > Add > Existing Item... > in the "File name" field, enter "*.c" and press Enter > select first C source file, press Shift and click on the last C source file > Add.
- In Solution Explorer, select compat > Menu > Project > Properties > choose Configuration:
All Configurations > Platform: All Platforms and change the following values:
Configuration Properties > General
- Platform Toolset: Visual Studio 2017 - Windows XP (v141_xp)
- Configuration Type: Static library (.lib)
Configuration Properties > C/C++ > Preprocessor
- Preprocessor Definitions > choose arrow > <Edit...> > enter
_CRT_SECURE_NO_WARNINGS
> OK
Configuration Properties > C/C++ > Command Line
- Additional Options > enter
/D_WIN32_WINNT=0x0501
Configuration Properties > Linker > Manifest File
- Generate Manifest: No (/MANIFEST:NO)
> OK
- Open the file "C:\Users\Public\compat\config-msvc.h" and change code line 1 from
#include <config-msvc-version.h>
to:
#include "config-msvc-version.h"
In addition, add a new line before line 172 and insert the following code:
#define _WIN32_WINNT_VISTA 0x0600
- To solve the warning "Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio.", do the following steps:
In Solution Explorer, select compat > Menu > View > Property Manager > right click "compat" > Add New Project Property Sheet... > Add > expand "compat" > expand "Debug | Win32" > Right click on PropertySheet > Properties > Common Properties > User Macros > button "Add Macro":
Name: XPDeprecationWarning
Value: false
> 2 x OK
This property sheets gets added to every build configuration automatically. - In Solution Explorer, select openvpn > Menu > Project > Properties > choose Configuration: All Configurations > Platform: All Platforms and change the following values:
Configuration Properties > General
- Platform Toolset: Visual Studio 2017 - Windows XP (v141_xp)
Configuration Properties > VC++ Directories
- Include Directories > choose arrow > <Edit...> > choose a new line for every value listed here > enter
..\compat
$(SolutionDir)\lzo-2.10\include
$(SolutionDir)\OpenSSL_v1.1.1m\include
$(SolutionDir)\pkcs11-helper-1.28.0\include
> OK
- Library Directories > choose arrow > <Edit...> > choose a new line for every value listed here > enter
$(OutDir)
This is used for compat.lib static library, otherwise the library is not found.
$(SolutionDir)\lzo-2.10
$(SolutionDir)\OpenSSL_v1.1.1m\lib
$(SolutionDir)\pkcs11-helper-1.28.0\lib
> OK
Configuration Properties > C/C++ > General
- Warning Level: Level2 (/W2)
This will suppress 238 warnings. The developers also do this in the original openvpn VS2019 solution.
Configuration Properties > C/C++ > Preprocessor
- Preprocessor Definitions > choose arrow > <Edit...> > enter
_CRT_NONSTDC_NO_DEPRECATE<br /> _CRT_SECURE_NO_WARNINGS
> OK
Configuration Properties > C/C++ > Command Line
- Additional Options > enter
/D_WIN32_WINNT=0x0501
Configuration Properties > Linker > Input
- Additional Dependencies > choose arrow > <Edit...> > enter
compat.lib
libssl.lib
libcrypto.lib
lzo2.lib
pkcs11-helper.dll.lib
gdi32.lib
ws2_32.lib
wininet.lib
crypt32.lib
iphlpapi.lib
winmm.lib
rpcrt4.lib
setupapi.lib
advapi32.lib > OK
Configuration Properties > Linker > Manifest File
- Generate Manifest: No (/MANIFEST:NO)
> OK - In Solution Explorer, select openvpn > Menu > Project > Project Dependencies... > tab Dependencies > Project: choose openvpn > Depends on: check compat > OK
- Open the file "C:\Users\Public\openvpn\config-msvc.h" and change code line 1 from:
#include <config-msvc-version.h>
to:
#include "config-msvc-version.h"
In addition, add a new line before line 172 and insert the following code:
#define _WIN32_WINNT_VISTA 0x0600
- Open file, "C:\Users\Public\openvpn\tun.h" and change the code line 29 from:
#include <tap-windows.h>
to:
#include "tap-windows.h"
