Version 19 (modified by 12 years ago) (diff) | ,
---|
Table of Contents
Introduction
Starting with OpenVPN 2.3-alpha2 the OpenVPN buildsystem has been separated from the OpenVPN codebase and hosted in a separate Git repository. The following description is adapted from here:
- openvpn: a standard open source project, autotools-based build system and like any other project it's buildsystem only builds itself.
- openvpn-build: a separate project to build openvpn in various of configurations. This project is divided into the following components:
- generic: a generic build using cross compiler, included the complete dependencies.
- msvc: a MSVC build using Microsoft specific msbuild system.
- windows-nsis: the Windows installer generator that uses the generic component to build using mingw cross compiler, then package the output using NSIS.
- tap-driver: the Windows TAP driver, which is also useful outside OpenVPN
NOTE: The original contents of this article were adapted from a number of Alon Bar-Lev's emails, who is the buildsystem's original author.
Building natively on *NIX
Building natively on *NIX has not changed much, you can still use roughly the same process as before. If building from Git sources, first do a
$ autoreconf -vi
If building from a release tarball, you can skip the above step. To configure, build and install OpenVPN, use these commands:
$ ./configure <configure-options> $ make $ make install
In most cases, you'd use something like this:
$ ./configure --enable-lzo --enable-pkcs11 $ make $ make install
Cross-compiling on *NIX ("generic" buildsystem)
Installing prequisites
You can use the generic buildsystem from openvpn-build subproject to cross-compile OpenVPN using any toolchain to any target environment. The build host must have a *NIX-like environment, e.g. Linux, *BSD or Cygwin (on Windows). First make sure you have installed the correct tools before you start:
- mingw-w64 (for building Windows binaries)
- gcc-*-arm-linux-gnueabi (for building Arm binaries)
If you're building using Cygwin on Windows, it's best to configure Git not to translate LF to CR/LF. For this reason it's probably best to use Cygwin's Git. Also take a look at Cygwin's README to see which packages are required.
Checking out the generic buildsystem code
Check out the openvpn-build subproject using Git:
$ git clone https://github.com/alonbl/openvpn-build.git
Customizing the build
To customize the build options, edit generic/build.vars to your liking. If you want to use your own sources (e.g. for OpenSSL or OpenVPN), put them in sources directory, so that the generic buildsystem knows how to get them and won't download the dependencies from a remote site. The cached tarballs will be used even if they're of a different version than what would be downloaded.
Building OpenVPN and it's dependencies
The ./build command fetches all the dependencies, builds them and builds OpenVPN. To build a native binary:
$ IMAGEROOT=`pwd`/image-native ./build
To build for Windows 32bit on Linux 64bit:
$ IMAGEROOT=`pwd`/image-win32 CHOST=i686-w64-mingw32 \ CBUILD=x86_64-pc-linux-gnu ./build
To build for Windows 64bit on Linux 64bit:
$ IMAGEROOT=`pwd`/image-win64 CHOST=x86_64-w64-mingw32 \ CBUILD=x86_64-pc-linux-gnu ./build
To build for Arm on Linux 64bit:
$ IMAGEROOT=`pwd`/image-arm CHOST=arm-linux-gnueabi \ CBUILD=x86_64-pc-linux-gnu ./build
For typical OpenVPN installations you'll most likely want to use something like this:
$ DEP=location of the dependencies $ ./configure host=... \ CFLAGS="-I$DEP/include" LDFLAGS="-L$DEB/lib" \ --enable-lzo --enable-pkcs11 \ PKCS11_HELPER_CFLAGS=" " PKCS11_HELPER_LIBS="-lpkcs11-helper"
Building dependencies only
To build only dependencies (helpful for developers):
$ DO_ONLY_DEPS=1 IMAGEROOT=`pwd`/deps-win32 CHOST=i686-w64-mingw32 \ CBUILD=x86_64-pc-linux-gnu ./build
MSVC build method
MSVC build was written with least dependencies in mind. You'll need only Perl and Visual Studio 2010.
First clone the openvpn-build repository, e.g. using Git Bash:
$ git clone https://github.com/alonbl/openvpn-build.git
Then at command prompt:
> cd openvpn-build\msvc > build
This fetches all the dependencies, builds them and builds OpenVPN.
To build only dependencies (helpful for developers):
> set DO_ONLY_DEPS=true > set TARGET=%cd%\deps > build
At OpenVPN source root, create a file msvc-env-local.bat with:
set OPENVPN_DEPROOT=location of the dependencies
If you want, you can customize the location of dependencies by creating a new file, build-env-local.bat which sets the variables you need, e.g.
set OPENVPN_DEPROOT=c:\Users\JohnDoe\openvpn-build\build-deps set OPENSSL_HOME=%OPENVPN_DEPROOT%\openssl-1.0.0g set LZO_HOME=%OPENVPN_DEPROOT%\lzo-2.06 set PKCS11H_HOME=%OPENVPN_DEPROOT%\pkcs11-helper-1.10 set TAP_WINDOWS_HOME=%OPENVPN_DEPROOT%\tap-windows-9.9
This file gets sourced by build-env.bat. You can also switch from fetching an OpenVPN tarball by adding something like this:
set OPENVPN_GIT=git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn.git set OPENVPN_SOURCE=git set OPENVPN_BRANCH=master
You can also launch Visual Studio with
> msvc-dev
Creating a NSIS installer
You can use the buildsystem to create the NSIS installer for Windows, it uses the generic build system then create the installer, and osslsigncode if you would like to sign binaries.
NSIS must be available on system. If installed not in path or standard location set MAKENSIS environment variable. Same goes for OSSLSIGNCODE.
The process is as follows:
$ git clone https://github.com/alonbl/openvpn-build.git $ cd openvpn-build/windows-nsis $ ./build-complete
Refer to ./build-complete --help for more options.
NOTE: If makensis is not in path, set MAKENSIS environment to point to it.
NOTE: To make sure fresh tarballs are used, empty ../generic/sources directory before building.
TAP-Windows
Required software: Recent Windows DDK, NSIS.
First clone the openvpn-build repository, e.g. using Git Bash:
$ git clone https://github.com/alonbl/tap-windows
Then build:
> configure > build
Customization can be done using config-local.m4 file which overrides variables, and environment variables which override auto detection code, for example DDK to specify DDK location, see configure --help.
External links
Alon's Git repositories
- https://github.com/alonbl/openvpn
- https://github.com/alonbl/openvpn-build
- https://github.com/alonbl/tap-windows
- https://github.com/alonbl/easy-rsa
Installers and files
Attachments (1)
-
spc+pvk-to-p12.sh (592 bytes) - added by 12 years ago.
Script from Alon Bar-Lev to convert .spc + .pvk files into a pkcs12 keystore
Download all attachments as: .zip