wiki:OpenvpnSoftwareRepos

Version 20 (modified by Samuli Seppänen, 9 years ago) (diff)

--

Table of Contents

  1. Introduction
  2. Using swupdate.openvpn.net
  3. Installing OpenVPN
  4. Notes on expired keys
  5. Notes on old apt/yum repositories

Introduction

Latest OpenVPN releases are also available in the OpenVPN project's apt repositories. This allow you to use more up-to-date version of OpenVPN than what's typically available in your distribution's repositories. Please note that all commands listed below have to be run as root, e.g. using sudo or su.

Stable releases built from official releases are only available for Debian and Ubuntu. This is so for two reasons:

  • Official Debian and Ubuntu repositories tend to have fairly old OpenVPN versions available
  • There are fairly up-to-date versions of OpenVPN releases available in places such as RepoForge (previously RPMForge) for RedHat derivatives

All packages are available in i386 and amd64/x86_64 flavours. Even if a package is built on a particular OS, it does not mean it won't work on older and/or newer versions of the same distro, or even on a different operating system. If you encountered any issues with the package, please file a new bug report.

Using swupdate.openvpn.net

We have several supported OpenVPN (OSS) repositories. To use them, first import the public GPG key used to sign the packages: 

$ wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add -

Next you need to create a source.list fragment (as root) so that apt can find the new OpenVPN packages: 

$ echo "deb http://swupdate.openvpn.net/apt <osrelease> main" > /etc/apt/sources.list.d/swupdate.openvpn.net.list

Where <osrelease> depends your distribution:

  • squeeze (Debian 6.x)
  • wheezy (Debian 7.x)
  • lucid (Ubuntu 10.04)
  • precise (Ubuntu 12.04)
  • trusty (Ubuntu 14.04)

For example: 

$ echo "deb http://swupdate.openvpn.net/apt wheezy main" > /etc/apt/sources.list.d/swupdate.openvpn.net.list

Now you're set for installing OpenVPN. Note that packages built for older operating system releases might work just fine on newer release of the same operating system.

Installing OpenVPN

On Debian/Ubuntu use 

$ apt-get update && apt-get install openvpn

Notes on expired keys

The original apt signing key expired on 4th Aug 2014, resulting in apt complaints when refreshing the package cache (e.g. apt-get update). To fix this remove the expired key from apt keychain: 

$ apt-key del E158C569

Then add the new key using wget and apt-key as described above. Then verify that the new key is in the keychain: 

$ apt-key list
--- snip ---
/etc/apt/trusted.gpg
--------------------
pub   2048R/E158C569 2011-08-03 [expires: 2017-08-04]
uid                  Samuli Seppänen (OpenVPN Technologies, Inc) <samuli@openvpn.net>
sub   2048R/F5699905 2011-08-03 [expires: 2017-08-04]
--- snip ---

Notes on old apt/yum repositories

The current incarnation of OpenVPN apt repositories is the third one. The first repositories were hosted on build.openvpn.net and the second ones on repos.openvpn.net, a now discontinued server. The apt lines for the latter still work, but new OpenVPN releases (2.3.3 and later) will only be added to current swupdate.openvpn.net repos. Unfortunately due to the complete restructuring of the apt repository structure it is not possible to cleanly migrate from the repos.openvpn.net-based configuration to the swupdate.openvpn.net configuration.