I've wanted for some time to create my own custom installer for the Windows OpenVPN client. Up until now we've told clients to download the software and then given them the certificates and configuration files they needed along with instructions on how to install them. But some people still end up unable to use the VPN, which means more support calls for us.
So a custom openvpn installer that put all the certs, config files, etc. in the right place means it should "just work". Plus then we could create custom shortcuts/icons that would automatically connect rather than what happens now, which is folks start the GUI and nothing appears to happen. You need to right-click on the icon in the taskbar bar (which looks a lot like the other network icons) and choose "Connect".
I tried once before last fall, getting the openvpn sources and attempting to compile it on Windows. But I gave up looking at all the prerequistics I had to install, especially the Windows Driver Kit. All I want is to take the files that are there in the OpenVPN installer and repackage them a bit. I don't want to compile new versions or change anything other than include some extra files and shortcuts.
There are nicely packaged zip files for doing exactly that for older versions of openvpn here. But we need a newer version for the Vista fixes.
Fortunately I recently found this post which got me started.
I used 7zip instead of "Total Commander" to extract the files from the openvpn 2.1.1 installer, but other than that I followed his instructions pretty closely. It still took a while to get everything in the right place because some of the file names and file locations have changed between 2.1_rcX and 2.1.1, but eventually I got everything in the right place so NSIS can create an installer. I edited the NSIS install script to include our certificates and config files, changed around some shortcuts, and everything works just like I had hoped! :-)
If you're interested in rolling your own installer for openvpn 2.1.1, then I've attached a zip file of my installer sources to this blog. To roll your own you'll need to
- Download the installer sources from the "Attachments" section at the bottom of this post and unzip them somewhere on your system.
- Download and install NSIS (Nullsoft Scriptable Install System) from here.
- In the installer sources you unzipped, include any files you want to include and then edit "install-win32\openvpn.nsi" and make any changes that you like.
- Run NSIS to compile a new openvpn 2.1.1 installer.
A few notes:
- I built the installer sources on XP and we've only tested this on XP and Vista (both 32-bit). Both work well, but other than that I don't know if it will work.
- This is ONLY the installer sources. You can't compile from these. You'll need the full openvpn sources to compile. But if all you want to do is create your own custom installer, this should work. (Let me know if doesn't; maybe we can fix it.)
- This uses the openvpn gui from openvpn.se which is included in the openvpn source. The openvpn.nsi installer script references a new XGUI, but the binary was not included in the openvpn installer that I used to extract the files from, so I've not enabled it.
| Attachment | Size |
|---|---|
| openvpn-2.1.1-installer-sources.zip | 1.76 MB |
Navigation
Search
Recent blog posts
- Installing OpenVPN on Ubuntu Natty
- apt-get remove old modules errors
- Cloning Drupal Sub-site
- GnuTLS error with FileZilla and vsftpd
- Installing grub on multiple drives
- Finding the fastest Debian repository
- Changing the console resolution in Grub2
- Lightning calendar plugin for x86_64
- Adding a CAPTCHA to a webform in Drupal
- Our High-Availability Setup
Comments
Fail to run NSIS file :
Hello,
Referring to your site guidance, I downloaded everything. Withut changing anything just tried to run openvpn.nsi script from /install-win32 by right clicking and selecting "Compile NSIS Script". This is the result that I get :
Processing script file: "C:\MinGW\msys\1.0\home\Admin\openvpn-2.1_rc22\install-win32\openvpn.nsi"
SetCompressor: lzma
!include: "C:\NSIS\Include\MUI.nsh"
!include: "C:\NSIS\Contrib\Modern UI\System.nsh"
NSIS Modern User Interface version 1.8 - Copyright 2002-2009 Joost Verburg (C:\NSIS\Contrib\Modern UI\System.nsh:8)
!define: "MUI_INCLUDED"=""
!define: "MUI_SYSVERSION"="1.8"
!define: "MUI_VERBOSE"="3"
!include: closed: "C:\NSIS\Contrib\Modern UI\System.nsh"
!include: closed: "C:\NSIS\Include\MUI.nsh"
!include: could not find: "defs.nsi"
Error in script "C:\MinGW\msys\1.0\home\Admin\openvpn-2.1_rc22\install-win32\openvpn.nsi" on line 14 -- aborting creation process
defs.nsi is already present in gen-prebuilt folder. I have added C:\MinGW\bin, C:\MinGW\msys\1.0\bin and C:\MinGW\msys\1.0\home\Admin to path.
