Topic Overview
------------------

1.) Introduction
2.) Prerequisites
3.) Build Machine Setup
4.) Build OpenSSL v1.1.1m
5.) Build LZO v2.10 DLL
6.) Build PKCS11-Helper v1.28 DLL
7.) Build OpenVPN v2.5.4 include files
8.) Build OpenVPN v2.5.4
9.) Build OpenVPN-GUI v11.26 include files
10.) Build OpenVPN-GUI v11.26
11.) Build TAP-Driver v9.9.2
12.) Build NSIS-Installer
13.) OpenVPN configuration file changes for Windows XP
14.) Test if OpenVPN is working correctly
15.) OpenVPN v2.5.4 Windows XP SP3 bug
16.) Version and download link

1.) Introduction
-------------------

OpenVPN v2.3.18 was the last version that officially supports Windows XP and Windows Server 2003. We lately had the need to use the newer version 2.5.4 of OpenVPN to support stronger data ciphers like AES-256-CBC. Therefore we decided to rebuild the whole package from the ground up to make it compatible with Windows XP and Windows Server 2003. The following article describes in detail how you can rebuild OpenVPN v2.5.4 for use on these older operating systems. The build process was a long journey, because it seems that all official build instructions are partly useless and lead to a dead end most of the time. For example the official instructions state that OpenVPN for Windows is cross compiled on Linux, which is not true at all. We checked the binary and can say for sure that it is a native Windows Visual Studio build!

The benefits of this new version include:

support of stronger data ciphers like AES-256-CBC
new TAP-Driver with a network speed of 1 GBit/s instead of 10 MBit/s
severe bug on Windows XP SP3 solved where we can't connect to the VPN server

If you don't care about the build steps simply install OpenVPN v2.5.4 on Windows XP and Windows Server 2003 by running the installer package "OpenVPN-v2.5.4.exe" in the root of this archive.

Important: The following steps to build OpenVPN can be done completely in offline mode. You do not need an internet connection at all.

2.) Prerequisites
--------------------

We included all prerequisite packages in the download archive with the exception of the operating system, compiler suite and an unpacker for 7-Zip archives. We used the following listed packages to build the dependencies.

OpenSSL v1.1.1m

Operating System: Windows 10 x64 Build 21H2
Compiler Suite: Visual Studio 2019
OpenSSL_v1.1.1m\ActivePerl-5.20.2.2002-MSWin32-x86-64int-299195.msi
OpenSSL_v1.1.1m\dmake-4.11.20080107.ppd
OpenSSL_v1.1.1m\dmake-4.11.20080107.tar.gz
OpenSSL_v1.1.1m\nasm-2.15.05-installer-x86.exe
OpenSSL_v1.1.1m\openssl-v1.1.1m.7z

LZO v2.10 DLL

Operating System: Windows 10 x64 Build 21H2
Compiler Suite: Visual Studio 2019
LZO_v2.10\lzo-2.10.7z

PKCS11-Helper v1.28 DLL

Operating System: Windows 10 x64 Build 21H2
Compiler Suite: Visual Studio 2019
PKCS11-Helper_v1.28.0\pkcs11-helper-1.28.0.7z

OpenVPN v2.5.4 include files

Operating System: Windows 10 x64 Build 21H2
Compiler Suite: Visual Studio 2019
OpenVPN_v2.5.4\openvpn-2.5.4.7z

OpenVPN v2.5.4

Operating System: Windows 10 x64 Build 21H2
Compiler Suite: Visual Studio 2019
OpenVPN_v2.5.4\block_dns.c
OpenVPN_v2.5.4\config-msvc-version.h
OpenVPN_v2.5.4\openvpn-2.5.4.7z
OpenVPN_v2.5.4\route.c
OpenVPN_v2.5.4\tap-windows.h
OpenVPN_v2.5.4\tap-windows-master_for_XP.7z
OpenVPN_v2.5.4\tun.c
OpenVPN_v2.5.4\versionhelpers.h

OpenVPN-GUI v11.26 include files

Operating System: Windows 10 x64 Build 21H2
Compiler Suite: Visual Studio 2019
MSYS2\msys2-i686-20160205.exe
MSYS2\packages_20160205.7z
OpenVPN-GUI_v11.26\openvpn-gui-11.7z

OpenVPN-GUI v11.26

Operating System: Windows 10 x64 Build 21H2
Compiler Suite: Visual Studio 2019
OpenVPN-GUI_v11.26\config.h
OpenVPN-GUI_v11.26\openvpn-gui-11.7z
OpenVPN-GUI_v11.26\versionhelpers.h

TAP-Driver v9.9.2

Operating System: Windows XP SP3 or Windows Server 2003 R2 SP2
Compiler Suite: Windows Driver Development Kit v7.1.0 (7600.16385.1)
NSIS-Installer\nsis-2.50-setup.exe
TAP-Driver_v9.9.2\tap-windows-master_for_XP.7z

NSIS-Installer for OpenVPN v2.5.4

Operating System: Windows XP SP3 or Windows Server 2003 R2 SP2
NSIS-Installer\nsis-2.50-setup.exe
NSIS-Installer\openvpn.nsi
NSIS-Installer\openvpn-build-release-2.3.7z
NSIS-Installer\OpenVPN-v2.3.18_last_version_for_XP.exe
NSIS-Installer\VC-Redistributable_v14.27.29114.0_x86.exe

3.) Build Machine Setup
---------------------------

We need two machines for building OpenVPN v2.5.4. The first one with "Windows XP SP3 x86" or "Windows Server 2003 R2 SP2 x86" and "Windows Driver Development Kit v7.1.0 (7600.16385.1)", the second one with "Windows 10 x64 Build 21H2" and "Visual Studio Enterprise 2019 Version 16.0.1". On both machines we need an unpacker for 7-Zip archives.

