[[TOC(inline, depth=1)]] = Project structure = Starting with OpenVPN 2.3-alpha2 the OpenVPN buildsystem has been separated from the OpenVPN codebase and hosted in a separate Git repository. The following description is adapted from [http://thread.gmane.org/gmane.network.openvpn.devel/6280/focus=6297 here]: * ''openvpn'': a standard open source project, autotools-based build system and like any other project it's buildsystem only builds itself. * ''openvpn-build'': a separate project to build openvpn in various of configurations. This project is divided into the following components: * ''generic'': a generic build using cross compiler, included the complete dependencies. * ''msvc'': a MSVC build using Microsoft specific ''msbuild'' system. * ''windows-nsis'': the Windows installer generator that uses the generic component to build using mingw cross compiler, then package the output using NSIS. * ''tap-windows'': the Windows TAP driver, which is also useful outside OpenVPN '''NOTE:''' The original contents of this article were adapted from a number of Alon Bar-Lev's emails, who is the buildsystem's original author. = Building natively on *NIX = Building natively on *NIX has not changed much, you can still use roughly the same process as before. If building from Git sources, first do a {{{ $ autoreconf -vi }}} If building from a release tarball, you can skip the above step. To configure, build and install OpenVPN, use these commands: {{{ $ ./configure $ make $ make install }}} In most cases, you'd use something like this: {{{ $ ./configure --enable-lzo }}} If you're using password authentication, you may be interested in support for password stored in (properly protected!) files: {{{ $ ./configure --enable-lzo --enable-password-save }}} Or, if you want to use smart cards and such, you should use {{{ $ ./configure --enable-lzo --enable-pkcs11 }}} = Cross-compiling on *NIX ("generic" buildsystem) = == Installing prequisites == You can use the ''generic'' buildsystem from ''openvpn-build'' subproject to cross-compile OpenVPN using any toolchain to any target environment. The build host must have a *NIX-like environment, e.g. Linux, *BSD or Cygwin (on Windows). First make sure you have installed the correct tools before you start: * [http://mingw-w64.sourceforge.net/ mingw-w64] (for building Windows binaries) * gcc-*-arm-linux-gnueabi (for building Arm binaries) If you're building using Cygwin on Windows, it's best to configure Git not to translate LF to CR/LF. For this reason it's probably best to use Cygwin's Git. Also take a look at Cygwin's README to see which packages are required. == Checking out openvpn-build repository == Check out the ''openvpn-build'' subproject using Git: {{{ $ git clone https://github.com/alonbl/openvpn-build.git }}} Then go to the ''generic'' directory: {{{ $ cd openvpn-build/generic }}} == Customizing the build == To customize the build options, edit ''build.vars'' to your liking, for example: {{{ # -*- mode: sh; -*- BUILD_VERSION="001" OPENSSL_VERSION="${OPENSSL_VERSION:-1.0.0e}" PKCS11_HELPER_VERSION="${PKCS11_HELPER_VERSION:-1.09}" LZO_VERSION="${LZO_VERSION:-2.06}" TAP_WINDOWS_VERSION="${TAP_WINDOWS_VERSION:-9.9}" OPENVPN_VERSION="${OPENVPN_VERSION:-2.3_alpha1}" OPENVPN_GUI_VERSION="${OPENVPN_GUI_VERSION:-1.0.3}" # Formatted for Trac, place each to one line OPENSSL_URL="${OPENSSL_URL:- http://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz}" PKCS11_HELPER_URL="${PKCS11_HELPER_URL:- http://www.opensc-project.org/files/pkcs11-helper/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2}" TAP_WINDOWS_URL="${TAP_WINDOWS_URL:- https://github.com/downloads/alonbl/tap-windows/tap-windows-${TAP_WINDOWS_VERSION}.zip}" LZO_URL="${LZO_URL:- http://www.oberhumer.com/opensource/lzo/download/lzo-${LZO_VERSION}.tar.gz}" OPENVPN_URL="${OPENVPN_URL:- http://build.openvpn.net/downloads/snapshots/openvpn-${OPENVPN_VERSION}.tar.gz}" OPENVPN_GUI_URL="${OPENVPN_GUI_URL:- https://github.com/downloads/alonbl/openvpn-gui/openvpn-gui-${OPENVPN_GUI_VERSION}.tar.gz}" #CHOST #CTARGET #CBUILD #IMAGEROOT #BUILDROOT #SOURCESROOT WGET="${WGET:-wget}" CURL="${CURL:-curl}" MAKE="${MAKE:-make}" #WGET_OPTS CURL_OPTS="${CURL_OPTS:---progress-bar --verbose --remote-name}" MAKEOPTS="${MAKEOPTS:--j3}" #DO_NO_STRIP #DO_STATIC= if [ -n "${DO_REALLY_STATIC}" ]; then DO_STATIC=1 export LDFLAGS="-Xcompiler -static" fi #EXTRA_OPENSSL_CONFIG #EXTRA_LZO_CONFIG #EXTRA_PKCS11_HELPER_CONFIG #EXTRA_OPENVPN_CONFIG TARGET_ROOT="${TARGET_ROOT:-/}" }}} If you want to use your own, local sources (e.g. for OpenSSL or OpenVPN), put them in ''sources'' directory, so that the ''generic'' buildsystem knows not to download them from a remote site. The cached tarballs will be used even if they're of a different version than what would