- Open file "C:\Users\Public\openvpn\win32.c" and change the code line 50 from:
#include <versionhelpers.h>
to:
#include "versionhelpers.h"
- Open file "C:\Users\Public\openvpn\syshead.h" and change the code line 586 from:
#define ENABLE_CRYPTOAPI
to:
- Open file "C:\Users\Public\openvpn\console_systemd.c" and change the code line 30 from:
#include "config.h"
to:
- Open file "C:\Users\Public\openvpn\ssl_ncp.h" and change code line 53 from:
check_pull_client_ncp(struct context *c, int found);
to:
check_pull_client_ncp(struct context *c, const int found);
- Open file "C:\Users\Public\openvpn\auth_token.c" and change code line 62 from:
const char *state;
to:
const char *state = "Invalid";
- Open file "C:\Users\Public\openvpn\pkcs11-helper-1.28.0\include\pkcs11-helper-1.0\pkcs11.h" and change code line 1213 from:
struct ck_interface **interface,
to:
struct ck_interface **Interface,
- To solve the warning, "Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio.", do the following steps:
In Solution Explorer, select openvpn > Menu > View > Property Manager > right click "openvpn" > Add New Project Property Sheet... > Add > expand "openvpn" > expand "Debug | Win32" > right click on PropertySheet > Properties > Common Properties > User Macros > button "Add Macro":
Name: XPDeprecationWarning
Value: false
> 2 x OK
This property sheets gets added to every build configuration automatically. - Choose Menu > Build > Configuration Manager... > Active solution configuration: Release > Active solution platform: x86 > Close
- In Solution Explorer, select compat > Menu > Project > Properties > choose Configuration: Active(Release) > Platform: Active(Win32) and change the following values:
Configuration Properties > C/C++ > Optimization
- Optimization: Maximum Optimization (Favor Size) (/O1)
- Enable Intrinsic Functions: No
- Favor Size Or Speed: Favor small code (/Os)
> OK - In Solution Explorer, select openvpn > Menu > Project > Properties > choose Configuration: Active(Release) > Platform: Active(Win32) and change the following values:
Configuration Properties > C/C++ > Optimization
- Optimization: Maximum Optimization (Favor Size) (/O1)
- Enable Intrinsic Functions: No
- Favor Size Or Speed: Favor small code (/Os)
Linker > Debugging
> OK - Choose Menu > Build > Rebuild Solution
We can now compile the debug and release configuration for Windows XP without any errors or warnings.
The final source code package is located at "OpenVPN_v2.5.4\openvpn_v2.5.4_20220123_for_XP.7z".
9. Build OpenVPN-GUI v11.26 Include Files
The include file config.h is auto generated on Linux platforms. The standard OpenVPN-GUI source code does not include this file, which is absolutely necessary to build the OpenVPN-GUI. In the following steps, we describe how to generate the include file config.h. The generated include file by this procedure is already present in the directory "OpenVPN-GUI_v11.26".
- Operating System: Windows 10 x64 Build 21H2
- Compiler Suite: Visual Studio 2019
- Install "MSYS2\msys2-i686-20160205.exe" to "C:\msys32" > uncheck "Run MSYS2 32 bit now." after installation is finished > Finish
Attention: We need at least 2 to 3 GB free space on drive C: to install MSYS2 with all necessary packages! - Unpack "MSYS2\packages_20160205.7z" to "C:\packages_20160205".
- Copy all packages from "C:\packages_20160205\all-in-one" directory to "C:\msys32\var\cache\pacman\pkg" directory.
- Run "C:\msys32\mingw32_shell.bat" as Administrator.
- Run the following command in MINGW32 shell:
pacman -S autoconf automake libtool make mingw-w64-i686
mingw-w64-i686-toolchain mingw-w64-x86_64 mingw-w64-x86_64-toolchain nasm pkg-config
Press 4 x Enter and 'Y' to install all packages.
This will install all 129 packages which are present inside the pkg directory.