Packages build on first machine

TAP-Driver v9.9.2
NSIS-Installer for OpenVPN v2.5.4

Packages build on second machine

OpenSSL v1.1.1m
LZO v2.10 DLL
PKCS11-Helper v1.28 DLL
OpenVPN v2.5.4 include files
OpenVPN v2.5.4
OpenVPN-GUI v11.26 include files
OpenVPN-GUI v11.26

Install Visual Studio 2019 on the second machine with the following workloads:

Desktop development with C++
on the "Installation details" on the right side check:

MSVC v141 - VS 2017 C++ x64/x86 build tools (v14.16)

choose tab "Individual components" and select the following on the left side under the category "Compilers, build tools, and runtimes":

C++ Windows XP Support for VS 2017 (v141) tools [Deprecated]

4.) Build OpenSSL v1.1.1m
------------------------------

Operating System: Windows 10 x64 Build 21H2
Compiler Suite: Visual Studio 2019
install "OpenSSL_v1.1.1m\ActivePerl-5.20.2.2002-MSWin32-x86-64int-299195.msi" to "C:\Perl"
install "OpenSSL_v1.1.1m\nasm-2.15.05-installer-x86.exe" to "C:\Program Files (x86)\NASM"
copy "OpenSSL_v1.1.1m\dmake-4.11.20080107.ppd" to "C:\dmake-4.11.20080107.ppd"
copy "OpenSSL_v1.1.1m\dmake-4.11.20080107.tar.gz" to "C:\dmake-4.11.20080107.tar.gz"
unpack "OpenSSL_v1.1.1m\openssl-v1.1.1m.7z" to "C:\openssl-v1.1.1m"
to build the shared release version open an administrative command prompt and type the following commands:

REM change directory to root of drive C:
cd C:\

REM install DMAKE Perl package
ppm install dmake-4.11.20080107.ppd

REM run VS2019 x86 command line and set correct variables
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvars32.bat"

REM add NASM assembler to path variable
set "PATH=C:\Program Files (x86)\NASM;%PATH%"

REM change current directory to OpenSSL source code directory
cd C:\openssl-v1.1.1m

REM We have to use the configure parameter "-D_WIN32_WINNT=0x0501" for Windows XP and Windows
REM Server 2003.
perl Configure VC-WIN32 -D_WIN32_WINNT=0x0501 --prefix=C:\openssl-v1.1.1m-shared

REM starts the build process and compiles all OpenSSL libraries and files
nmake

REM tests the inner workings of the OpenSSL libraries, this should be run mandatory to be sure
REM that everything works as designed later on
nmake test

REM After this command the installation can be found in the directory "C:\Program Files\OpenSSL".
nmake install

After these steps the OpenSSL files will be present in the directory which you specified with the "--prefix" parameter for the perl Configure command. In our case the shared release DLLs of OpenSSL are present in the directory "C:\openssl-v1.1.1m-shared". The include files we need are placed in "C:\openssl-v1.1.1m-shared\include\openssl". The library files we need are placed in "C:\openssl-v1.1.1m-shared\lib". We packed the complete directory into the included archive named "OpenSSL_v1.1.1m\openssl-v1.1.1m-shared.7z".

5.) Build LZO v2.10 DLL
--------------------------

Operating System: Windows 10 x64 Build 21H2
Compiler Suite: Visual Studio 2019
unpack "LZO_v2.10\lzo-2.10.7z" to "C:\lzo-2.10"
to build the DLL release version open an administrative command prompt and type the following commands:

REM run VS2019 x86 command line and set correct variables
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvars32.bat"
  
REM change current directory to LZO source code directory
cd C:\lzo-2.10
  
REM This will build the shared DLLs.
B\win32\vc_dll.bat

We packed the complete directory into the included archive named "LZO_v2.10\lzo-2.10-shared-DLL.7z".

6.) Build PKCS11-Helper v1.28 DLL
--------------------------------------

Operating System: Windows 10 x64 Build 21H2
Compiler Suite: Visual Studio 2019
unpack "PKCS11-Helper_v1.28.0\pkcs11-helper-1.28.0.7z" to "C:\pkcs11-helper-1.28.0"
to build the DLL release version open an administrative command prompt and type the following commands:

REM run VS2019 x86 command line and set correct variables
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvars32.bat"
  
REM change current directory to PKCS11-Helper source code directory
cd C:\pkcs11-helper-1.28.0\lib
  
REM starts the build process and compiles the PKCS11-Helper library
nmake -f Makefile.w32-vc OPENSSL=1 OPENSSL_HOME=C:\openssl-v1.1.1m-shared

We packed the complete directory into the included archive named "PKCS11-Helper_v1.28.0\pkcs11-helper-1.28.0-shared-DLL.7z". The DLL we use is located at "PKCS11-Helper_v1.28.0\pkcs11-helper-1.28.0-shared-DLL.7z\lib\libpkcs11-helper-1.dll".

