Date created: Saturday, October 3, 2020 5:29:32 PM. Last modified: Friday, January 14, 2022 8:07:10 AM

OpenVPN on Windows XP

Install with TAP Driver

Download the last working version of OpenVPN for Windows XP (32 bit): openvpn-install-2.3.18-I602-i686.exe

Download the TAP Windows driver version 9.9.x (newer then 9.9.x / NDIS 5 isn't supported in XP and the OpenVPN installer comes bundles with 9.21.x which is for Vista): tap-windows-9.9.2.zip

Run the OpenVPN installer.

In the folder C:\Program Files\TAP-Windows\driver remove all the existing files. Unpack the contents of tap-windows-9.9.2.zip to this folder. Edit the file C:\Program Files\TAP-Windows\bin\addtap.bat so that it references the OemWin2k.inf file in the C:\Program Files\TAP-Windows\driver folder instead of the OemVista.inf file.

Run C:\Program Files\TAP-Windows\bin\addtap.bat so that it creates a new TAP interface. It should show under Network Connections under Control Panel. It should also show in this output from OpenVPN (prior to this step there should be no TAP interfaces present in Network Connections and the below command would show no TAP interfaces found):

C:\Program Files\OpenVPN\bin>openvpn.exe --show-adapters
Available TAP-WIN32 adapters [name, GUID]:
'Local Area Connection' 49337

If OpenVPN produces output with a device GUID but the name is "NULL" something is wrong. That is what happens when using the bundled version 9.21.x Windows TAP driver in the OpenVPN installer (also the device doesn't show under Control Panel > Network Connections). OpenVPN also fails to connect giving an error message that no TAP devices were available or that they were all in use, "OpenVPN Error: All TAP-Windows adapters on this system are currently in use".

With the correct TAP driver version the TAP interfaces shows under Network Connections and under device manager the interface shows with no yellow exclamation.

 

Client Config

Here is a working client config file for XP: xp-client.ovpn. Simply change the line "remote 1.2.3.4 1194" to be the correct server IP. The command "dev tap" is uncommented for a layer 2 VPN, for layer 3 this must be commented out and "dev tun" uncommented.

The config references the files ca.crt, client.crt, client.key and ta.key. These are all generated on/by the server and need to go into the config folder with the config file.


Previous page: VM Tuning
Next page: Windows XP as Guest VM