- Now we can delete all files in the directory "C:\msys32\var\cache\pacman\pkg"
- Unpack "OpenVPN-GUI_v11.26\openvpn-gui-11.7z" to "C:\msys32\home\UserName\openvpn-gui"
- Run the following commands in MINGW32 shell:
cd openvpn-gui
autoreconf -i -v
./configure --prefix=/ --host=i686-w64-mingw32 --build=i686-pc-mingw32
--program-prefix='' OPENSSL_CRYPTO_CFLAGS="-I /home/UserName/openssl-v1.1.1m/include/"
OPENSSL_CRYPTO_LIBS="-L /home/UserName/openssl-v1.1.1m/lib/ -lcrypto"
It does not matter if the OpenSSL directory is present or not for the configure
command. After this configure
command, the file "C:\msys32\home\UserName\openvpn-gui\config.h" is created. If we only want to build the OpenVPN-GUI on Visual Studio 2019, we can stop here. It is recommended to stop here and not try to build the OpenVPN-GUI with MSYS2, because even if we would manage to get a working executable, this is at least double the size of the Windows executable build with Visual Studio 2019.
The file versionhelpers.h is copied from the Windows 10 SDK version 10.0.17763.0 which comes with Visual Studio 2019. We slightly modified it to make it work without additional include files like winapifamily.h. The original file is located at "C:\Program Files (x86)\Windows Kits\10\Include\10.0.17763.0\um\VersionHelpers.h" after Visual Studio 2019 is installed.
10. Build OpenVPN-GUI v11.26
- Operating System: Windows 10 x64 Build 21H2
- Compiler Suite: Visual Studio 2019
- Unpack "OpenVPN-GUI_v11.26\openvpn-gui-11.7z" to "C:\openvpn-gui".
- Start Visual Studio 2019 > Create a new project > Empty Project > Next >
Project name: openvpn-gui
Location: C:\Users\Public
Solution name: openvpn-gui
Check "Place solution and project in the same directory"
> Create - Copy all files and directories from "C:\openvpn-gui" to "C:\Users\Public\openvpn-gui".
- Delete the following files from the directory "C:\Users\Public\openvpn-gui":
aclocal.m4
compile
config.guess
config.h.in
config.sub
configure
configure.ac
COPYING
COPYRIGHT.GPL
depcomp
install-sh
Makefile.am
Makefile.in
missing - Move all files from the directory "C:\Users\Public\openvpn-gui\res" to "C:\Users\Public\openvpn-gui".
- Delete the directory "C:\Users\Public\openvpn-gui\res".
- Copy the file "OpenVPN-GUI_v11.26\config.h" to "C:\Users\Public\openvpn-gui".
- Copy the file "OpenVPN-GUI_v11.26\versionhelpers.h" to "C:\Users\Public\openvpn-gui".
- Delete the directory "C:\OpenSSL_v1.1.1m" if it is present.
- Unpack "OpenSSL_v1.1.1m\openssl-v1.1.1m-shared.7z" to "C:\OpenSSL_v1.1.1m".
- Copy "C:\OpenSSL_v1.1.1m" to "C:\Users\Public\openvpn-gui\OpenSSL_v1.1.1m".
- Delete the following directories:
C:\Users\Public\openvpn-gui\OpenSSL_v1.1.1m\bin
C:\Users\Public\openvpn-gui\OpenSSL_v1.1.1m\html - In VS2019 Solution Explorer, right click on
openvpn-gui
"Header Files" > Add > Existing Item... > in the "File name" field enter "*.h" and press Enter > select first header file, press Shift and click on the last header file > Add. - Right click on "Resource Files" > Add > Existing Item... > Select "openvpn-gui-res.rc" > Add
- Right click on "Source Files" > Add > Existing Item... > in the "File name" field enter "*.c" and press Enter > select first C source file, press Shift and click on the last C source file > Add.
