首页 > *nix技术, 数据泄露, 网络安全 > 在Windows平台上用Visual Studio编译OpenVPN

在Windows平台上用Visual Studio编译OpenVPN

2013年10月31日 发表评论 阅读评论 5,990 次浏览

提醒:
根据官方github:https://github.com/OpenVPN/openvpn-build的提示,在Windows上编译OpenVPN不再被官方维护。
Note that this buildsystem is not actively maintained
anymore, and people are strongly encouraged to use the
cross-compile (mingw_w64) buildsystem instead.
所以,这篇文章未写完,我也暂时不关注了。

零,资源准备
1,操作系统
Windows XP SP3 or later versions are required. I cannot suggest you to install a clean system in a virtual machine.
Windows 7旗舰版(未注册) Service Pack 1,32位操作系统

2,Visual Studio开发环境
Express edition is OK and Professional is better. Note there is a small difference in the building procedure between Express edition and Professional / Premium / Ultimate editions. Express edition does not come with Microsoft Visual C++ 2010 Redistributable Package, you have to install it manually.
Visual Studio 2012(Ultimate版)

3,Windows Driver Kit
Windows Driver Kit is required to build the TUN/TAP driver.

http://www.microsoft.com/whdc/devtools/WDK/default.mspx

http://msdn.microsoft.com/en-US/windows/hardware/gg454513

http://msdn.microsoft.com/library/windows/hardware/ff557573

貌似需要翻墙才能打开
WDK有针对不同Windows版本的各种版本,我这里因为要测试Win XP,所以根据提示下载Windows Driver Kit Version 7.1.0:GRMWDK_EN_7600_1.ISO

http://www.microsoft.com/en-us/download/details.aspx?id=11800

4,Python
The new OpenVPN Windows build system is written in Python. Version 2.7 is fine. The Windows installer does not seem to add the python.exe to the PATH, so you need to do it manually.
下载:python-2.7.6rc1.msi

http://www.python.org/download/releases/2.7.6/

msi文件安装容易,安装好后,把python路径(我这里是C:\Python27)设置到系统的环境变量Path里,按ctrl+r,输入cmd后,再输入python,确保可进入python交换终端。

5,ActivePerl
ActivePerl is required to build OpenSSL, which in turn is required to build OpenVPN.
下载:ActivePerl-5.18.1.1800-MSWin32-x86-64int-297570.msi

http://www.activestate.com/activeperl/downloads

msi文件安装容易,并且在安装过程中可以看到,安装程序把安装路径(我这里是C:\Perl)自动加入到环境变量Path里了。

6,NASM assembler
Also required by OpenSSL. And you’ll need to add nasm.exe to PATH as well.
下载:nasm-2.10.09-installer.exe

http://www.nasm.us/

http://www.nasm.us/pub/nasm/releasebuilds/2.10.09/win32/

exe可执行程序,点击安装,把路径(我这里是C:\nasm)加到系统的环境变量Path里。

一,编译OpenSSL
First download OpenSSL from here(http://www.openssl.org/source/) and extract it somewhere. Using the latest one ensures there are no (known) security holes in OpenSSL or 1.0.0a if you want to apply the AES-NI(http://rt.openssl.org/Ticket/Display.html?id=2065&user=guest&pass=guest) patch. For the most part you can then follow the instructions in INSTALL.W32 and INSTALL.W64 files. Before you start, though, launch the Visual Studio Command Prompt (2010), which can be found from the Start menu. Unlike the standard command prompt it has all the paths to VC binaries set correctly.
下载:openssl-1.0.1e.tar.gz

http://www.openssl.org/source/

1,From within this command prompt you’ll first configure OpenSSL using the provided Perl script:
配置OpenSSL:
C:\Users\lenky>cd C:\openssl-1.0.1e
C:\openssl-1.0.1e>perl Configure VC-WIN32 –prefix=c:/openssl-1.0.1e

2,Some of the crypto routines are written in assembler to increase performance, so you need to/should use an assembler in the next step.
汇编加速:
C:\openssl-1.0.1e>ms\do_nasm

3,Next compile OpenSSL using the generated makefile:
根据makefile文件进行编译:
C:\openssl-1.0.1e>nmake -f ms\ntdll.mak
‘nmake’ 不是内部或外部命令,也不是可运行的程序
或批处理文件。
我已经安装Microsoft Visual Studio 2012了,还提示这个错误,原因是因为我是通过ctrl+r在输入cmd而开打的一个普通控制终端。
通过开始 -> 所有程序 -> Microsoft Visual Studio 2012 -> Visual Studio Tools -> VS2012 开发人员命令提示
打开VS2012自身提供的cmd终端,在执行命令即可:
C:\Program Files\Microsoft Visual Studio 11.0>cd c:\openssl-1.0.1e
c:\openssl-1.0.1e>nmake -f ms\ntdll.mak

