Table of Contents
Latest OpenVPN releases are also available in the OpenVPN project's apt repositories. This allow you to use more up-to-date version of OpenVPN than what's typically available in your distribution's repositories. Please note that all commands listed below have to be run as root, e.g. using sudo or su.
Stable releases built from official releases are only available for Debian and Ubuntu. This is so for two reasons:
- Official Debian and Ubuntu repositories tend to have fairly old OpenVPN versions available
- There are fairly up-to-date versions of OpenVPN releases available in places such as RepoForge (previously RPMForge) for RedHat derivatives
All packages are available in i386 and amd64/x86_64 flavours. Even if a package is built on a particular OS, it does not mean it won't work on older and/or newer versions of the same distro, or even on a different operating system. If you encountered any issues with the package, please file a new bug report.
Adding swupdate.openvpn.net apt repository
We maintain several OpenVPN (OSS) software repositories. To setup the repositories you need to change to the root user. Typically this is done using sudo:
$ sudo -s
Then import the public GPG key that is used to sign the packages:
$ wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add -
Next you need to create a sources.list fragment (as root) so that apt can find the new OpenVPN packages:
$ echo "deb http://swupdate.openvpn.net/apt <osrelease> main" > /etc/apt/sources.list.d/swupdate.openvpn.net.list
Where <osrelease> depends your distribution:
- squeeze (Debian 6.x)
- wheezy (Debian 7.x)
- lucid (Ubuntu 10.04)
- precise (Ubuntu 12.04)
- trusty (Ubuntu 14.04)
$ echo "deb http://swupdate.openvpn.net/apt wheezy main" > /etc/apt/sources.list.d/swupdate.openvpn.net.list
Now you're set for installing OpenVPN. Note that packages built for older operating system releases might work just fine on newer release of the same operating system.
On Debian/Ubuntu use
$ apt-get update && apt-get install openvpn
Notes on expired keys
The original apt signing key expired on 4th Aug 2014, resulting in apt complaints when refreshing the package cache (e.g. apt-get update). To fix this remove the expired key from apt keychain:
$ apt-key del E158C569
Then add the new key using wget and apt-key as described above. Then verify that the new key is in the keychain:
$ apt-key list --- snip --- /etc/apt/trusted.gpg -------------------- pub 2048R/E158C569 2011-08-03 [expires: 2017-08-04] uid Samuli Seppänen (OpenVPN Technologies, Inc) <firstname.lastname@example.org> sub 2048R/F5699905 2011-08-03 [expires: 2017-08-04] --- snip ---
Notes on old apt/yum repositories
The current incarnation of OpenVPN apt repositories is the third one. The first repositories were hosted on build.openvpn.net and the second ones on repos.openvpn.net, a now discontinued server. The apt lines for the latter still work, but new OpenVPN releases (2.3.3 and later) will only be added to current swupdate.openvpn.net repos. Unfortunately due to the complete restructuring of the apt repository structure it is not possible to cleanly migrate from the repos.openvpn.net-based configuration to the swupdate.openvpn.net configuration.