7.) Build OpenVPN v2.5.4 include files
-----------------------------------------

The include file config-msvc-version.h is auto generated by the Visual Studio solution of OpenVPN. The standard OpenVPN source code does not include this file, which is absolutely necessary to build OpenVPN. In the following steps we describe how to generate the include file config-msvc-version.h. The generated include file by this procedure is already present in the directory "OpenVPN_v2.5.4".

Operating System: Windows 10 x64 Build 21H2
Compiler Suite: Visual Studio 2019
unpack "OpenVPN_v2.5.4\openvpn-2.5.4.7z" to "C:\openvpn-2.5.4"
to build the file "config-msvc-version.h" open an administrative command prompt and type the following commands:

REM change current directory to OpenVPN msvc-generate source code directory
cd C:\openvpn-2.5.4\build\msvc\msvc-generate

REM run the java script file with parameters
cscript //Nologo msvc-generate.js --config="C:\openvpn-2.5.4\version.m4" --input="C:\openvpn-2.5.4\config-msvc-version.h.in" --output="C:\openvpn-2.5.4\config-msvc-version.h"

After these steps the resulting file is located at "C:\openvpn-2.5.4\config-msvc-version.h".

Pay attention: This file does contain errors! It seems the PRODUCT_VERSION_PATCH has a wrong value of ".4" instead of simply "4". Therefore also the PACKAGE_VERSION and PRODUCT_VERSION are wrong and have both the value "2.5..4". This error is triggered by the file "C:\openvpn-2.5.4\version.m4" which has the following define:

define([PRODUCT_VERSION_PATCH], [.4])

If we correct this line and remove the point, we get another error in the config-msvc-version.h file. After this change the PACKAGE_STRING is "OpenVPN 2.54", which is missing a point, but both the PACKAGE_VERSION and PRODUCT_VERSION are correct. We already corrected these errors manually in the included file "OpenVPN_v2.5.4\config-msvc-version.h".

The file tap-windows.h is copied from the archive "OpenVPN_v2.5.4\tap-windows-master_for_XP.7z\src\tap-windows.h". The file versionhelpers.h is copied from the Windows 10 SDK version 10.0.17763.0 which comes with Visual Studio 2019. We slightly modified it to make it work without additional include files like winapifamily.h. The original file is located at "C:\Program Files (x86)\Windows Kits\10\Include\10.0.17763.0\um\VersionHelpers.h" after Visual Studio 2019 is installed.

8.) Build OpenVPN v2.5.4
----------------------------

Operating System: Windows 10 x64 Build 21H2
Compiler Suite: Visual Studio 2019
unpack "OpenVPN_v2.5.4\openvpn-2.5.4.7z" to "C:\openvpn-2.5.4"
start Visual Studio 2019 > Create a new project > Empty Project > Next >

copy all files and directories from "C:\openvpn-2.5.4\src\openvpn" to "C:\Users\Public\openvpn"
Do not overwrite the files "openvpn.vcxproj" and "openvpn.vcxproj.filters".
delete the following files from the directory "C:\Users\Public\openvpn":

copy the file "C:\openvpn-2.5.4\config-msvc.h" to "C:\Users\Public\openvpn"
copy the file "C:\openvpn-2.5.4\include\openvpn-msg.h" to "C:\Users\Public\openvpn"
copy the file "C:\openvpn-2.5.4\include\openvpn-plugin.h" to "C:\Users\Public\openvpn"
copy the file "OpenVPN_v2.5.4\block_dns.c" to "C:\Users\Public\openvpn" and overwrite the existing file
copy the file "OpenVPN_v2.5.4\config-msvc-version.h" to "C:\Users\Public\openvpn"
copy the file "OpenVPN_v2.5.4\route.c" to "C:\Users\Public\openvpn" and overwrite the existing file
copy the file "OpenVPN_v2.5.4\tap-windows.h" to "C:\Users\Public\openvpn"
copy the file "OpenVPN_v2.5.4\tun.c" to "C:\Users\Public\openvpn" and overwrite the existing file
copy the file "OpenVPN_v2.5.4\versionhelpers.h" to "C:\Users\Public\openvpn"
copy "C:\openssl-v1.1.1m-shared" to "C:\Users\Public\openvpn\OpenSSL_v1.1.1m"
delete the following directories:

copy "C:\lzo-2.10" to "C:\Users\Public\openvpn\lzo-2.10"
delete all files and directories in the folder "C:\Users\Public\openvpn\lzo-2.10" except "include", "lzo2.dll" and "lzo2.lib"
copy "C:\pkcs11-helper-1.28.0" to "C:\Users\Public\openvpn\pkcs11-helper-1.28.0"
delete all files and directories in the folder "C:\Users\Public\openvpn\pkcs11-helper-1.28.0" except "include" and "lib"
delete the following files:

delete all files in the folder "C:\Users\Public\openvpn\pkcs11-helper-1.28.0\lib" except "libpkcs11-helper-1.dll" and "pkcs11-helper.dll.lib"
in VS2019 Solution Explorer right click on openvpn "Header Files" > Add > Existing Item... > in the "File name" field enter "*.h" and press Enter > select first header file press Shift and click on the last header file > Add
right click on openvpn "Resource Files" > Add > Existing Item... > select "openvpn_win32_resources.rc" > Add
right click on openvpn "Source Files" > Add > Existing Item... > in the "File name" field enter "*.c" and press Enter > select first C source file press Shift and click on the last C source file > Add
in Solution Explorer right click on "Solution 'openvpn' (1 project)" > Add > New Project... > Empty Project > Next >

