-
Notifications
You must be signed in to change notification settings - Fork 3k
/
Copy pathINSTALL
293 lines (191 loc) · 9.25 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
Installation instructions for OpenVPN, a Secure Tunneling Daemon
Copyright (C) 2002-2022 OpenVPN Inc. This program is free software;
you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2
as published by the Free Software Foundation.
*************************************************************************
QUICK START:
Unix:
./configure && make && make install
*************************************************************************
To download OpenVPN source code of releases, go to:
https://openvpn.net/community-downloads/
OpenVPN releases are also available as Debian/RPM packages:
https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
OpenVPN development versions can be found here:
https://github.com/OpenVPN/openvpn
https://gitlab.com/OpenVPN/openvpn
https://sourceforge.net/p/openvpn/openvpn/ci/master/tree/
They should all be in sync at any time.
To download easy-rsa go to:
https://github.com/OpenVPN/easy-rsa
To download tap-windows (NDIS 6) driver source code go to:
https://github.com/OpenVPN/tap-windows6
To download ovpn-dco Windows driver source code go to:
https://github.com/OpenVPN/ovpn-dco-win
To get the cross-compilation environment go to:
https://github.com/OpenVPN/openvpn-build
For step-by-step instructions with real-world examples see:
https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
https://community.openvpn.net/openvpn/wiki
https://openvpn.net/community-resources/
Also see the man page for more information.
*************************************************************************
For a list of supported platforms and architectures, and for
instructions how to port OpenVPN to a yet-unsupported architecture,
see the file "PORTS".
*************************************************************************
SYSTEM REQUIREMENTS:
(1) TUN and/or TAP driver to allow user-space programs to control
a virtual point-to-point IP or Ethernet device.
See TUN/TAP Driver References section below for more info.
(2a) OpenSSL library, necessary for encryption, version 1.1.0 or higher
required, available from http://www.openssl.org/
or
(2b) mbed TLS library, an alternative for encryption, version 2.0 or higher
required, available from https://tls.mbed.org/
(3) on Linux, "libnl-gen" is required for kernel netlink support
(4) on Linux, "libcap-ng" is required for Linux capability handling
OPTIONAL:
(5) LZO real-time compression library, required for link compression,
available from http://www.oberhumer.com/opensource/lzo/
(most supported operating systems have LZO in their installable
packages repository. It might be necessary to add LZO_CFLAGS=
and LZO_LIBS= to the configure call to make it find the LZO pieces)
(6) LZ4 compression library
OPTIONAL (for developers only):
(1) Autoconf 2.59 or higher
Automake 1.9 or higher
Libtool
Git
(2) cmocka test framework (http://cmocka.org)
(3) If using t_client.sh test framework, fping/fping6 is needed
Note: t_client.sh needs an external configured OpenVPN server.
See t_client.rc-sample for more info.
*************************************************************************
CHECK OUT SOURCE FROM SOURCE REPOSITORY:
Clone the repository:
git clone https://github.com/OpenVPN/openvpn
git clone https://gitlab.com/OpenVPN/openvpn
git clone git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn
Check out stable version:
git checkout release/2.6
Check out master (unstable) branch:
git checkout master
*************************************************************************
BUILD COMMANDS FROM TARBALL:
./configure
make
sudo make install
*************************************************************************
BUILD COMMANDS FROM SOURCE REPOSITORY CHECKOUT:
autoreconf -i -v -f
./configure
make
sudo make install
*************************************************************************
BUILD A TARBALL FROM SOURCE REPOSITORY CHECKOUT:
autoreconf -i -v -f
./configure
make distcheck
*************************************************************************
TESTS (after BUILD):
make check (Run all tests below)
Test Crypto:
./openvpn --genkey secret key
./openvpn --test-crypto --secret key
Test SSL/TLS negotiations (runs for 2 minutes):
./openvpn --config sample/sample-config-files/loopback-client (In one window)
./openvpn --config sample/sample-config-files/loopback-server (Simultaneously in another window)
For more thorough client-server tests you can configure your own, private test
environment. See tests/t_client.rc-sample for details.
