]>
Commit | Line | Data |
---|---|---|
6fbf66fa JY |
1 | Installation instructions for OpenVPN, a Secure Tunneling Daemon |
2 | ||
c291c95f | 3 | Copyright (C) 2002-2022 OpenVPN Inc. This program is free software; |
6fbf66fa JY |
4 | you can redistribute it and/or modify |
5 | it under the terms of the GNU General Public License version 2 | |
6 | as published by the Free Software Foundation. | |
7 | ||
8 | ************************************************************************* | |
9 | ||
f02576fa JY |
10 | QUICK START: |
11 | ||
12 | Unix: | |
6099ab67 | 13 | ./configure && make && make install |
f02576fa | 14 | |
f02576fa JY |
15 | ************************************************************************* |
16 | ||
6099ab67 | 17 | To download OpenVPN source code of releases, go to: |
6fbf66fa | 18 | |
6099ab67 | 19 | https://openvpn.net/community-downloads/ |
6fbf66fa | 20 | |
607a678d | 21 | OpenVPN releases are also available as Debian/RPM packages: |
6fbf66fa | 22 | |
607a678d SS |
23 | https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos |
24 | ||
6099ab67 | 25 | OpenVPN development versions can be found here: |
607a678d | 26 | |
aa3b7a32 LS |
27 | https://github.com/OpenVPN/openvpn |
28 | https://gitlab.com/OpenVPN/openvpn | |
29 | https://sourceforge.net/p/openvpn/openvpn/ci/master/tree/ | |
607a678d | 30 | |
6099ab67 | 31 | They should all be in sync at any time. |
607a678d | 32 | |
6099ab67 DS |
33 | To download easy-rsa go to: |
34 | ||
35 | https://github.com/OpenVPN/easy-rsa | |
607a678d | 36 | |
ac341e6d SS |
37 | To download tap-windows (NDIS 6) driver source code go to: |
38 | ||
39 | https://github.com/OpenVPN/tap-windows6 | |
40 | ||
aa3b7a32 LS |
41 | To download ovpn-dco Windows driver source code go to: |
42 | ||
43 | https://github.com/OpenVPN/ovpn-dco-win | |
44 | ||
607a678d SS |
45 | To get the cross-compilation environment go to: |
46 | ||
47 | https://github.com/OpenVPN/openvpn-build | |
48 | ||
49 | For step-by-step instructions with real-world examples see: | |
50 | ||
6099ab67 | 51 | https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN |
607a678d | 52 | https://community.openvpn.net/openvpn/wiki |
6099ab67 | 53 | https://openvpn.net/community-resources/ |
6fbf66fa | 54 | |
6099ab67 | 55 | Also see the man page for more information. |
6fbf66fa JY |
56 | |
57 | ************************************************************************* | |
58 | ||
c291c95f GD |
59 | For a list of supported platforms and architectures, and for |
60 | instructions how to port OpenVPN to a yet-unsupported architecture, | |
61 | see the file "PORTS". | |
62 | ||
63 | ************************************************************************* | |
64 | ||
65 | SYSTEM REQUIREMENTS: | |
6fbf66fa | 66 | (1) TUN and/or TAP driver to allow user-space programs to control |
c291c95f GD |
67 | a virtual point-to-point IP or Ethernet device. |
68 | See TUN/TAP Driver References section below for more info. | |
69 | (2a) OpenSSL library, necessary for encryption, version 1.0.2 or higher | |
6fbf66fa | 70 | required, available from http://www.openssl.org/ |
ec7d0e8e | 71 | or |
c291c95f | 72 | (2b) mbed TLS library, an alternative for encryption, version 2.0 or higher |
ed0e7993 | 73 | required, available from https://tls.mbed.org/ |
c291c95f GD |
74 | (3) on Linux, "libnl-gen" is required for kernel netlink support |
75 | (4) on Linux, "libcap-ng" is required for Linux capability handling | |
ec7d0e8e AS |
76 | |
77 | OPTIONAL: | |
c291c95f | 78 | (5) LZO real-time compression library, required for link compression, |
6fbf66fa | 79 | available from http://www.oberhumer.com/opensource/lzo/ |
c291c95f GD |
80 | (most supported operating systems have LZO in their installable |
81 | packages repository. It might be necessary to add LZO_CFLAGS= | |
82 | and LZO_LIBS= to the configure call to make it find the LZO pieces) | |
83 | (6) LZ4 compression library | |
6fbf66fa JY |
84 | |
85 | OPTIONAL (for developers only): | |
c291c95f GD |
86 | (1) Autoconf 2.59 or higher |
87 | Automake 1.9 or higher | |
88 | Libtool | |
89 | Git | |
90 | (2) cmocka test framework (http://cmocka.org) | |
ebcd7549 | 91 | (3) If using t_client.sh test framework, fping/fping6 is needed |
ebcd7549 DS |
92 | Note: t_client.sh needs an external configured OpenVPN server. |
