1 Installation instructions for OpenVPN, a Secure Tunneling Daemon
3 Copyright (C) 2002-2022 OpenVPN Inc. This program is free software;
4 you can redistribute it and/or modify
5 it under the terms of the GNU General Public License version 2
6 as published by the Free Software Foundation.
8 *************************************************************************
13 ./configure && make && make install
15 *************************************************************************
17 To download OpenVPN source code of releases, go to:
19 https://openvpn.net/community-downloads/
21 OpenVPN releases are also available as Debian/RPM packages:
23 https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
25 OpenVPN development versions can be found here:
27 https://github.com/OpenVPN/openvpn
28 https://gitlab.com/OpenVPN/openvpn
29 https://sourceforge.net/p/openvpn/openvpn/ci/master/tree/
31 They should all be in sync at any time.
33 To download easy-rsa go to:
35 https://github.com/OpenVPN/easy-rsa
37 To download tap-windows (NDIS 6) driver source code go to:
39 https://github.com/OpenVPN/tap-windows6
41 To download ovpn-dco Windows driver source code go to:
43 https://github.com/OpenVPN/ovpn-dco-win
45 To get the cross-compilation environment go to:
47 https://github.com/OpenVPN/openvpn-build
49 For step-by-step instructions with real-world examples see:
51 https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
52 https://community.openvpn.net/openvpn/wiki
53 https://openvpn.net/community-resources/
55 Also see the man page for more information.
57 *************************************************************************
59 For a list of supported platforms and architectures, and for
60 instructions how to port OpenVPN to a yet-unsupported architecture,
63 *************************************************************************
66 (1) TUN and/or TAP driver to allow user-space programs to control
67 a virtual point-to-point IP or Ethernet device.
68 See TUN/TAP Driver References section below for more info.
69 (2a) OpenSSL library, necessary for encryption, version 1.0.2 or higher
70 required, available from http://www.openssl.org/
72 (2b) mbed TLS library, an alternative for encryption, version 2.0 or higher
73 required, available from https://tls.mbed.org/
74 (3) on Linux, "libnl-gen" is required for kernel netlink support
75 (4) on Linux, "libcap-ng" is required for Linux capability handling
78 (5) LZO real-time compression library, required for link compression,
79 available from http://www.oberhumer.com/opensource/lzo/
80 (most supported operating systems have LZO in their installable
81 packages repository. It might be necessary to add LZO_CFLAGS=
82 and LZO_LIBS= to the configure call to make it find the LZO pieces)
83 (6) LZ4 compression library
85 OPTIONAL (for developers only):
86 (1) Autoconf 2.59 or higher
87 Automake 1.9 or higher
90 (2) cmocka test framework (http://cmocka.org)
91 (3) If using t_client.sh test framework, fping/fping6 is needed
92 Note: t_client.sh needs an external configured OpenVPN server.
93 See t_client.rc-sample for more info.
95 *************************************************************************
97 CHECK OUT SOURCE FROM SOURCE REPOSITORY:
101 git clone https://github.com/OpenVPN/openvpn
102 git clone https://gitlab.com/OpenVPN/openvpn
103 git clone git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn
105 Check out stable version:
107 git checkout release/2.6
109 Check out master (unstable) branch:
114 *************************************************************************
116 BUILD COMMANDS FROM TARBALL:
122 *************************************************************************
124 BUILD COMMANDS FROM SOURCE REPOSITORY CHECKOUT:
131 *************************************************************************
133 BUILD A TARBALL FROM SOURCE REPOSITORY CHECKOUT:
139 *************************************************************************
143 make check (Run all tests below)
147 ./openvpn --genkey secret key
148 ./openvpn --test-crypto --secret key
150 Test SSL/TLS negotiations (runs for 2 minutes):
152 ./openvpn --config sample/sample-config-files/loopback-client (In one window)
153 ./openvpn --config sample/sample-config-files/loopback-server (Simultaneously in another window)
155 For more thorough client-server tests you can configure your own, private test
156 environment. See tests/t_client.rc-sample for details.