copy all files from "C:\openvpn-2.5.4\src\compat" to "C:\Users\Public\compat"
delete the following files from the directory "C:\Users\Public\compat":

copy the file "C:\openvpn-2.5.4\config-msvc.h" to "C:\Users\Public\compat"
copy the file "OpenVPN_v2.5.4\config-msvc-version.h" to "C:\Users\Public\compat"
in VS2019 Solution Explorer right click on compat "Header Files" > Add > Existing Item... > in the "File name" field enter "*.h" and press Enter > select first header file press Shift and click on the last header file > Add
right click on compat "Source Files" > Add > Existing Item... > in the "File name" field enter "*.c" and press Enter > select first C source file press Shift and click on the last C source file > Add
in Solution Explorer select compat > Menu > Project > Properties > choose Configuration: All Configurations > Platform: All Platforms and change the following values:

Platform Toolset: Visual Studio 2017 - Windows XP (v141_xp)
Configuration Type: Static library (.lib)

Preprocessor Definitions > choose arrow > <Edit...> > enter

Additional Options > enter

Generate Manifest: No (/MANIFEST:NO)

open the file "C:\Users\Public\compat\config-msvc.h" and change code line 1 from

#include <config-msvc-version.h>

#include "config-msvc-version.h"

#define _WIN32_WINNT_VISTA 0x0600

to solve the warning "Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio." do the following steps:

in Solution Explorer select openvpn > Menu > Project > Properties > choose Configuration: All Configurations > Platform: All Platforms and change the following values:

Platform Toolset: Visual Studio 2017 - Windows XP (v141_xp)

Include Directories > choose arrow > <Edit...> > choose a new line for every value listed here > enter

Library Directories > choose arrow > <Edit...> > choose a new line for every value listed here > enter

Warning Level: Level2 (/W2)

Preprocessor Definitions > choose arrow > <Edit...> > enter

Additional Options > enter

Additional Dependencies > choose arrow > <Edit...> > enter

Generate Manifest: No (/MANIFEST:NO)

in Solution Explorer select openvpn > Menu > Project > Project Dependencies... > tab Dependencies > Project: choose openvpn > Depends on: check compat > OK
open the file "C:\Users\Public\openvpn\config-msvc.h" and change code line 1 from

#include <config-msvc-version.h>

#include "config-msvc-version.h"

#define _WIN32_WINNT_VISTA 0x0600

open file "C:\Users\Public\openvpn\tun.h" and change the code line 29 from

#include <tap-windows.h>

#include "tap-windows.h"

open file "C:\Users\Public\openvpn\win32.c" and change the code line 50 from

#include <versionhelpers.h>

#include "versionhelpers.h"

open file "C:\Users\Public\openvpn\syshead.h" and change the code line 586 from

#define ENABLE_CRYPTOAPI

//#define ENABLE_CRYPTOAPI

open file "C:\Users\Public\openvpn\console_systemd.c" and change the code line 30 from

#include "config.h"

//#include "config.h"

open file "C:\Users\Public\openvpn\ssl_ncp.h" and change code line 53 from

check_pull_client_ncp(struct context *c, int found);

check_pull_client_ncp(struct context *c, const int found);

open file "C:\Users\Public\openvpn\auth_token.c" and change code line 62 from

const char *state;

const char *state = "Invalid";

open file "C:\Users\Public\openvpn\pkcs11-helper-1.28.0\include\pkcs11-helper-1.0\pkcs11.h" and change code line 1213 from

struct ck_interface **interface,

struct ck_interface **Interface,

to solve the warning "Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio." do the following steps:

choose Menu > Build > Configuration Manager... > Active solution configuration: Release > Active solution platform: x86 > Close
in Solution Explorer select compat > Menu > Project > Properties > choose Configuration: Active(Release) > Platform: Active(Win32) and change the following values:

Optimization: Maximum Optimization (Favor Size) (/O1)
Enable Intrinsic Functions: No
Favor Size Or Speed: Favor small code (/Os)

in Solution Explorer select openvpn > Menu > Project > Properties > choose Configuration: Active(Release) > Platform: Active(Win32) and change the following values:

Optimization: Maximum Optimization (Favor Size) (/O1)
Enable Intrinsic Functions: No
Favor Size Or Speed: Favor small code (/Os)

Generate Debug Info: No

choose Menu > Build > Rebuild Solution

We can now compile the debug and release configuration for Windows XP without any errors or warnings. The final source code package is located at "OpenVPN_v2.5.4\openvpn_v2.5.4_20220123_for_XP.7z".

9.) Build OpenVPN-GUI v11.26 include files
----------------------------------------------

The include file config.h is auto generated on Linux platforms. The standard OpenVPN-GUI source code does not include this file, which is absolutely necessary to build the OpenVPN-GUI. In the following steps we describe how to generate the include file config.h. The generated include file by this procedure is already present in the directory "OpenVPN-GUI_v11.26".