To do the C unit tests, you need to have the "cmocka" test framework
installed on your system. More recent distributions already ship this
as part of their packages/ports. If your system does not have it,
you can install cmocka with these commands:
$ git clone https://git.cryptomilk.org/projects/cmocka.git
$ cd cmocka
$ mkdir build
$ cd build
$ cmake -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_BUILD_TYPE=Debug ..
$ make
$ sudo make install
*************************************************************************
OPTIONS for ./configure:
To get an overview of all the configure options, run "./configure --help"
ENVIRONMENT for ./configure:
For more fine-grained control on include + library paths for external
components etc., configure can be called with environment variables on
the command line, e.g.
./configure OPENSSL_CFLAGS="-I/usr/local/include" ...
these are also explained in "./configure --help", so not repeated here.
*************************************************************************
Linux distribution packaging:
Each Linux distribution has their own way of doing packaging and their
own set of guidelines of how proper packaging should be done. It
is therefore recommended to reach out to the Linux distributions you
want to have OpenVPN packaged for directly. The OpenVPN project wants
to focus more on the OpenVPN development and less on the packaging
and how packaging is done in all various distributions.
For more details:
* Arch Linux
https://www.archlinux.org/packages/?name=openvpn
* Debian
https://packages.debian.org/search?keywords=openvpn&searchon=names
https://tracker.debian.org/pkg/openvpn
* Fedora / Fedora EPEL (Red Hat Enterprise Linux/CentOS/Scientific Linux)
https://apps.fedoraproject.org/packages/openvpn/overview/
https://src.fedoraproject.org/rpms/openvpn
* Gentoo
https://packages.gentoo.org/packages/net-vpn/openvpn
https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/openvpn
* openSUSE
https://build.opensuse.org/package/show/network:vpn/openvpn
* Ubuntu
https://packages.ubuntu.com/search?keywords=openvpn
In addition, the OpenVPN community provides best-effort package
repositories for CentOS/Fedora, Debian and Ubuntu:
https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
*************************************************************************
TUN/TAP Driver References:
* Linux 2.6 or higher (with integrated TUN/TAP driver):
(1) load driver: modprobe tun
(2) enable routing: echo 1 > /proc/sys/net/ipv4/ip_forward
Note that (1) needs to be done once per reboot. If you install from RPM (see
above) and use the openvpn.init script, these steps are taken care of for you.
* FreeBSD:
FreeBSD ships with the TUN/TAP driver, and the device nodes for tap0,
tap1, tap2, tap3, tun0, tun1, tun2 and tun3 are made by default.
On FreeBSD versions prior to 12.0-RELEASE, there were independent
TUN and TAP drivers, and the TAP driver needed to be loaded manually,
using the command:
# kldload if_tap
For recent FreeBSD versions, TUN/TAP are integrated and always loaded.
FreeBSD 14 contains the ovpn(4) for kernel-level OpenVPN acceleration
(DCO) which will be used by OpenVPN 2.6 and up if available.
* OpenBSD:
OpenBSD has dynamically created tun* devices so you only need
to create an empty /etc/hostname.tun0 (tun1, tun2 and so on) for each tun
you plan to use to create the device(s) at boot.
* Solaris:
You need a TUN/TAP kernel driver for OpenVPN to work:
http://www.whiteboard.ne.jp/~admin2/tuntap/
* Haiku:
Haiku can't yet dynamically create TUN/TAP devices, so you need to manually
create one before running openvpn:
# ifconfig tun/0 up
A standard reference the dev as "tun" in your config is all that's needed
to use the tunnel device.
* Windows
OpenVPN on Windows needs a TUN/TAP kernel driver to work. OpenVPN installers
include this driver, so installing it separately is not usually required.
Starting from Windows 10 2004 / Windows Server 2022, OpenVPN can use the
dco-win driver for kernel-level acceleration for OpenVPN client setups.
This driver is also included in the community-provided OpenVPN installers.
*************************************************************************
CAVEATS & BUGS:
* See the bug tracker on https://github.com/OpenVPN/openvpn/issues
and the wiki on https://community.openvpn.net/wiki for more detailed
caveats on operating systems, and for open and resolved bug reports.
* Note: We only recently switched to GitHub for reporting new issues,
old issues can be found at https://community.openvpn.net/openvpn/report