- In Solution Explorer, select
openvpn-gui
> Menu > Project > Properties > choose Configuration: All Configurations > Platform: All Platforms and change the following values:
Configuration Properties > General
- Platform Toolset: Visual Studio 2017 - Windows XP (v141_xp)
- Character Set: Use Unicode Character Set
Configuration Properties > VC++ Directories
- Include Directories > choose arrow > <Edit...> > choose New Line > enter
$(SolutionDir)\OpenSSL_v1.1.1m\include
> OK - Library Directories > choose arrow > <Edit...> > choose New Line > enter
$(SolutionDir)\OpenSSL_v1.1.1m\lib
> OK
Configuration Properties > C/C++ > Preprocessor
- Preprocessor Definitions > choose arrow > <Edit...> > enter
_CRT_NONSTDC_NO_DEPRECATE
_CRT_SECURE_NO_WARNINGS
> OK
Configuration Properties > C/C++ > Command Line
- Additional Options > enter
/D "HAVE_CONFIG_H" /D "WIN32_LEAN_AND_MEAN" /D_WIN32_WINNT=0x0501
Configuration Properties > Linker > Input
- Additional Dependencies > choose arrow > <Edit...> > enter
ws2_32.lib
libcrypto.lib
libssl.lib
secur32.lib
netapi32.lib
comctl32.lib
wininet.lib
wtsapi32.lib
crypt32.lib
shlwapi.lib
winhttp.lib
> OK
Configuration Properties > Linker > Manifest File
- Generate Manifest: No (/MANIFEST:NO)
Configuration Properties > Linker > System
- SubSystem: Windows (/SUBSYSTEM:WINDOWS)
Configuration Properties > Resources > Command Line
- Additional Options > enter
/D "HAVE_CONFIG_H"
> OK - Menu > Build > Rebuild Solution > Menu > View > Error List
- Click on all errors "
Cannot open include file: 'config.h': No such file or directory
" and change the line from:
#include <config.h>
to:
#include "config.h"
- Click on all errors "
'wcstok': too few arguments for call
" and change the first code location from:
pch = wcstok(buf, L"\r\n");
to:
wchar_t *state;
pch = wcstok(buf, L"\r\n", &state);
Change the second code location from:
pch = wcstok(NULL, L"\r\n");
to:
pch = wcstok(NULL, L"\r\n", &state);
- Menu > Build > Rebuild Solution > Menu > View > Error List
- Click on all errors "
'wcstok': too few arguments for call
" and change the first code location from:
LPWSTR token = wcstok(proxy_str, delim);
to:
wchar_t *state;
LPWSTR token = wcstok(proxy_str, delim, &state);
Change the second code location from:
token = wcstok(NULL, delim);
to:
token = wcstok(NULL, delim, &state);
- Click on error "
'AURL_ENABLEURL': undeclared identifier
" and change the code from:
SendMessage(hmsg, EM_AUTOURLDETECT, AURL_ENABLEURL, 0);
to:
#define AURL_ENABLEURL 1
SendMessage(hmsg, EM_AUTOURLDETECT, AURL_ENABLEURL, 0);
- Click on both errors "
Cannot open include file 'versionhelpers.h': No such file or directory
" and change the code location from:
#include <versionhelpers.h>
to:
#include "versionhelpers.h"
- Click on error "
Cannot open include file 'combaseapi.h': No such file or directory
" and change the code location from:
#include <combaseapi.h>
to:
- Menu > Build > Rebuild Solution > Menu > View > Error List
- Click on warning "
formal parameter 2 different from declaration
" right click on the function IsUserInGroup
> Go To Declaration > change code location from:
static BOOL IsUserInGroup(PSID sid, PTOKEN_GROUPS token_groups, const WCHAR *group_name);
to:
static BOOL IsUserInGroup(PSID sid, const PTOKEN_GROUPS token_groups,
const WCHAR *group_name);
- Click on warning "
'CompareStringOrdinal' undefined; assuming extern returning int
" and change the code location from:
int cmp = CompareStringOrdinal(nameval1, (int)len1, nameval2, (int)len2, ignore_case);
to:
int cmp = wcsncmp(nameval1, nameval2, (len1 > len2 ? len2 : len1));
- Click on warning "
'=': conversion from 'DWORD' to 'LANGID', possible loss of data
" and change code location from:
gui_language = ( value != 0 ? value : GetUserDefaultUILanguage() );
to:
gui_language = (LANGID)( value != 0 ? value : GetUserDefaultUILanguage() );
- Click on warning "
formal parameter 2 different from declaration
" and change code location from:
LoadLocalizedStringBuf(PTSTR buffer, int bufferSize, const UINT stringId, ...)
to:
LoadLocalizedStringBuf(PTSTR buffer, const int bufferSize, const UINT stringId, ...)