Operating System: Windows 10 x64 Build 21H2
Compiler Suite: Visual Studio 2019
install "MSYS2\msys2-i686-20160205.exe" to "C:\msys32" > uncheck "Run MSYS2 32 bit now." after installation is finished > Finish

Attention

unpack "MSYS2\packages_20160205.7z" to "C:\packages_20160205"
copy all packages from "C:\packages_20160205\all-in-one" directory to "C:\msys32\var\cache\pacman\pkg" directory
run "C:\msys32\mingw32_shell.bat" as Administrator
run the following command in MINGW32 shell:

pacman -S autoconf automake libtool make mingw-w64-i686 mingw-w64-i686-toolchain mingw-w64-x86_64 mingw-w64-x86_64-toolchain nasm pkg-config

now we can delete all files in the directory "C:\msys32\var\cache\pacman\pkg"
unpack "OpenVPN-GUI_v11.26\openvpn-gui-11.7z" to "C:\msys32\home\UserName\openvpn-gui"
run the following commands in MINGW32 shell:

cd openvpn-gui
autoreconf -i -v
./configure --prefix=/ --host=i686-w64-mingw32 --build=i686-pc-mingw32 --program-prefix='' OPENSSL_CRYPTO_CFLAGS="-I /home/UserName/openssl-v1.1.1m/include/" OPENSSL_CRYPTO_LIBS="-L /home/UserName/openssl-v1.1.1m/lib/ -lcrypto"

It does not matter if the OpenSSL directory is present or not for the configure command. After this configure command the file "C:\msys32\home\UserName\openvpn-gui\config.h" is created. If we only want to build the OpenVPN-GUI on Visual Studio 2019 we can stop here. It is recommended to stop here an not try to build the OpenVPN-GUI with MSYS2, because even if we would manage to get a working executable this is at least double the size of the Windows executable build with Visual Studio 2019.

The file versionhelpers.h is copied from the Windows 10 SDK version 10.0.17763.0 which comes with Visual Studio 2019. We slightly modified it to make it work without additional include files like winapifamily.h. The original file is located at "C:\Program Files (x86)\Windows Kits\10\Include\10.0.17763.0\um\VersionHelpers.h" after Visual Studio 2019 is installed.

10.) Build OpenVPN-GUI v11.26
----------------------------------

Operating System: Windows 10 x64 Build 21H2
Compiler Suite: Visual Studio 2019
unpack "OpenVPN-GUI_v11.26\openvpn-gui-11.7z" to "C:\openvpn-gui"
start Visual Studio 2019 > Create a new project > Empty Project > Next >

copy all files and directories from "C:\openvpn-gui" to "C:\Users\Public\openvpn-gui"
delete the following files from the directory "C:\Users\Public\openvpn-gui":

move all files from the directory "C:\Users\Public\openvpn-gui\res" to "C:\Users\Public\openvpn-gui"
delete the directory "C:\Users\Public\openvpn-gui\res"
copy the file "OpenVPN-GUI_v11.26\config.h" to "C:\Users\Public\openvpn-gui"
copy the file "OpenVPN-GUI_v11.26\versionhelpers.h" to "C:\Users\Public\openvpn-gui"
delete the directory "C:\OpenSSL_v1.1.1m" if it is present
unpack "OpenSSL_v1.1.1m\openssl-v1.1.1m-shared.7z" to "C:\OpenSSL_v1.1.1m"
copy "C:\OpenSSL_v1.1.1m" to "C:\Users\Public\openvpn-gui\OpenSSL_v1.1.1m"
delete the following directories:

in VS2019 Solution Explorer right click on openvpn-gui "Header Files" > Add > Existing Item... > in the "File name" field enter "*.h" and press Enter > select first header file press Shift and click on the last header file > Add
right click on "Resource Files" > Add > Existing Item... > select "openvpn-gui-res.rc" > Add
right click on "Source Files" > Add > Existing Item... > in the "File name" field enter "*.c" and press Enter > select first C source file press Shift and click on the last C source file > Add
in Solution Explorer select openvpn-gui > Menu > Project > Properties > choose Configuration: All Configurations > Platform: All Platforms and change the following values:

Platform Toolset: Visual Studio 2017 - Windows XP (v141_xp)
Character Set: Use Unicode Character Set

Include Directories > choose arrow > <Edit...> > choose New Line > enter

Library Directories > choose arrow > <Edit...> > choose New Line > enter

Preprocessor Definitions > choose arrow > <Edit...> > enter

Additional Options > enter

Additional Dependencies > choose arrow > <Edit...> > enter

Generate Manifest: No (/MANIFEST:NO)

SubSystem: Windows (/SUBSYSTEM:WINDOWS)

Additional Options > enter

Menu > Build > Rebuild Solution > Menu > View > Error List
click on all errors "Cannot open include file: 'config.h': No such file or directory" and change the line from

#include <config.h>

#include "config.h"

click on all errors "'wcstok': too few arguments for call" and change the first code location from

pch = wcstok(buf, L"\r\n");

wchar_t *state;
pch = wcstok(buf, L"\r\n", &state);

pch = wcstok(NULL, L"\r\n");

pch = wcstok(NULL, L"\r\n", &state);

Menu > Build > Rebuild Solution > Menu > View > Error List
click on all errors "'wcstok': too few arguments for call" and change the first code location from

LPWSTR token = wcstok(proxy_str, delim);

wchar_t *state;
LPWSTR token = wcstok(proxy_str, delim, &state);

token = wcstok(NULL, delim);

token = wcstok(NULL, delim, &state);

click on error "'AURL_ENABLEURL': undeclared identifier" and change the code from

