Skip to content

BUILD.md

Latest commit

 

History

History
280 lines (174 loc) · 8.53 KB

BUILD.md

File metadata and controls

280 lines (174 loc) · 8.53 KB

How to build openvpn3-linux locally

The primary Linux distributions targeted and regularly tested are:

  • CentOS 7 and 8
  • Debian 11 and newer
  • Fedora 37 and newer
  • Red Hat Enterprise Linux (RHEL) 7 and newer
  • Scientific Linux 7
  • Ubuntu 20.04 and newer

This list is not an exclusive list, and it will most likely work on all other distributions with recent enough dependencies.

The following dependencies are needed:

In addition, this git repository will pull in these git submodules:

First install the package dependencies needed to run the build.

Debian/Ubuntu:

  • Building with OpenSSL (recommended):

    For newer Debian and Ubuntu releases shipping with OpenSSL 1.1 or newer:

    # apt-get install libssl-dev libssl1.1

  • Building with mbed TLS (alternative):

    # apt-get install libmbedtls-dev

  • Generic build requirements:

    # apt-get install build-essential git pkg-config autoconf         \
                  autoconf-archive libglib2.0-dev libjsoncpp-dev  \
                  uuid-dev liblz4-dev libcap-ng-dev libxml2-utils \
                  python3-minimal python3-dbus python3-docutils   \
                  python3-jinja2 libxml2-utils libtinyxml2-dev    \
                  policykit-1 libsystemd-dev python3-systemd

  • Dependencies to build with DCO support:

    # apt-get install libnl-3-dev libnl-genl-3-dev protobuf-compiler libprotobuf-dev

Fedora:

  • Building with OpenSSL (recommended):

    # yum install openssl-devel

  • Building with mbed TLS (alternative):

    # yum install mbedtls-devel

  • Generic build requirements:

    # yum install gcc-c++ git autoconf autoconf-archive automake make \
              pkgconfig glib2-devel jsoncpp-devel libuuid-devel   \
              libcap-ng-devel selinux-policy-devel lz4-devel      \
              zlib-devel libxml2 tinyxml2-devel python3-dbus      \
              python3-gobject python3-pyOpenSSL python3-jinja2    \
              python3-docutils bzip2 polkit systemd-devel         \
              python3-systemd

  • Dependencies to build with DCO support:

    # yum install libnl3-devel protobuf-compiler protobuf protobuf-devel

Red Hat Enterprise Linux / CentOS / Scientific Linux

First install the epel-release repository if that is not yet installed.

NOTES: RHEL 8 / CentOS 8 - differences from RHEL 7 / CentOS 7

For Red Hat Enterprise Linux 8 and CentOS 8, use the package lists used in Fedora. In addition the CodeReady (RHEL) / PowerTools (CentOS) repository needs to be enabled when building with Data Channel Offload(DCO) support.

For CentOS 8 run these commands:

 # yum -y install yum-utils
 # yum-config-manager --set-enabled powertools
Required packages

  • Building with OpenSSL (recommended)

    # yum install openssl-devel

  • Building with mbed TLS (alternative):

    # yum install mbedtls-devel

  • Generic build requirements (only RHEL 7):

    # yum install gcc-c++ git autoconf autoconf-archive automake make \
              pkgconfig glib2-devel jsoncpp-devel libuuid-devel   \
              lz4-devel libcap-ng-devel selinux-policy-devel      \
              zlib-devel libxml2 python-docutils python36         \
              python36-dbus python36-gobject python36-pyOpenSSL   \
              polkit systemd-devel tinyxml2 tinyxml2-devel

    For RHEL 8/CentOS 8 see the Fedora package lists, including dependencies for DCO support.

Preparations building from git

  • Clone this git repository: git clone git://github.com/OpenVPN/openvpn3-linux
  • Enter the openvpn3-linux directory: cd openvpn3-linux
  • Run: ./bootstrap.sh

Completing these steps will provide you with a ./configure script.

Adding the openvpn user and group accounts

The default configuration for the services assumes a service account openvpn to be present. If it does not exist you should add one, e.g. by:

# groupadd -r openvpn
# useradd -r -s /sbin/nologin -g openvpn openvpn

Building OpenVPN 3 Linux client

If you already have a ./configure script or have retrieved an openvpn3-linux-*.tar.xz tarball generated by make dist, the following steps will build the client.

  • Run: ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
  • Run: make
  • Run (as root): make install
  • Run (as root): openvpn3-admin init-config --write-configs

By default, OpenVPN 3 Linux is built using the OpenSSL library. If you want to compile against mbed TLS, add the --with-crypto-library=mbedtls argument to ./configure.

You might need to also reload D-Bus configuration to make D-Bus aware of the newly installed service. On most system this happens automatically but occasionally a manual operation is needed:

# systemctl reload dbus

The --prefix can be changed, but beware that you will then need to add --datarootdir=/usr/share instead. This is related to the D-Bus auto-start feature. The needed D-Bus service profiles will otherwise be installed in a directory the D-Bus message service does not know of. The same is for the --sysconfdir path. It will install a needed OpenVPN 3 D-Bus policy into /etc/dbus-1/system.d/.

With everything built and installed, it should be possible to run both the openvpn2 and openvpn3 command line tools - even as an unprivileged user.

Enable AWS-VPC integration

If you want to enable the AWS-VPC integration, add --enable-addons-aws to the ./configure command.

Auto-completion helper for bash/zsh

If you want to also install the bash-completion scripts for the openvpn2 and openvpn3 commands, add --enable-bash-completion to the ./configure command.