Version 23 (modified by 12 years ago) (diff) | ,
---|
Table of Contents
Project structure
Starting with OpenVPN 2.3-alpha2 the OpenVPN buildsystem has been separated from the OpenVPN codebase and hosted in a separate Git repository. The following description is adapted from here:
- openvpn: a standard open source project, autotools-based build system and like any other project it's buildsystem only builds itself.
- openvpn-build: a separate project to build openvpn in various of configurations. This project is divided into the following components:
- generic: a generic build using cross compiler, included the complete dependencies.
- msvc: a MSVC build using Microsoft specific msbuild system.
- windows-nsis: the Windows installer generator that uses the generic component to build using mingw cross compiler, then package the output using NSIS.
- tap-windows: the Windows TAP driver, which is also useful outside OpenVPN
NOTE: The original contents of this article were adapted from a number of Alon Bar-Lev's emails, who is the buildsystem's original author.
Building natively on *NIX
Building natively on *NIX has not changed much, you can still use roughly the same process as before. If building from Git sources, first do a
$ autoreconf -vi
If building from a release tarball, you can skip the above step. To configure, build and install OpenVPN, use these commands:
$ ./configure <configure-options> $ make $ make install
In most cases, you'd use something like this:
$ ./configure --enable-lzo
If you're using password authentication, you may be interested in support for password stored in (properly protected!) files:
$ ./configure --enable-lzo --enable-password-save
Or, if you want to use smart cards and such, you should use
$ ./configure --enable-lzo --enable-pkcs11
Cross-compiling on *NIX ("generic" buildsystem)
Installing prequisites
You can use the generic buildsystem from openvpn-build subproject to cross-compile OpenVPN using any toolchain to any target environment. The build host must have a *NIX-like environment, e.g. Linux, *BSD or Cygwin (on Windows). First make sure you have installed the correct tools before you start:
- mingw-w64 (for building Windows binaries)
- gcc-*-arm-linux-gnueabi (for building Arm binaries)
If you're building using Cygwin on Windows, it's best to configure Git not to translate LF to CR/LF. For this reason it's probably best to use Cygwin's Git. Also take a look at Cygwin's README to see which packages are required.
Checking out openvpn-build repository
Check out the openvpn-build subproject using Git:
$ git clone https://github.com/alonbl/openvpn-build.git
Then go to the generic directory:
$ cd openvpn-build/generic
Customizing the build
To customize the build options, edit build.vars to your liking, for example:
# -*- mode: sh; -*- BUILD_VERSION="001" OPENSSL_VERSION="${OPENSSL_VERSION:-1.0.0e}" PKCS11_HELPER_VERSION="${PKCS11_HELPER_VERSION:-1.09}" LZO_VERSION="${LZO_VERSION:-2.06}" TAP_WINDOWS_VERSION="${TAP_WINDOWS_VERSION:-9.9}" OPENVPN_VERSION="${OPENVPN_VERSION:-2.3_alpha1}" OPENVPN_GUI_VERSION="${OPENVPN_GUI_VERSION:-1.0.3}" # Formatted for Trac, place each to one line OPENSSL_URL="${OPENSSL_URL:- http://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz}" PKCS11_HELPER_URL="${PKCS11_HELPER_URL:- http://www.opensc-project.org/files/pkcs11-helper/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2}" TAP_WINDOWS_URL="${TAP_WINDOWS_URL:- https://github.com/downloads/alonbl/tap-windows/tap-windows-${TAP_WINDOWS_VERSION}.zip}" LZO_URL="${LZO_URL:- http://www.oberhumer.com/opensource/lzo/download/lzo-${LZO_VERSION}.tar.gz}" OPENVPN_URL="${OPENVPN_URL:- http://build.openvpn.net/downloads/snapshots/openvpn-${OPENVPN_VERSION}.tar.gz}" OPENVPN_GUI_URL="${OPENVPN_GUI_URL:- https://github.com/downloads/alonbl/openvpn-gui/openvpn-gui-${OPENVPN_GUI_VERSION}.tar.gz}" #CHOST #CTARGET #CBUILD #IMAGEROOT #BUILDROOT #SOURCESROOT WGET="${WGET:-wget}" CURL="${CURL:-curl}" MAKE="${MAKE:-make}" #WGET_OPTS CURL_OPTS="${CURL_OPTS:---progress-bar --verbose --remote-name}" MAKEOPTS="${MAKEOPTS:--j3}" #DO_NO_STRIP #DO_STATIC= if [ -n "${DO_REALLY_STATIC}" ]; then DO_STATIC=1 export LDFLAGS="-Xcompiler -static" fi #EXTRA_OPENSSL_CONFIG #EXTRA_LZO_CONFIG #EXTRA_PKCS11_HELPER_CONFIG #EXTRA_OPENVPN_CONFIG TARGET_ROOT="${TARGET_ROOT:-/}"
If you want to use your own, local sources (e.g. for OpenSSL or OpenVPN), put them in sources directory, so that the generic buildsystem knows not to download them from a remote site. The cached tarballs will be used even if they're of a different version than what would be downloaded.