SendMessage(hmsg, EM_AUTOURLDETECT, AURL_ENABLEURL, 0);

#define AURL_ENABLEURL 1
SendMessage(hmsg, EM_AUTOURLDETECT, AURL_ENABLEURL, 0);

click on both errors "Cannot open include file 'versionhelpers.h': No such file or directory" and change the code location from

#include <versionhelpers.h>

#include "versionhelpers.h"

click on error "Cannot open include file 'combaseapi.h': No such file or directory" and change the code location from

#include <combaseapi.h>

//#include <combaseapi.h>

Menu > Build > Rebuild Solution > Menu > View > Error List
click on warning "formal parameter 2 different from declaration" right click on the function IsUserInGroup > Go To Declaration > change code location from

static BOOL IsUserInGroup(PSID sid, PTOKEN_GROUPS token_groups, const WCHAR *group_name);

static BOOL IsUserInGroup(PSID sid, const PTOKEN_GROUPS token_groups, const WCHAR *group_name);

click on warning "'CompareStringOrdinal' undefined; assuming extern returning int" and change the code location from

int cmp = CompareStringOrdinal(nameval1, (int)len1, nameval2, (int)len2, ignore_case);

//int cmp = CompareStringOrdinal(nameval1, (int)len1, nameval2, (int)len2, ignore_case);
int cmp = wcsncmp(nameval1, nameval2, (len1 > len2 ? len2 : len1));

click on warning "'=': conversion from 'DWORD' to 'LANGID', possible loss of data" and change code location from

gui_language = ( value != 0 ? value : GetUserDefaultUILanguage() );

gui_language = (LANGID)( value != 0 ? value : GetUserDefaultUILanguage() );

click on warning "formal parameter 2 different from declaration" and change code location from

LoadLocalizedStringBuf(PTSTR buffer, int bufferSize, const UINT stringId, ...)

LoadLocalizedStringBuf(PTSTR buffer, const int bufferSize, const UINT stringId, ...)

click on warning "'function': conversion from 'DWORD' to 'u_short', possible loss of data and change code location from

c->manage.skaddr.sin_port = htons(o.mgmt_port_offset + config);

c->manage.skaddr.sin_port = htons((u_short)o.mgmt_port_offset + config);

click on warning "'RegGetValueW' undefined; assuming extern returning int" and change code location from

if (RegGetValueW (regkey, NULL, L"version", RRF_RT_REG_BINARY, NULL, v, &len)

//if (RegGetValueW (regkey, NULL, L"version", RRF_RT_REG_BINARY, NULL, v, &len)
if (RegQueryValueEx(regkey, L"version", NULL, NULL, (LPBYTE)v, &len)

click on warning "'RegCopyTree' undefined; assuming extern returning int" and change code location from

status = RegCopyTree (regkey_nilings, NULL, regkey_proxy);

//status = RegCopyTree (regkey_nilings, NULL, regkey_proxy);
status = SHCopyKey(regkey_nilings, NULL, regkey_proxy, 0);

click on warning "'RegDeleteTree' undefined; assuming extern returning int" and change code location from

RegDeleteTree (HKEY_CURRENT_USER, GUI_REGKEY_HKCU); /* delete all values and subkeys */

//RegDeleteTree (HKEY_CURRENT_USER, GUI_REGKEY_HKCU); /* delete all values and subkeys */
SHDeleteKey(HKEY_CURRENT_USER, GUI_REGKEY_HKCU); /* delete all values and subkeys */

go to the start of the C source file registry.c and place the following include after <shlobj.h>

#include <shlwapi.h>

Menu > Build > Rebuild Solution > Menu > View > Error List
click on error "'TTI_ERROR_LARGE': undeclared identifier" and change the code location from

bt.ttiIcon = TTI_ERROR_LARGE;

#define TTI_ERROR_LARGE 6
bt.ttiIcon = TTI_ERROR_LARGE;

click on error "'IID_IFileOpenDialog': undeclared identifier", comment out the complete function "BrowseFolder" and add the following replacement functions

INT CALLBACK BrowseCallbackProc(HWND hwnd, UINT uMsg, LPARAM lp, LPARAM pData)
{
    if (uMsg == BFFM_INITIALIZED) SendMessage(hwnd, BFFM_SETSELECTION, TRUE, pData);
    return 0;
}

static BOOL BrowseFolder(const WCHAR * initial_path, WCHAR * selected_path, size_t selected_path_size)
{
    HRESULT initResult = CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
    if (FAILED(initResult))
    {
        return false;
    }

    BROWSEINFO br;
    ZeroMemory(&br, sizeof(BROWSEINFO));
    br.lpfn = BrowseCallbackProc;
    br.ulFlags = BIF_RETURNONLYFSDIRS | BIF_NEWDIALOGSTYLE;
    br.hwndOwner = NULL;
    br.lParam = (LPARAM)initial_path;

    LPITEMIDLIST pidl = NULL;
    if ((pidl = SHBrowseForFolder(&br)) != NULL)
    {
        wchar_t path[MAX_PATH];
        if (SHGetPathFromIDList(pidl, path))
        {
            wcsncpy(selected_path, path, wcslen(path));
        }
    }

    CoUninitialize();

    return true;
}

Menu > Build > Rebuild Solution > Menu > View > Error List
click on error "cannot open include file '../openvpn-gui-res.h'." and change the code location from

#include "../openvpn-gui-res.h"

