diff options
Diffstat (limited to 'INSTALL')
| -rw-r--r-- | INSTALL | 151 |
1 files changed, 93 insertions, 58 deletions
@@ -1,6 +1,6 @@ Installation instructions for OpenVPN, a Secure Tunneling Daemon -Copyright (C) 2002-2018 OpenVPN Inc. This program is free software; +Copyright (C) 2002-2019 OpenVPN Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. @@ -10,25 +10,29 @@ as published by the Free Software Foundation. QUICK START: Unix: - ./configure && make && make-install + ./configure && make && make install ************************************************************************* -To download OpenVPN, go to: +To download OpenVPN source code of releases, go to: - http://openvpn.net/download.html + https://openvpn.net/community-downloads/ OpenVPN releases are also available as Debian/RPM packages: https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos -To download easy-rsa go to: +OpenVPN development versions can be found here: - https://github.com/OpenVPN/easy-rsa + https://github.com/OpenVPN/openvpn + https://gitlab.com/OpenVPN/openvpn + https://sourceforge.net/p/openvpn/openvpn/ci/master/tree/ -To download tap-windows (NDIS 5) driver source code go to: +They should all be in sync at any time. - https://github.com/OpenVPN/tap-windows +To download easy-rsa go to: + + https://github.com/OpenVPN/easy-rsa To download tap-windows (NDIS 6) driver source code go to: @@ -40,15 +44,11 @@ To get the cross-compilation environment go to: For step-by-step instructions with real-world examples see: - http://openvpn.net/howto.html + https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN https://community.openvpn.net/openvpn/wiki + https://openvpn.net/community-resources/ -For examples see: - - http://openvpn.net/examples.html - -Also see the man page for more information, usage examples, and information on -firewall configuration. +Also see the man page for more information. ************************************************************************* @@ -100,11 +100,12 @@ CHECK OUT SOURCE FROM SOURCE REPOSITORY: Clone the repository: git clone https://github.com/OpenVPN/openvpn + git clone https://gitlab.com/OpenVPN/openvpn git clone git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn Check out stable version: - git checkout -b 2.2 remotes/origin/release/2.2 + git checkout release/2.4 Check out master (unstable) branch: @@ -134,7 +135,7 @@ BUILD A TARBALL FROM SOURCE REPOSITORY CHECKOUT: autoreconf -i -v -f ./configure - make dist + make distcheck ************************************************************************* @@ -160,24 +161,19 @@ environment. See tests/t_client.rc-sample for details. OPTIONS for ./configure: --disable-lzo disable LZO compression support [default=yes] - --enable-lzo-stub don't compile LZO compression support but still - allow limited interoperability with LZO-enabled - peers [default=no] + --disable-lz4 Disable LZ4 compression support + --enable-comp-stub Don't compile compression support but still allow limited interoperability with compression-enabled peers --disable-crypto disable crypto support [default=yes] - --disable-ssl disable SSL support for TLS-based key exchange + --disable-ofb-cfb disable support for OFB and CFB cipher modes [default=yes] --enable-x509-alt-username enable the --x509-username-field feature [default=no] - --disable-multi disable client/server support (--mode server + - client mode) [default=yes] --disable-server disable server support only (but retain client support) [default=yes] --disable-plugins disable plug-in support [default=yes] --disable-management disable management server support [default=yes] --enable-pkcs11 enable pkcs11 support [default=no] - --disable-socks disable Socks support [default=yes] - --disable-http-proxy disable HTTP proxy support [default=yes] --disable-fragment disable internal fragmentation support (--fragment) [default=yes] --disable-multihome disable multi-homed UDP server support (--multihome) @@ -187,73 +183,112 @@ OPTIONS for ./configure: --disable-debug disable debugging support (disable gremlin and verb 7+ messages) [default=yes] --enable-small enable smaller executable size (disable OCC, usage - message, and verb 4 parm list) [default=yes] - --enable-password-save allow --askpass and --auth-user-pass passwords to be - read from a file [default=yes] + message, and verb 4 parm list) [default=no] --enable-iproute2 enable support for iproute2 [default=no] --disable-def-auth disable deferred authentication [default=yes] --disable-pf disable internal packet filter [default=yes] + --disable-plugin-auth-pam + disable auth-pam plugin [default=platform specific] + --disable-plugin-down-root + disable down-root plugin [default=platform specific] + --enable-pam-dlopen dlopen libpam [default=no] --enable-strict enable strict compiler warnings (debugging option) [default=no] --enable-pedantic enable pedantic compiler warnings, will not generate a working executable (debugging option) [default=no] + --enable-werror promote compiler warnings to errors, will cause + builds to fail if the compiler issues warnings + (debugging option) [default=no] --enable-strict-options enable strict options check between peers (debugging option) [default=no] --enable-selinux enable SELinux support [default=no] - --enable-systemd enable systemd suppport [default=no] + --enable-systemd enable systemd support [default=no] + --enable-async-push enable async-push support for plugins providing + deferred authentication [default=no] ENVIRONMENT for ./configure: + PLUGINDIR Path of plug-in directory [default=LIBDIR/openvpn/plugins] IFCONFIG full path to ipconfig utility ROUTE full path to route utility IPROUTE full path to ip utility NETSTAT path to netstat utility MAN2HTML path to man2html utility GIT path to git utility + SYSTEMD_ASK_PASSWORD + path to systemd-ask-password utility + SYSTEMD_UNIT_DIR + Path of systemd unit directory [default=LIBDIR/systemd/system] + TMPFILES_DIR + Path of tmpfiles directory [default=LIBDIR/tmpfiles.d] + +ENVIRONMENT variables adjusting parameters related to dependencies + TAP_CFLAGS C compiler flags for tap - OPENSSL_CFLAGS - C compiler flags for OpenSSL, overriding pkg-config - OPENSSL_LIBS - linker flags for OpenSSL, overriding pkg-config - POLARSSL_CFLAGS - C compiler flags for polarssl - POLARSSL_LIBS - linker flags for polarssl - LZO_CFLAGS C compiler flags for lzo - LZO_LIBS linker flags for lzo + LIBPAM_CFLAGS + C compiler flags for libpam + LIBPAM_LIBS linker flags for libpam PKCS11_HELPER_CFLAGS C compiler flags for PKCS11_HELPER, overriding pkg-config PKCS11_HELPER_LIBS linker flags for PKCS11_HELPER, overriding pkg-config + OPENSSL_CFLAGS + C compiler flags for OpenSSL + OPENSSL_LIBS + linker flags for OpenSSL + MBEDTLS_CFLAGS + C compiler flags for mbedtls + MBEDTLS_LIBS + linker flags for mbedtls + LZO_CFLAGS C compiler flags for lzo + LZO_LIBS linker flags for lzo + LZ4_CFLAGS C compiler flags for lz4 + LZ4_LIBS linker flags for lz4 + libsystemd_CFLAGS + C compiler flags for libsystemd, overriding pkg-config + libsystemd_LIBS + linker flags for libsystemd, overriding pkg-config + P11KIT_CFLAGS + C compiler flags for P11KIT, overriding pkg-config + P11KIT_LIBS linker flags for P11KIT, overriding pkg-config ************************************************************************* -BUILDING ON LINUX 2.6+ FROM RPM +Linux distribution packaging: + +Each Linux distribution has their own way of doing packaging and their +own set of guidelines of how proper packaging should be done. It +is therefore recommended to reach out to the Linux distributions you +want to have OpenVPN packaged for directly. The OpenVPN project wants +to focus more on the OpenVPN development and less on the packaging +and how packaging is done in all various distributions. + +For more details: -You can build a binary RPM directly from the OpenVPN tarball file: +* Arch Linux + https://www.archlinux.org/packages/?name=openvpn - rpmbuild -tb [tarball] +* Debian + https://packages.debian.org/search?keywords=openvpn&searchon=names + https://tracker.debian.org/pkg/openvpn -This command will build a binary RPM file and place it in the system -RPM directory. You can then install the RPM with the standard RPM -install command: +* Fedora / Fedora EPEL (Red Hat Enterprise Linux/CentOS/Scientific Linux) + https://apps.fedoraproject.org/packages/openvpn/overview/ + https://src.fedoraproject.org/rpms/openvpn - rpm -ivh [binary-rpm] +* Gentoo + https://packages.gentoo.org/packages/net-vpn/openvpn + https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/openvpn -When you install the binary RPM, it will install -sample-scripts/openvpn.init, which can be used to -automatically start or stop one or more OpenVPN tunnels on system -startup or shutdown, based on OpenVPN .conf files in /etc/openvpn. -See the comments in openvpn.init for more information. +* openSUSE + https://build.opensuse.org/package/show/network:vpn/openvpn -Installing the RPM will also configure the TUN/TAP device node -for linux 2.6. +* Ubuntu + https://packages.ubuntu.com/search?keywords=openvpn -Note that the current openvpn.spec file, which instructs the rpm tool -how to build a package, will build OpenVPN with all options enabled, -including OpenSSL, LZO, and pthread linkage. Therefore all of -these packages will need to be present prior to the RPM build, unless -you edit the openvpn.spec file. +In addition, the OpenVPN community provides a best-effort APT repository +for Debian and Ubuntu: +https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos ************************************************************************* |