Building OpenVPN and it's dependencies
The ./build command fetches all the dependencies, builds them and builds OpenVPN. To build a native binary:
$ IMAGEROOT=`pwd`/image-native ./build
To build for Windows 32bit on Linux 64bit:
$ IMAGEROOT=`pwd`/image-win32 CHOST=i686-w64-mingw32 \ CBUILD=x86_64-pc-linux-gnu ./build
To build for Windows 64bit on Linux 64bit:
$ IMAGEROOT=`pwd`/image-win64 CHOST=x86_64-w64-mingw32 \ CBUILD=x86_64-pc-linux-gnu ./build
To build for Arm on Linux 64bit:
$ IMAGEROOT=`pwd`/image-arm CHOST=arm-linux-gnueabi \ CBUILD=x86_64-pc-linux-gnu ./build
For typical OpenVPN installations you'll most likely want to use something like this:
$ DEP=location of the dependencies $ ./configure host=... \ CFLAGS="-I$DEP/include" LDFLAGS="-L$DEB/lib" \ --enable-lzo --enable-pkcs11 \ PKCS11_HELPER_CFLAGS=" " PKCS11_HELPER_LIBS="-lpkcs11-helper"
Building dependencies only
To build only dependencies (helpful for developers):
$ DO_ONLY_DEPS=1 IMAGEROOT=`pwd`/deps-win32 CHOST=i686-w64-mingw32 \ CBUILD=x86_64-pc-linux-gnu ./build
Building natively on Windows using the MSVC toolchain ("msvc" buildsystem)
Installing prequisites
MSVC build was written with least dependencies in mind. You'll need only Perl and Visual Studio 2010.
Checking out openvpn-build repository
Launch a Git Bash and follow these instructions. Next go to the msvc directory using a Visual Studio prompt:
> cd openvpn-build/msvc
Customizing the build
The MSVC builds can be customized by creating a new file, build-env-local.bat which is loaded by build.bat. The variables defined in build-env-local.bat override the defaults given in build-env.bat. For example, you can manually define the location of dependencies:
set OPENVPN_DEPROOT=c:\Users\JohnDoe\openvpn-build\build-deps set OPENSSL_HOME=%OPENVPN_DEPROOT%\openssl-1.0.0g set LZO_HOME=%OPENVPN_DEPROOT%\lzo-2.06 set PKCS11H_HOME=%OPENVPN_DEPROOT%\pkcs11-helper-1.10 set TAP_WINDOWS_HOME=%OPENVPN_DEPROOT%\tap-windows-9.9
You can also configure the build to use a Git repository or tarball of your liking, for example:
set OPENVPN_GIT=git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn.git set OPENVPN_SOURCE=git set OPENVPN_BRANCH=master
Building OpenVPN and it's dependencies
Normally you'd only need one command:
> build
This fetches all the dependencies, builds them and builds OpenVPN.
Building dependencies only
To build only dependencies (helpful for developers):
> set DO_ONLY_DEPS=true > set TARGET=%cd%\deps > build
Other capabilities
You can also launch Visual Studio with
> msvc-dev
Creating a NSIS installer
You can use the buildsystem to create the NSIS installer for Windows, it uses the generic build system then create the installer, and osslsigncode if you would like to sign binaries.
NSIS must be available on system. If installed not in path or standard location set MAKENSIS environment variable. Same goes for OSSLSIGNCODE.
First check out openvpn-build as described here. Then do the following:
$ cd openvpn-build/windows-nsis $ ./build-complete
Refer to ./build-complete --help for more options.
NOTE: To make sure fresh tarballs are used, empty ../generic/sources directory before building.
TAP-Windows
Required software: Recent Windows DDK, NSIS.
First clone the tap-windows repository, e.g. using Git Bash:
$ git clone https://github.com/alonbl/tap-windows
Then build (using a Visual Studio prompt?):
> configure > build
Customization can be done using config-local.m4 file which overrides variables, and environment variables which override auto detection code, for example DDK to specify DDK location, see
> configure --help
External links
Alon's Git repositories
- https://github.com/alonbl/openvpn
- https://github.com/alonbl/openvpn-build
- https://github.com/alonbl/tap-windows
- https://github.com/alonbl/easy-rsa
Installers and files
Attachments (1)
-
spc+pvk-to-p12.sh (592 bytes) - added by 12 years ago.
Script from Alon Bar-Lev to convert .spc + .pvk files into a pkcs12 keystore
Download all attachments as: .zip