158 To do the C unit tests, you need to have the "cmocka" test framework
159 installed on your system. More recent distributions already ship this
160 as part of their packages/ports. If your system does not have it,
161 you can install cmocka with these commands:
163 $ git clone https://git.cryptomilk.org/projects/cmocka.git
167 $ cmake -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_BUILD_TYPE=Debug ..
172 *************************************************************************
174 OPTIONS for ./configure:
176 To get an overview of all the configure options, run "./configure --help"
178 ENVIRONMENT for ./configure:
180 For more fine-grained control on include + library paths for external
181 components etc., configure can be called with environment variables on
182 the command line, e.g.
184 ./configure OPENSSL_CFLAGS="-I/usr/local/include" ...
186 these are also explained in "./configure --help", so not repeated here.
188 *************************************************************************
190 Linux distribution packaging:
192 Each Linux distribution has their own way of doing packaging and their
193 own set of guidelines of how proper packaging should be done. It
194 is therefore recommended to reach out to the Linux distributions you
195 want to have OpenVPN packaged for directly. The OpenVPN project wants
196 to focus more on the OpenVPN development and less on the packaging
197 and how packaging is done in all various distributions.
202 https://www.archlinux.org/packages/?name=openvpn
205 https://packages.debian.org/search?keywords=openvpn&searchon=names
206 https://tracker.debian.org/pkg/openvpn
208 * Fedora / Fedora EPEL (Red Hat Enterprise Linux/CentOS/Scientific Linux)
209 https://apps.fedoraproject.org/packages/openvpn/overview/
210 https://src.fedoraproject.org/rpms/openvpn
213 https://packages.gentoo.org/packages/net-vpn/openvpn
214 https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/openvpn
217 https://build.opensuse.org/package/show/network:vpn/openvpn
220 https://packages.ubuntu.com/search?keywords=openvpn
222 In addition, the OpenVPN community provides best-effort package
223 repositories for CentOS/Fedora, Debian and Ubuntu:
224 https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
226 *************************************************************************
228 TUN/TAP Driver References:
230 * Linux 2.6 or higher (with integrated TUN/TAP driver):
232 (1) load driver: modprobe tun
233 (2) enable routing: echo 1 > /proc/sys/net/ipv4/ip_forward
235 Note that (1) needs to be done once per reboot. If you install from RPM (see
236 above) and use the openvpn.init script, these steps are taken care of for you.
240 FreeBSD ships with the TUN/TAP driver, and the device nodes for tap0,
241 tap1, tap2, tap3, tun0, tun1, tun2 and tun3 are made by default.
243 On FreeBSD versions prior to 12.0-RELEASE, there were independent
244 TUN and TAP drivers, and the TAP driver needed to be loaded manually,
249 For recent FreeBSD versions, TUN/TAP are integrated and always loaded.
251 FreeBSD 14 contains the ovpn(4) for kernel-level OpenVPN acceleration
252 (DCO) which will be used by OpenVPN 2.6 and up if available.
256 OpenBSD has dynamically created tun* devices so you only need
257 to create an empty /etc/hostname.tun0 (tun1, tun2 and so on) for each tun
258 you plan to use to create the device(s) at boot.
262 You need a TUN/TAP kernel driver for OpenVPN to work:
264 http://www.whiteboard.ne.jp/~admin2/tuntap/
268 OpenVPN on Windows needs a TUN/TAP kernel driver to work. OpenVPN installers
269 include this driver, so installing it separately is not usually required.
271 Starting from Windows 10 2004 / Windows Server 2022, OpenVPN can use the
272 dco-win driver for kernel-level acceleration for OpenVPN client setups.
273 This driver is also included in the community-provided OpenVPN installers.
275 *************************************************************************
279 * See the bug tracker on https://github.com/OpenVPN/openvpn/issues
280 and the wiki on https://community.openvpn.net/wiki for more detailed
281 caveats on operating systems, and for open and resolved bug reports.
282 * Note: We only recently switched to GitHub for reporting new issues,
283 old issues can be found at https://community.openvpn.net/openvpn/report