Can you tell why it cuoldn't find the "defs.nsi". Am I missing anything or any settings ?
One more question, how do I build the "domake-win" file present in openvpn-2.1_rc folder. I fuond that to recompile openvpn with any new changes, we got to make changes in settings.in and run domake-win script at http://article.gmane.org/gmane.network.openvpn.user/22590. But, couldn't make out how to run the domake-win script.
I hope you can help me out. Have spend almost whole day trying to build as you have instructed, but just couldn't make it.
Thanks
Terry
prebuilt binaries
Since it looks like you are using the prebuilt binaries from "http://openvpn.net/prebuilt/", I wouldn't bother with the source tarball. Start with the openvpn.nsi script in the "gen-prebuilt/nsi" directory instead of the one in the source tarball. If you right-click on that script and choose "Compile NSIS script", I imagine it will build; it did for me. You can edit that to add what you want to your custom installer.
I'd never heard of the 'domake-win' script before you mentioned it, but it looks pretty handy. Unfortunately, the prebuilt binaries are pretty old - 2.1_rc22. So I'll stick with manual extraction and creation described here - http://darkness.codefu.org/wordpress/2007/06/disgusting-way-to-roll-your....
How to include certificate and key
Hello Jeff, thanks for your tutorial, I have some question, how to add certificate and key which include with nsis script,
How to include files in installer
You need to put any files you want to include into the installer sources and then edit the NSIS script to copy those files when installing.
So I create a folder called "config" in the installer sources. Then I put all the files I want to include into that folder. So let's say I want to include a file called "ca.crt". I copy the "ca.crt" file into the "config" directory I created in the NSIS installer sources. Then I edit the NSIS installer script - "install-win32/openvpn.nsi". Find the section in the installer which copies the config files. The section is labeledSection "${PRODUCT_NAME} Service" SecServiceUnderneath the line in that section which says SetOutPath "$INSTDIR\config"add a line to copy your file. So to copy the "ca.crt" file to the openvpn config directory I add the line
File "${GEN}\config\ca.crt"This copies the "ca.crt" file I included in the installer into the openvpn configuration directory.Do the same thing for any configuration/certificate files you want to install along with the program. Add the files to the installer sources and then add a line in the installer script to copy that file to the configuration directory of openvpn.
enable-password-save
I want openvpn 2.1.1
-- enable-password-save
-- tap 0901
openvpn.se ==> There are no updates available
Where find install_packages_source?
Please Help me
sekchel@gmail.com
Latest OpenVPN Sources
The latest openvpn sources can always be found at the openvpn site - http://openvpn.net/index.php/open-source/downloads.html
Hello My error
!define PRODUCT_NAME "mycomvpn"
!define PRODUCT_UNIX_NAME "mycomvpn"
rename mycomvpn.exe mycomvpnserver.exe
install..............
click desktop icon mycomvpn
Error opening registry for reading (HKLM\SOFTWARE\OpenVPN). OpenVPN is probably not installed
PRODUCT_NAME
If you redefine PRODUCT_NAME, then you need to recompile the program to look for its registry entries in the new key name.
If you don't want to do that, then you can go through the installer and replace all the "SOFTWARE\${PRODUCT_NAME}" lines with "SOFTWARE\OpenVPN" since that seems to be what it's looking for. Maybe that will be enough. But maybe not - I've not tried it.
OTL ....
Dear jeff
I'm very sorry.
I'm why not?
please post again
rebuild openvpn-2.1.1-installer-sources.zip
option
--enable-password-save
and
!define PRODUCT_NAME "Variable"
Thank very much
You must recompile openvpn
If you want openvpn with the "--enable-password-save" option, you must recompile OpenVPN itself. The version I am using here does NOT have that option.
What I have posted is only the Windows installer. You cannot change any of the openvpn options with the installer; you have to recompile the program itself in order to do that. All these "sources" do is allow you to change the installer options, not the program options.
You need to download the openvpn sources from the openvpn site listed in the above message and recompile it with the options you want. You same is true if you want to change the product name. You cannot make those changes only in the installer. You must also make them in the openvpn binary itself.