#include "openvpn-gui-res.h"

click on warning "'function': conversion from 'time_t' to 'unsigned int', possible loss of data" and change the code location from

srand(time(NULL));

srand((unsigned int)time(NULL));

click on warning "'initializing': conversion from 'unsigned __int64' to 'double', possible loss of data" and change the code location from

double x = c;

double x = (double)c;

click on warning "'function': conversion from 'time_t' to 'unsigned int', possible loss of data" and change the code location from

srand(time(NULL));

srand((unsigned int)time(NULL));

click on warning "'function': different 'const' qualifiers" and change the code location from

void *tmp = realloc(options->auto_connect, sizeof(wchar_t *)*options->max_auto_connect);

void *tmp = realloc((void*)options->auto_connect, sizeof(wchar_t *)*options->max_auto_connect);

to solve the warning "Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio." do the following steps:

choose Menu > Build > Configuration Manager... > Active solution configuration: Release > Active solution platform: x86 > Close
in Solution Explorer select openvpn-gui > Menu > Project > Properties > choose Configuration: Active(Release) > Platform: Active(Win32) and change the following values:

Optimization: Maximum Optimization (Favor Size) (/O1)
Enable Intrinsic Functions: No
Favor Size Or Speed: Favor small code (/Os)

Generate Debug Info: No

choose Menu > Build > Rebuild Solution

We can now compile the debug and release configuration for Windows XP without any errors or warnings. The final source code package is located at "OpenVPN-GUI_v11.26\openvpn-gui_v11.26_20220123_for_XP.7z".

11.) Build TAP-Driver v9.9.2
-----------------------------

We have to rebuild the TAP-Driver for Windows XP, because the original driver of OpenVPN v2.3.18 does only support a speed of 10 MBit/s. This limits our connection dramatically. Therefore we implemented a patch to support 1 GBit/s, although the theoretical VPN limit would be around 250 to 300 MBit/s.

Operating System: Windows XP SP3 or Windows Server 2003 R2 SP2
Compiler Suite: Windows Driver Development Kit v7.1.0 (7600.16385.1)
install "NSIS-Installer\nsis-2.50-setup.exe"
unpack "TAP-Driver_v9.9.2\tap-windows-master_for_XP.7z" to "C:\tap"
open file "C:\tap\src\tapdrvr.c" and change code line 1142 from

l_Query.m_Long = 100000; // rate / 100 bps

l_Query.m_Long = 10000000; // rate / 100 bps

to build the release driver open an administrative command prompt and type the following commands:

REM change current directory to TAP-Driver source code directory
cd "C:\tap"

REM configure TAP-Driver
configure.bat

REM build TAP-Driver
build.bat

the resulting NSIS-Installer package is located at "C:\tap\tap-windows-9.9.2.exe"

The final source code package is located at "TAP-Driver_v9.9.2\tap_v9.9.2_20220123_for_XP.7z".

12.) Build NSIS-Installer
---------------------------

Operating System: Windows XP SP3 or Windows Server 2003 R2 SP2
install "NSIS-Installer\nsis-2.50-setup.exe"
create the directory "C:\nsis"
unpack "NSIS-Installer\OpenVPN-v2.3.18_last_version_for_XP.exe" to "C:\nsis\OpenVPN-v2.3.18"
unpack "NSIS-Installer\openvpn-build-release-2.3.7z" to "C:\nsis\openvpn-build-release-2.3"
copy "C:\nsis\openvpn-build-release-2.3\windows-nsis\install-whirl.bmp" to "C:\nsis"
copy "C:\nsis\openvpn-build-release-2.3\windows-nsis\nsProcess.dll" to "C:\nsis"
copy "C:\nsis\openvpn-build-release-2.3\windows-nsis\nsProcess.nsh" to "C:\nsis"
copy "NSIS-Installer\VC-Redistributable_v14.27.29114.0_x86.exe" to "C:\nsis"
delete the directory "C:\nsis\OpenVPN-v2.3.18\$PLUGINSDIR"
delete the file "C:\nsis\OpenVPN-v2.3.18\$TEMP\tap-windows.exe"
delete all files and directories in the folder "C:\nsis\OpenVPN-v2.3.18\bin" except "openvpnserv.exe"
unpack "OpenSSL_v1.1.1m\openssl-v1.1.1m-shared.7z" to "C:\OpenSSL_v1.1.1m"
copy "C:\OpenSSL_v1.1.1m\bin\libcrypto-1_1.dll" to "C:\nsis\OpenVPN-v2.3.18\bin"
copy "C:\OpenSSL_v1.1.1m\bin\libssl-1_1.dll" to "C:\nsis\OpenVPN-v2.3.18\bin"
copy "C:\OpenSSL_v1.1.1m\bin\openssl.exe" to "C:\nsis\OpenVPN-v2.3.18\bin"
unpack "PKCS11-Helper_v1.28.0\pkcs11-helper-1.28.0-shared-DLL.7z" to "C:\pkcs11-helper-1.28.0"
copy "C:\pkcs11-helper-1.28.0\lib\libpkcs11-helper-1.dll" to "C:\nsis\OpenVPN-v2.3.18\bin"
unpack "LZO_v2.10\lzo-2.10-shared-DLL.7z" to "C:\lzo-2.10"
copy "C:\lzo-2.10\lzo2.dll" to "C:\nsis\OpenVPN-v2.3.18\bin"
unpack "OpenVPN_v2.5.4\openvpn_v2.5.4_20220123_for_XP.7z" to "C:\openvpn_v2.5.4_20220123_for_XP"
copy "C:\openvpn_v2.5.4_20220123_for_XP\bin\openvpn.exe" to "C:\nsis\OpenVPN-v2.3.18\bin"
unpack "OpenVPN-GUI_v11.26\openvpn-gui_v11.26_20220123_for_XP.7z" to "C:\openvpn-gui_v11.26_20220123_for_XP"
copy "C:\openvpn-gui_v11.26_20220123_for_XP\bin\openvpn-gui.exe" to "C:\nsis\OpenVPN-v2.3.18\bin"
copy "C:\tap\tap-windows-9.9.2.exe" to "C:\nsis\OpenVPN-v2.3.18\$TEMP\tap-windows.exe"
delete the directory "C:\nsis\openvpn-build-release-2.3"
copy "NSIS-Installer\openvpn.nsi" to "C:\nsis\openvpn.nsi"
Start > Programs > NSIS > Compile NSI scripts
Menu > File > Load Script... > choose file "C:\nsis\openvpn.nsi" > Open > the NSI script is compiled automatically we should not see any errors at the end of compilation > Close > close NSIS compiler window