- Click on warning "
'function': conversion from 'DWORD' to 'u_short'
, possible loss of data and change code location from:
c->manage.skaddr.sin_port = htons(o.mgmt_port_offset + config);
to:
c->manage.skaddr.sin_port = htons((u_short)o.mgmt_port_offset + config);
- Click on warning "
'RegGetValueW' undefined; assuming extern returning int
" and change code location from:
if (RegGetValueW (regkey, NULL, L"version", RRF_RT_REG_BINARY, NULL, v, &len)
to:
if (RegQueryValueEx(regkey, L"version", NULL, NULL, (LPBYTE)v, &len)
- Click on warning "
'RegCopyTree' undefined; assuming extern returning int
" and change code location from:
status = RegCopyTree (regkey_nilings, NULL, regkey_proxy);
to:
status = SHCopyKey(regkey_nilings, NULL, regkey_proxy, 0);
- Click on warning "
'RegDeleteTree' undefined; assuming extern returning int
" and change code location from:
RegDeleteTree (HKEY_CURRENT_USER, GUI_REGKEY_HKCU);
to:
SHDeleteKey(HKEY_CURRENT_USER, GUI_REGKEY_HKCU);
- Go to the start of the C source file registry.c and place the following include after <shlobj.h>:
#include <shlwapi.h>
- Menu > Build > Rebuild Solution > Menu > View > Error List
- Click on error "
'TTI_ERROR_LARGE': undeclared identifier
" and change the code location from:
bt.ttiIcon = TTI_ERROR_LARGE;
to:
#define TTI_ERROR_LARGE 6
bt.ttiIcon = TTI_ERROR_LARGE;
- Click on error "
'IID_IFileOpenDialog': undeclared identifier
", comment out the complete function "BrowseFolder
" and add the following replacement functions:
INT CALLBACK BrowseCallbackProc(HWND hwnd, UINT uMsg, LPARAM lp, LPARAM pData)
{
if (uMsg == BFFM_INITIALIZED) SendMessage(hwnd, BFFM_SETSELECTION, TRUE, pData);
return 0;
}
static BOOL BrowseFolder(const WCHAR * initial_path,
WCHAR * selected_path, size_t selected_path_size)
{
HRESULT initResult = CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
if (FAILED(initResult))
{
return false;
}
BROWSEINFO br;
ZeroMemory(&br, sizeof(BROWSEINFO));
br.lpfn = BrowseCallbackProc;
br.ulFlags = BIF_RETURNONLYFSDIRS | BIF_NEWDIALOGSTYLE;
br.hwndOwner = NULL;
br.lParam = (LPARAM)initial_path;
LPITEMIDLIST pidl = NULL;
if ((pidl = SHBrowseForFolder(&br)) != NULL)
{
wchar_t path[MAX_PATH];
if (SHGetPathFromIDList(pidl, path))
{
wcsncpy(selected_path, path, wcslen(path));
}
}
CoUninitialize();
return true;
}
- Menu > Build > Rebuild Solution > Menu > View > Error List
- Click on error "
cannot open include file '../openvpn-gui-res.h'.
" and change the code location from:
#include "../openvpn-gui-res.h"
to:
#include "openvpn-gui-res.h"
- Click on warning "
'function': conversion from 'time_t' to 'unsigned int', possible loss of data
" and change the code location from:
srand(time(NULL));
to:
srand((unsigned int)time(NULL));
- Click on warning "
'initializing': conversion from 'unsigned __int64' to 'double', possible loss of data
" and change the code location from:
double x = c;
to:
double x = (double)c;
- Click on warning "
'function': conversion from 'time_t' to 'unsigned int', possible loss of data
" and change the code location from:
srand(time(NULL));
to:
srand((unsigned int)time(NULL));
- Click on warning "
'function': different 'const' qualifiers
" and change the code location from:
void *tmp = realloc(options->auto_connect, sizeof(wchar_t *)*options->max_auto_connect);
to:
void *tmp = realloc((void*)options->auto_connect,
sizeof(wchar_t *)*options->max_auto_connect);
- To solve the warning "Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio.", do the following steps:
Menu > View > Property Manager > right click "openvpn-gui
" > Add New Project Property Sheet... > Add > expand "openvpn-gui
" > expand "Debug | Win32" > right click on PropertySheet > Properties > Common Properties > User Macros > button "Add Macro":
Name: XPDeprecationWarning
Value: false
> 2 x OK
This property sheets gets added to every build configuration automatically. - Choose Menu > Build > Configuration Manager... > Active solution configuration: Release > Active solution platform: x86 > Close
- In Solution Explorer, select
openvpn-gui
> Menu > Project > Properties > choose Configuration: Active(Release) > Platform: Active(Win32) and change the following values:
Configuration Properties > C/C++ > Optimization
- Optimization: Maximum Optimization (Favor Size) (/O1)
- Enable Intrinsic Functions: No
- Favor Size Or Speed: Favor small code (/Os)
Linker > Debugging
> OK - choose Menu > Build > Rebuild Solution
We can now compile the debug and release configuration for Windows XP without any errors or warnings.
