How to build OpenVPN server: FreeBSD 10.3 base
sudo pkg install git gcc autoconf automake libtool wget
./build-server
How to build SoftEther server: FreeBSD 10.3 base
sudo pkg install libiconv-1.14_9 gmake
./build-softether-freebsd64
How to build OpenVPN client:
Ubuntu 16.04 LTS base
sudo apt-get install git gcc g++ autoconf automake man2html mingw-w64
./build-clients
How to build TAP-Windows:
[[TOC(inline, depth=1)]]
= Introduction =
TAP-Windows is an [https://github.com/OpenVPN/tap-windows OpenVPN subproject] in [https://github.com/ GitHub]. TAP-Windows is built on a Windows box, and the [wiki:BuildingUsingGenericBuildsystem OpenVPN cross-compile buildsystem] takes care of embedding the produced TAP-Windows installer into the OpenVPN Windows installer.
If you're building [https://github.com/OpenVPN/tap-windows6 tap-windows6] instead, please look [wiki:BuildingTapWindows6 here].
= Setting up the Windows build computer =
First install a recent version of Windows DDK and [http://nsis.sourceforge.net NSIS].
Next clone the ''tap-windows'' repository, e.g. using ''Git Bash'':
{{{ $ cd /c/users/myuser $ git clone https://github.com/OpenVPN/tap-windows }}}
Now set some environment variables:
{{{ set DDK=c:\WINDDK\7600.16385.1 set DEVCON32=c:\WINDDK\7600.16385.1\tools\devcon\i386\devcon.exe set DEVCON64=c:\WINDDK\7600.16385.1\tools\devcon\amd64\devcon.exe set DEVCON_BASENAME=devcon.exe set SIGNTOOL=c:\WINDDK\7600.16385.1\bin\x86\signtool.exe set MAKENSIS=C:\Program Files (x86)\NSIS set OUTDIR=c:\users\myuser\tap-windows }}}
Some of these variables have sane default values, and you many not need to define all of them. If you use self-signed test certificates you also need these variables:
{{{ set CODESIGN_PKCS12=c:\Users\John\tap-windows\my-self-signed-certificate.p12 set CODESIGN_PASS=mypassphrase set CODESIGN_ISTEST=yes }}}
For paid-for software publisher certificates (SPC) you'd use something like this:
{{{ set CODESIGN_PKCS12="c:\Users\John\tap-windows\my-software-publisher-certificate.p12" set CODESIGN_PASS=mypassphrase set CODESIGN_ISTEST=no set CODESIGN_CROSS="C:\Users\John\tap-windows\ca-cross-certificate.crt" set CODESIGN_TIMESTAMP="http://timestamp.domain.com" }}}
If you imported the kernel-mode code-signing certicate using Internet Explorer, you can use ''certmgr.exe'' to export it in PFX (=PKCS12) format. Just make sure to include the private key in the file and to give it a sufficiently strong password, which you then define using ''CODESIGN_PASS'' variable. The CA cross certificate can be obtained from your CA and most likely needs no modifications. The URL for the timestamping service is CA-specific, but trivial to locate.
To simplify variable setting in the future, you can create a batch file with all the above commands and run it before running ''configure.bat''. For details on available environment variables see
{{{
configure --help }}}
= Building TAP-windows =
First you need to configure the tap-windows build to use the variables you defined. Do this from a Visual Studio command prompt:
{{{
configure }}}
This copies the variables to ''tap-windows\config-env.bat'' and various other places. All that's left is to build the tap-windows drivers:
{{{
build }}}
If you want to customize the build further, e.g. to build a custom TAP-Windows driver that can coexist with stock OpenVPN TAP-Windows driver, you can edit the ''version.m4'' or create a separate ''config-local.m4''. Any variables in ''config-local.m4'' should override those in ''version.m4''.
Finally, if you're generating an OpenVPN installer with the your modified TAP-Windows driver, put the TAP-Windows installer on a webserver and point the [wiki:BuildingUsingGenericBuildsystem OpenVPN cross-compile buildsystem] to it.
Choose IKEv2 as VPN option
Server Address: <ip address of server>
Remote ID: <dns name of server, must be configured in subject DistinguishedName or subjectAltName of cert>
Local ID: <can be set to anything>
In authentication settings, choose "Username": testuser/testpassword
Choose Cisco IPSec as VPN option
Server Address: <ip address of server>
Account Name: testuser
Account Password: testpassword
In authentication settings, choose Shared Secret: presharedsecretkey
Choose L2TP over IPSec as VPN option
Server Address: <ip address of server>
Account Name: testuser
In authentication settings, choose Password: testpassword
In authentication settings, choose Shared Secret: presharedsecretkey