be downloaded. == Building OpenVPN and it's dependencies == The ''./build'' command fetches all the dependencies, builds them and builds OpenVPN. To build a native binary: {{{ $ IMAGEROOT=`pwd`/image-native ./build }}} To build for Windows 32bit on Linux 64bit: {{{ $ IMAGEROOT=`pwd`/image-win32 CHOST=i686-w64-mingw32 \ CBUILD=x86_64-pc-linux-gnu ./build }}} To build for Windows 64bit on Linux 64bit: {{{ $ IMAGEROOT=`pwd`/image-win64 CHOST=x86_64-w64-mingw32 \ CBUILD=x86_64-pc-linux-gnu ./build }}} To build for Arm on Linux 64bit: {{{ $ IMAGEROOT=`pwd`/image-arm CHOST=arm-linux-gnueabi \ CBUILD=x86_64-pc-linux-gnu ./build }}} For typical OpenVPN installations you'll most likely want to use something like this: {{{ $ DEP=location of the dependencies $ ./configure host=... \ CFLAGS="-I$DEP/include" LDFLAGS="-L$DEB/lib" \ --enable-lzo --enable-pkcs11 \ PKCS11_HELPER_CFLAGS=" " PKCS11_HELPER_LIBS="-lpkcs11-helper" }}} == Building dependencies only == To build only dependencies (helpful for developers): {{{ $ DO_ONLY_DEPS=1 IMAGEROOT=`pwd`/deps-win32 CHOST=i686-w64-mingw32 \ CBUILD=x86_64-pc-linux-gnu ./build }}} == Cleaning up == If you want to start from scratch, do {{{ $ cd openvpn-build/generic $ rm -f sources/* $ rm -rf image-* }}} = Building natively on Windows using the MSVC toolchain ("msvc" buildsystem) = == Installing prequisites == MSVC build was written with least dependencies in mind. You'll need only [http://www.activestate.com/activeperl Perl] and Visual Studio 2010. == Checking out openvpn-build repository == Launch a Git Bash and follow [wiki:BuildingUsingGenericBuildsystem#Checkingoutopenvpn-buildrepository these] instructions. Next go to the ''msvc'' directory using a Visual Studio prompt: {{{ > cd openvpn-build/msvc }}} == Customizing the build == The MSVC builds can be customized by creating a new file, ''build-env-local.bat'' which is loaded by ''build.bat''. The variables defined in ''build-env-local.bat'' override the defaults given in ''build-env.bat''. For example, you can manually define the location of dependencies: {{{ set OPENVPN_DEPROOT=c:\Users\JohnDoe\openvpn-build\build-deps set OPENSSL_HOME=%OPENVPN_DEPROOT%\openssl-1.0.0g set LZO_HOME=%OPENVPN_DEPROOT%\lzo-2.06 set PKCS11H_HOME=%OPENVPN_DEPROOT%\pkcs11-helper-1.10 set TAP_WINDOWS_HOME=%OPENVPN_DEPROOT%\tap-windows-9.9 }}} You can also configure the build to use a Git repository or tarball of your liking, for example: {{{ set OPENVPN_GIT=git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn.git set OPENVPN_SOURCE=git set OPENVPN_BRANCH=master }}} == Building OpenVPN and it's dependencies == Normally you'd only need one command: {{{ > build }}} This fetches all the dependencies, builds them and builds OpenVPN. == Building dependencies only == To build only dependencies (helpful for developers): {{{ > set DO_ONLY_DEPS=true > set TARGET=%cd%\deps > build }}} == Other capabilities == You can also launch Visual Studio with {{{ > msvc-dev }}} = Creating a NSIS installer = You can use the buildsystem to create the [http://nsis.sourceforge.net NSIS] installer for Windows, it uses the generic build system then create the installer, and [http://sourceforge.net/projects/osslsigncode osslsigncode] if you would like to sign binaries. NSIS must be available on system. If installed not in path or standard location set MAKENSIS environment variable. Same goes for OSSLSIGNCODE. First check out ''openvpn-build'' as described [wiki:BuildingUsingGenericBuildsystem#Checkingoutopenvpn-buildrepository here]. Then do the following: {{{ $ cd openvpn-build/windows-nsis $ ./build-complete }}} Refer to ./build-complete --help for more options. '''NOTE:''' To make sure fresh tarballs are used, empty ../generic/sources directory before building. = TAP-Windows = Required software: Recent Windows DDK, [http://nsis.sourceforge.net NSIS]. First clone the ''tap-windows'' repository, e.g. using ''Git Bash'': {{{ $ git clone https://github.com/alonbl/tap-windows }}} Then build (using a Visual Studio prompt?): {{{ > configure > build }}} Customization can be done using ''config-local.m4'' file which overrides variables, and environment variables which override auto detection code, for example DDK to specify DDK location, see {{{ > configure --help }}} = External links = '''Alon's Git repositories''' * https://github.com/alonbl/openvpn * https://github.com/alonbl/openvpn-build * https://github.com/alonbl/tap-windows * https://github.com/alonbl/easy-rsa '''Installers and files''' * [https://github.com/downloads/alonbl/openvpn/openvpn-install-2.3-alpha1-I000.exe OpenVPN 2.3-alpha1 Windows installer build using this new buildsyste] * [https://github.com/downloads/alonbl/openvpn/openvpn-2.3-alpha1.tar.gz OpenVPN 2.3-alpha1 source directory with integrated buildsystem]