The final source code package is located at "OpenVPN-GUI_v11.26\openvpn-gui_v11.26_20220123_for_XP.7z".
11. Build TAP-Driver v9.9.2
We have to rebuild the TAP-Driver for Windows XP, because the original driver of OpenVPN v2.3.18 does only support a speed of 10 MBit/s. This limits our connection dramatically. Therefore, we implemented a patch to support 1 GBit/s, although the theoretical VPN limit would be around 250 to 300 MBit/s.
The final source code package is located at "TAP-Driver_v9.9.2\tap_v9.9.2_20220123_for_XP.7z".
12. Build NSIS-Installer
- Operating System: Windows XP SP3 or Windows Server 2003 R2 SP2
- Install "NSIS-Installer\nsis-2.50-setup.exe"
- Create the directory "C:\nsis"
- Unpack "NSIS-Installer\OpenVPN-v2.3.18_last_version_for_XP.exe" to "C:\nsis\OpenVPN-v2.3.18"
- Unpack "NSIS-Installer\openvpn-build-release-2.3.7z" to "C:\nsis\openvpn-build-release-2.3"
- Copy "C:\nsis\openvpn-build-release-2.3\windows-nsis\install-whirl.bmp" to "C:\nsis"
- Copy "C:\nsis\openvpn-build-release-2.3\windows-nsis\nsProcess.dll" to "C:\nsis"
- Copy "C:\nsis\openvpn-build-release-2.3\windows-nsis\nsProcess.nsh" to "C:\nsis"
- Copy "NSIS-Installer\VC-Redistributable_v14.27.29114.0_x86.exe" to "C:\nsis"
- Delete the directory "C:\nsis\OpenVPN-v2.3.18\$PLUGINSDIR"
- Delete the file "C:\nsis\OpenVPN-v2.3.18\$TEMP\tap-windows.exe"
- Delete all files and directories in the folder "C:\nsis\OpenVPN-v2.3.18\bin" except "openvpnserv.exe"
- Unpack "OpenSSL_v1.1.1m\openssl-v1.1.1m-shared.7z" to "C:\OpenSSL_v1.1.1m"
- Copy "C:\OpenSSL_v1.1.1m\bin\libcrypto-1_1.dll" to "C:\nsis\OpenVPN-v2.3.18\bin"
- Copy "C:\OpenSSL_v1.1.1m\bin\libssl-1_1.dll" to "C:\nsis\OpenVPN-v2.3.18\bin"
- Copy "C:\OpenSSL_v1.1.1m\bin\openssl.exe" to "C:\nsis\OpenVPN-v2.3.18\bin"
- Unpack "PKCS11-Helper_v1.28.0\pkcs11-helper-1.28.0-shared-DLL.7z" to "C:\pkcs11-helper-1.28.0"
- Copy "C:\pkcs11-helper-1.28.0\lib\libpkcs11-helper-1.dll" to "C:\nsis\OpenVPN-v2.3.18\bin"
- Unpack "LZO_v2.10\lzo-2.10-shared-DLL.7z" to "C:\lzo-2.10"
- Copy "C:\lzo-2.10\lzo2.dll" to "C:\nsis\OpenVPN-v2.3.18\bin"
- Unpack "OpenVPN_v2.5.4\openvpn_v2.5.4_20220123_for_XP.7z" to "C:\openvpn_v2.5.4_20220123_for_XP"
- Copy "C:\openvpn_v2.5.4_20220123_for_XP\bin\openvpn.exe" to "C:\nsis\OpenVPN-v2.3.18\bin"
- Unpack "OpenVPN-GUI_v11.26\openvpn-gui_v11.26_20220123_for_XP.7z" to "C:\openvpn-gui_v11.26_20220123_for_XP"
- Copy "C:\openvpn-gui_v11.26_20220123_for_XP\bin\openvpn-gui.exe" to "C:\nsis\OpenVPN-v2.3.18\bin"
- Copy "C:\tap\tap-windows-9.9.2.exe" to "C:\nsis\OpenVPN-v2.3.18\$TEMP\tap-windows.exe"
- Delete the directory "C:\nsis\openvpn-build-release-2.3"
- Copy "NSIS-Installer\openvpn.nsi" to "C:\nsis\openvpn.nsi"
- Start > Programs > NSIS > Compile NSI scripts
- Menu > File > Load Script... > choose file "C:\nsis\openvpn.nsi" > Open > the NSI script is compiled automatically, we should not see any errors at the end of compilation > Close > close NSIS compiler window
The newly created OpenVPN installer is located at "C:\nsis\OpenVPN-v2.5.4.exe". The final source code package is located at "NSIS-Installer\NSIS_Installer_Package_20220123_for_XP.7z".