The newly created OpenVPN installer is located at "C:\nsis\OpenVPN-v2.5.4.exe". The final source code package is located at "NSIS-Installer\NSIS_Installer_Package_20220123_for_XP.7z".

13.) OpenVPN configuration file changes for Windows XP
------------------------------------------------------------

We should change the following 3 parameters in the OpenVPN configuration file for Windows XP:

block-outside-dns
route-ipv6 ::/0
auth-nocache

The parameter "block-outside-dns" is used to block DNS traffic and remove a potential DNS leak. If this parameter is commented out in your VPN configuration file you should enable it.

To completely disable IPv6 routing we should comment out the parameter "route-ipv6 ::/0". Otherwise we see the following error message:

ERROR: Windows route add ipv6 command failed: returned error code 1

We also should enable the additional parameter "auth-nocache". This disables password caching in memory. Without this parameter we see the following error message in the log:

WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

A correct example configuration file section will look like follows:

block-outside-dns
#route-ipv6 ::/0
auth-nocache

14.) Test if OpenVPN is working correctly
--------------------------------------------

To test the correct working of OpenVPN we can use the following 3 internet sites:

https://hide.me/en/check

https://www.dnsleaktest.com

https://ipleak.net

To disable a potential WebRTC leak in your browser do the following steps based on your browser:

Mozilla Firefox: Type "about:config" in the address bar, scroll down to "media.peerconnection.enabled", double click to set it to false
Google Chrome: Install Google official extension WebRTC Network Limiter
Opera: Type "about:config" in the address bar or go to "Settings", select "Show advanced settings" and click on "Privacy & security". At "WebRTC" mark select "Disable non-proxied UDP".

15.) OpenVPN v2.5.4 Windows XP SP3 bug
--------------------------------------------

OpenVPN v2.5.4 contains a severe bug on Windows XP SP3. If we try to connect to the VPN server, we see the following buffer size error in the log file:

2022-01-09 14:24:02 open_tun
2022-01-09 14:24:02 MANAGEMENT: Client disconnected
2022-01-09 14:24:02 fatal buffer size error, size=2089877947
2022-01-09 14:24:02 Exiting due to fatal error

The buffer size of 2089877947 can change randomly. This error is caused by the source code file "tun.c" and the function "get_device_instance_id_interface". The call to CM_Get_Device_Interface_List_Size returns CR_SUCCESS and a random interface list size, which is invalid and based on the value of the variable dev_interface_list_size on function entry. That is the reason why the following call to alloc_buf_gc fails, because the specified buffer size is too big. To solve this problem we have to simply change code line 3672 from

ULONG dev_interface_list_size;

ULONG dev_interface_list_size = 0;

This initializes the device interface list size with zero and the returned list size is 1 on Windows XP SP3 for an empty list. The error does not occur on Windows Server 2003 R2 SP2, where a valid list size is returned without any problems.

16.) Version and download link
----------------------------------

The complete OpenVPN package with all necessary files can be downloaded from Sourceforge.

Thanks for your attention and interest in this topic.
Greets Kai Schtrom

Version 1.0 January 23, 2022

Topic Overview ------------------

1.) Introduction -------------------

2.) Prerequisites --------------------

3.) Build Machine Setup ---------------------------

4.) Build OpenSSL v1.1.1m ------------------------------

5.) Build LZO v2.10 DLL --------------------------

6.) Build PKCS11-Helper v1.28 DLL --------------------------------------

7.) Build OpenVPN v2.5.4 include files -----------------------------------------

8.) Build OpenVPN v2.5.4 ----------------------------

9.) Build OpenVPN-GUI v11.26 include files ----------------------------------------------

10.) Build OpenVPN-GUI v11.26 ----------------------------------

11.) Build TAP-Driver v9.9.2 -----------------------------

12.) Build NSIS-Installer ---------------------------

13.) OpenVPN configuration file changes for Windows XP ------------------------------------------------------------

14.) Test if OpenVPN is working correctly --------------------------------------------

15.) OpenVPN v2.5.4 Windows XP SP3 bug --------------------------------------------

16.) Version and download link ----------------------------------