93 | See t_client.rc-sample for more info. | |
6fbf66fa JY |
94 | |
95 | ************************************************************************* | |
96 | ||
e4d60662 ABL |
97 | CHECK OUT SOURCE FROM SOURCE REPOSITORY: |
98 | ||
607a678d SS |
99 | Clone the repository: |
100 | ||
101 | git clone https://github.com/OpenVPN/openvpn | |
6099ab67 | 102 | git clone https://gitlab.com/OpenVPN/openvpn |
607a678d | 103 | git clone git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn |
cecc5e65 JY |
104 | |
105 | Check out stable version: | |
106 | ||
c291c95f | 107 | git checkout release/2.6 |
e4d60662 ABL |
108 | |
109 | Check out master (unstable) branch: | |
cecc5e65 | 110 | |
607a678d | 111 | git checkout master |
cecc5e65 | 112 | |
cecc5e65 JY |
113 | |
114 | ************************************************************************* | |
115 | ||
6fbf66fa JY |
116 | BUILD COMMANDS FROM TARBALL: |
117 | ||
118 | ./configure | |
119 | make | |
c291c95f | 120 | sudo make install |
6fbf66fa JY |
121 | |
122 | ************************************************************************* | |
123 | ||
e4d60662 | 124 | BUILD COMMANDS FROM SOURCE REPOSITORY CHECKOUT: |
6fbf66fa | 125 | |
e4d60662 | 126 | autoreconf -i -v -f |
6fbf66fa JY |
127 | ./configure |
128 | make | |
c291c95f | 129 | sudo make install |
6fbf66fa JY |
130 | |
131 | ************************************************************************* | |
132 | ||
e4d60662 | 133 | BUILD A TARBALL FROM SOURCE REPOSITORY CHECKOUT: |
6fbf66fa | 134 | |
e4d60662 | 135 | autoreconf -i -v -f |
6fbf66fa | 136 | ./configure |
6099ab67 | 137 | make distcheck |
6fbf66fa JY |
138 | |
139 | ************************************************************************* | |
140 | ||
607a678d | 141 | TESTS (after BUILD): |
6fbf66fa JY |
142 | |
143 | make check (Run all tests below) | |
144 | ||
145 | Test Crypto: | |
146 | ||
0d80b562 | 147 | ./openvpn --genkey secret key |
6fbf66fa JY |
148 | ./openvpn --test-crypto --secret key |
149 | ||
150 | Test SSL/TLS negotiations (runs for 2 minutes): | |
151 | ||
e4d60662 ABL |
152 | ./openvpn --config sample/sample-config-files/loopback-client (In one window) |
153 | ./openvpn --config sample/sample-config-files/loopback-server (Simultaneously in another window) | |
6fbf66fa | 154 | |
607a678d SS |
155 | For more thorough client-server tests you can configure your own, private test |
156 | environment. See tests/t_client.rc-sample for details. | |
157 | ||
222e6917 GD |
158 | To do the C unit tests, you need to have the "cmocka" test framework |
159 | installed on your system. More recent distributions already ship this | |
160 | as part of their packages/ports. If your system does not have it, | |
161 | you can install cmocka with these commands: | |
162 | ||
163 | $ git clone https://git.cryptomilk.org/projects/cmocka.git | |
164 | $ cd cmocka | |
165 | $ mkdir build | |
166 | $ cd build | |
167 | $ cmake -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_BUILD_TYPE=Debug .. | |
168 | $ make | |
169 | $ sudo make install | |
170 | ||
171 | ||
6fbf66fa JY |
172 | ************************************************************************* |
173 | ||
174 | OPTIONS for ./configure: | |
175 | ||
c291c95f | 176 | To get an overview of all the configure options, run "./configure --help" |
e4d60662 ABL |
177 | |
178 | ENVIRONMENT for ./configure: | |
179 | ||
c291c95f GD |
180 | For more fine-grained control on include + library paths for external |
181 | components etc., configure can be called with environment variables on | |
182 | the command line, e.g. | |
183 | ||
184 | ./configure OPENSSL_CFLAGS="-I/usr/local/include" ... | |
185 | ||
186 | these are also explained in "./configure --help", so not repeated here. | |
6fbf66fa JY |
187 | |
188 | ************************************************************************* | |
189 | ||
57ec6cec | 190 | Linux distribution packaging: |
6fbf66fa | 191 | |
57ec6cec DS |
192 | Each Linux distribution has their own way of doing packaging and their |
193 | own set of guidelines of how proper packaging should be done. It | |
194 | is therefore recommended to reach out to the Linux distributions you | |
195 | want to have OpenVPN packaged for directly. The OpenVPN project wants | |
196 | to focus more on the OpenVPN development and less on the packaging | |