13. OpenVPN Configuration File Changes for Windows XP
We should change the following three parameters in the OpenVPN configuration file for Windows XP:
block-outside-dns
route-ipv6 ::/0
auth-nocache
The parameter "block-outside-dns
" is used to block DNS traffic and remove a potential DNS leak. If this parameter is commented out in your VPN configuration file, you should enable it.
To completely disable IPv6 routing, we should comment out the parameter "route-ipv6 ::/0
". Otherwise,
we see the following error message:
ERROR: Windows route add ipv6 command failed: returned error code 1
We also should enable the additional parameter "auth-nocache
". This disables password caching in memory. Without this parameter, we see the following error message in the log:
WARNING: this configuration may cache passwords in memory
-- use the auth-nocache option to prevent this
A correct example configuration file section will look like follows:
block-outside-dns
#route-ipv6
auth-nocache
14. Test if OpenVPN is Working Correctly
To test the correct working of OpenVPN, we can use the following three internet sites:
- https://hide.me/en/check
Checks the IP address and the provider that uses this address. This should display only servers of your VPN network. - https://www.dnsleaktest.com
Checks for DNS leaks. DNS leaks can show the internet browsing history if the traffic is not routed correctly. - https://ipleak.net
Checks for DNS leaks and WebRTC leaks.
To disable a potential WebRTC leak in your browser, do the following steps based on your browser:
- Mozilla Firefox: Type "
about:config
" in the address bar, scroll down to "media.peerconnection.enabled", double click to set it to false - Google Chrome: Install Google official extension WebRTC Network Limiter
- Opera: Type "
about:config
" in the address bar or go to "Settings", select "Show advanced settings" and click on "Privacy & security". At "WebRTC", mark select "Disable non-proxied UDP".
15. OpenVPN v2.5.4 Windows XP SP3 Bug
OpenVPN v2.5.4 contains a severe bug on Windows XP SP3. If we try to connect to the VPN server, we see the following buffer size error in the log file:
2022-01-09 14:24:02 open_tun
2022-01-09 14:24:02 MANAGEMENT: Client disconnected
2022-01-09 14:24:02 fatal buffer size error, size=2089877947
2022-01-09 14:24:02 Exiting due to fatal error
The buffer size of 2089877947 can change randomly. This error is caused by the source code file "tun.c" and the function "get_device_instance_id_interface
". The call to CM_Get_Device_Interface_List_Size
returns CR_SUCCESS
and a random interface list size, which is invalid and based on the value of the variable dev_interface_list_size
on function entry. That is the reason why the following call to alloc_buf_gc
fails, because the specified buffer size is too big. To solve this problem, we have to simply change code line 3672 from:
ULONG dev_interface_list_size;
to:
ULONG dev_interface_list_size = 0;
This initializes the device interface list size with zero and the returned list size is 1 on Windows XP SP3 for an empty list. The error does not occur on Windows Server 2003 R2 SP2, where a valid list size is returned without any problems.
16. Version and Download Link
The complete OpenVPN package with all necessary files can be downloaded from Sourceforge, because we have not managed to upload the 450 MB of data to CodeProject.
Thanks for your attention and interest in this topic.
Greets Kai Schtrom
History
- 23rd January, 2022: Version 1.0