OK。再进行测试和安装:
c:\openssl-1.0.1e>nmake -f ms\ntdll.mak test
c:\openssl-1.0.1e>nmake -f ms\ntdll.mak install

二,编译LZO
The LZO library(http://www.oberhumer.com/opensource/lzo/) is required to build OpenVPN. Once you’ve unpacked the source package, open the B/00README.txt file to get an overview of the Windows build process. If all goes well, you’ll only need to run one .bat file:
下载:lzo-2.06.tar.gz

http://www.oberhumer.com/opensource/lzo/download/?C=M;O=D

c:\openssl-1.0.1e>cd c:\lzo-2.06
c:\lzo-2.06>c:\lzo-2.06>B\win32\vc_dll.bat
...
正在生成代码...
//
// Building LZO was successful. All done.

生成的这些库还未安装,后续有用。
Note that this does not install lzo; in fact, you need to copy the relevant files to openvpn’s build directory manually as shown below.

三,编译pkcs11-helper
Download latest release of pkcs11-helper from http://www.opensc-project.org and extract it somewhere. The install process for Visual Studio is described in the INSTALL file.
下载:pkcs11-helper-master.zip,最后一次commit是Sep 14, 2013,比1.10高一点

https://github.com/OpenSC/pkcs11-helper

To build pkcs11-helper, do the following:
Go to pkcs11-helper-\lib.
Copy \lib\libeay32.lib to that directory – this is required by the linker.
C:\pkcs11-helper-1.07\lib> nmake -f Makefile.w32-vc OPENSSL=1 OPENSSL_HOME= OpenVPN is only interested is lib/libpkcs11-helper-1.dll and uses it when generating the NSI installer.

c:\lzo-2.06>cd c:\pkcs11-helper-master\lib
c:\pkcs11-helper-master\lib>copy c:\openssl-1.0.1e\lib\libeay32.lib .\
已复制         1 个文件。

c:\pkcs11-helper-master\lib>nmake -f Makefile.w32-vc OPENSSL=1 OPENSSL_HOME=c:\openssl-1.0.1e
Microsoft (R) 程序维护实用工具 11.00.50727.1 版
版权所有 (C) Microsoft Corporation。保留所有权利。

NMAKE : fatal error U1073: 不知道如何生成“versioninfo.res”
Stop.

这是什么错误?
NMAKE : fatal error U1073: don’t know how to make ‘versioninfo.res’
根据下面这个链接的内容来看:Re: compiling with visual studio

http://permalink.gmane.org/gmane.network.openvpn.devel/7261

It was somewhat of a mess, actually. Some download URLs are invalid, so appropriate replacements must be found. With pkcs11-helper, I had to copy an older zip from an older build of mine. Trying to get the current zip file from alon's or opensc repo on github yields the error:

NMAKE : fatal error U1073: don't know how to make 'versioninfo.res'

Correct me if I'm wrong, but to produce the versioninfo.res file one would need the versioninfo.rc file. But unfortunately the versioninfo.rc file is not here:

https://github.com/alonbl/pkcs11-helper/tree/pkcs11-helper-1.09/lib

There is the versioninfo.rc.in file in the same place, but the build requirements are Perl and VS10, so automake is not going to be available right?

原因貌似是必须要是vs2010编译环境,而我安装的是vs2012,一种解决方案是使用比较陈旧版本的pkcs11-helper,比如:

https://github.com/alonbl/pkcs11-helper/tree/pkcs11-helper-1.05

我测试了用pkcs11-helper-pkcs11-helper-1.05,这个错误是没有了,但又有其他错误,所以为了避免必要的麻烦,干脆直接用vs2010试试。结果很坑爹,还是同样的错误,看来我还是对Windows编程太白痴了。

偶然的发现,从这里下载:http://pkgs.fedoraproject.org/repo/pkgs/pkcs11-helper/
pkcs11-helper-1.10.tar.bz2,解压后里面竟然是带有versioninfo.rc文件的,看到从源码到包文件还是有一段距离的。
虽然我尝试了用VS2010进行编译还是出错,但看到有网友:在Windows下编译OpenVPN源码(原创) ,http://blog.csdn.net/nclhl/article/details/6539656,是用VD 6编译的,所以也装了个VC 6.0,试试编译,竟然无耻的成功了:
a,启动一个普通的cmd:

Microsoft Windows [版本 6.1.7601]
版权所有 (c) 2009 Microsoft Corporation。保留所有权利。

C:\Users\lenky>cd c:\pkcs11-helper-1.10\lib

c:\pkcs11-helper-1.10\lib>copy c:\openssl-1.0.1e\lib\libeay32.lib .
已复制         1 个文件。

b,加载VC6的环境,如果在安装时候勾选了Register Environment Variables,那么这一步可以省略:

c:\pkcs11-helper-1.10\lib>"c:\Program Files\Microsoft Visual Studio\VC98\Bin\VCVARS32.BAT"
Setting environment for using Microsoft Visual C++ tools.

c,执行编译:
[/c]
c:\pkcs11-helper-1.10\lib>nmake -f Makefile.w32-vc OPENSSL=1 OPENSSL_HOME=C:\openssl-1.0.1e

Microsoft (R) Program Maintenance Utility Version 6.00.8168.0
Copyright (C) Microsoft Corp 1988-1998. All rights reserved.

echo LIBRARY libpkcs11-helper-1 > pkcs11-helper-1.dll.def
echo EXPORTS >> pkcs11-helper-1.dll.def
type core.exports >> pkcs11-helper-1.dll.def
type certificate.exports >> pkcs11-helper-1.dll.def
type data.exports >> pkcs11-helper-1.dll.def
type slotevent.exports >> pkcs11-helper-1.dll.def
type token.exports >> pkcs11-helper-1.dll.def
type openssl.exports >> pkcs11-helper-1.dll.def
cl.exe @C:\Users\lenky\AppData\Local\Temp\nma04124.
pkcs11h-core.c
pkcs11h-certificate.c
pkcs11h-crypto.c
_pkcs11h-crypto-cryptoapi.c
pkcs11h-data.c
pkcs11h-mem.c
pkcs11h-openssl.c
pkcs11h-serialization.c
pkcs11h-session.c
pkcs11h-slotevent.c
pkcs11h-sys.c
pkcs11h-threading.c
pkcs11h-token.c
pkcs11h-util.c
Generating Code…
rc.exe -I../include -IC:\openssl-1.0.1e\include -DENABLE_PKCS11H_OPENSSL
-DWIN32 -DWIN32_LEAN_AND_MEAN -D_MBCS -D_CRT_SECURE_NO_DEPRECATE -D_WIN32_WINNT
=0x0400 -DNDEBUG versioninfo.rc
link.exe @C:\Users\lenky\AppData\Local\Temp\nmb04124.
Creating library libpkcs11-helper-1.lib and object libpkcs11-helper-1.exp
move libpkcs11-helper-1.lib pkcs11-helper.dll.lib
移动了 1 个文件。
lib.exe @C:\Users\lenky\AppData\Local\Temp\nmc04124.
[/c

四,编译OpenVPN
下载:openvpn-2.3.2.tar.gz

http://swupdate.openvpn.org/community/releases/openvpn-2.3.2.tar.gz

https://codeload.github.com/OpenVPN/openvpn-build/zip/master

完全参考:

http://d.ream.at/build-openvpn-2-2-0-with-visual-studio-2010/

https://community.openvpn.net/openvpn/wiki/BuildingOnWindows

转载请保留地址:http://www.lenky.info/archives/2013/10/2369http://lenky.info/?p=2369


备注:如无特殊说明,文章内容均出自Lenky个人的真实理解而并非存心妄自揣测来故意愚人耳目。由于个人水平有限,虽力求内容正确无误,但仍然难免出错,请勿见怪,如果可以则请留言告之,并欢迎来讨论。另外值得说明的是,Lenky的部分文章以及部分内容参考借鉴了网络上各位网友的热心分享,特别是一些带有完全参考的文章,其后附带的链接内容也许更直接、更丰富,而我只是做了一下归纳&转述,在此也一并表示感谢。关于本站的所有技术文章,欢迎转载,但请遵从CC创作共享协议,而一些私人性质较强的心情随笔,建议不要转载。

法律:根据最新颁布的《信息网络传播权保护条例》,如果您认为本文章的任何内容侵犯了您的权利,请以Email或书面等方式告知,本站将及时删除相关内容或链接。

  1. 本文目前尚无任何评论.
  1. 本文目前尚无任何 trackbacks 和 pingbacks.