197 | and how packaging is done in all various distributions. | |
6fbf66fa | 198 | |
57ec6cec | 199 | For more details: |
6fbf66fa | 200 | |
57ec6cec DS |
201 | * Arch Linux |
202 | https://www.archlinux.org/packages/?name=openvpn | |
6fbf66fa | 203 | |
57ec6cec DS |
204 | * Debian |
205 | https://packages.debian.org/search?keywords=openvpn&searchon=names | |
206 | https://tracker.debian.org/pkg/openvpn | |
6fbf66fa | 207 | |
57ec6cec DS |
208 | * Fedora / Fedora EPEL (Red Hat Enterprise Linux/CentOS/Scientific Linux) |
209 | https://apps.fedoraproject.org/packages/openvpn/overview/ | |
210 | https://src.fedoraproject.org/rpms/openvpn | |
6fbf66fa | 211 | |
57ec6cec DS |
212 | * Gentoo |
213 | https://packages.gentoo.org/packages/net-vpn/openvpn | |
214 | https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/openvpn | |
6fbf66fa | 215 | |
57ec6cec DS |
216 | * openSUSE |
217 | https://build.opensuse.org/package/show/network:vpn/openvpn | |
218 | ||
219 | * Ubuntu | |
220 | https://packages.ubuntu.com/search?keywords=openvpn | |
221 | ||
c291c95f GD |
222 | In addition, the OpenVPN community provides best-effort package |
223 | repositories for CentOS/Fedora, Debian and Ubuntu: | |
57ec6cec | 224 | https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos |
6fbf66fa JY |
225 | |
226 | ************************************************************************* | |
227 | ||
c291c95f | 228 | TUN/TAP Driver References: |
6fbf66fa | 229 | |
607a678d | 230 | * Linux 2.6 or higher (with integrated TUN/TAP driver): |
6fbf66fa | 231 | |
607a678d SS |
232 | (1) load driver: modprobe tun |
233 | (2) enable routing: echo 1 > /proc/sys/net/ipv4/ip_forward | |
6fbf66fa | 234 | |
607a678d SS |
235 | Note that (1) needs to be done once per reboot. If you install from RPM (see |
236 | above) and use the openvpn.init script, these steps are taken care of for you. | |
cbc0dada | 237 | |
607a678d | 238 | * FreeBSD: |
6fbf66fa JY |
239 | |
240 | FreeBSD ships with the TUN/TAP driver, and the device nodes for tap0, | |
241 | tap1, tap2, tap3, tun0, tun1, tun2 and tun3 are made by default. | |
6fbf66fa | 242 | |
c291c95f GD |
243 | On FreeBSD versions prior to 12.0-RELEASE, there were independent |
244 | TUN and TAP drivers, and the TAP driver needed to be loaded manually, | |
245 | using the command: | |
6fbf66fa | 246 | |
c291c95f | 247 | # kldload if_tap |
6fbf66fa | 248 | |
c291c95f | 249 | For recent FreeBSD versions, TUN/TAP are integrated and always loaded. |
6fbf66fa | 250 | |
c291c95f GD |
251 | FreeBSD 14 contains the ovpn(4) for kernel-level OpenVPN acceleration |
252 | (DCO) which will be used by OpenVPN 2.6 and up if available. | |
6fbf66fa JY |
253 | |
254 | * OpenBSD: | |
255 | ||
607a678d | 256 | OpenBSD has dynamically created tun* devices so you only need |
6fbf66fa JY |
257 | to create an empty /etc/hostname.tun0 (tun1, tun2 and so on) for each tun |
258 | you plan to use to create the device(s) at boot. | |
259 | ||
607a678d | 260 | * Solaris: |
6fbf66fa | 261 | |
607a678d | 262 | You need a TUN/TAP kernel driver for OpenVPN to work: |
6fbf66fa | 263 | |
607a678d | 264 | http://www.whiteboard.ne.jp/~admin2/tuntap/ |
6fbf66fa | 265 | |
3f0edd8a | 266 | * Windows |
6fbf66fa | 267 | |
607a678d SS |
268 | OpenVPN on Windows needs a TUN/TAP kernel driver to work. OpenVPN installers |
269 | include this driver, so installing it separately is not usually required. | |
6fbf66fa | 270 | |
aa3b7a32 LS |
271 | Starting from Windows 10 2004 / Windows Server 2022, OpenVPN can use the |
272 | dco-win driver for kernel-level acceleration for OpenVPN client setups. | |
273 | This driver is also included in the community-provided OpenVPN installers. | |
c291c95f | 274 | |
6fbf66fa JY |
275 | ************************************************************************* |
276 | ||
277 | CAVEATS & BUGS: | |
278 | ||
48490cd1 | 279 | * See the bug tracker on https://github.com/OpenVPN/openvpn/issues |
c291c95f GD |
280 | and the wiki on https://community.openvpn.net/wiki for more detailed |
281 | caveats on operating systems, and for open and resolved bug reports. | |
48490cd1 FL |
282 | * Note: We only recently switched to GitHub for reporting new issues, |
283 | old issues can be found at https://community.openvpn.net/openvpn/report |