wiki:TesterDocumentation

Using development versions of OpenVPN

Getting OpenVPN snapshots

We offer several different kinds of development builds and snapshots:

Note that these snapshots are either entirely untested or tested only very briefly. So there are no guarantees that they work correctly. That said, most of the time they probably work just fine.

Fetching sources using git

Second option is to fetch sources using Git. This method is preferred, as it allows you to easily keep using the latest code. For instructions take a look here.

Source for OpenVPN for Android

Source code for OpenVPN for Android is available on GitHub.

Source for OpenVPN Connect (android/IOS)

The latest source code snapshot for OpenVPN 3 is available here.

Building

If you're using source snapshots / ports you can extract them like this:

gzip -dc openvpn-<something>.tar.gz | tar xvf -
cd openvpn-<something>/

With Git you can skip this step. Next prepare for building (not required for stable releases):

autoreconf -vi

Next configure (see ./configure --help for available build-time options):

./configure

Finally compile:

make [-j <num CPU cores + 1>]

Once you've ran make, you can install OpenVPN using

make install

Building on MacOS X with homebrew

Homebrew does not install the openssl libraries in the standard paths. If you get errors like Undefined symbols for architecture x86_64: "_SSL_CTX_get0_certificate" ..., you need to pass CPPFLAGS/LDFLAGS (the correct values are shown by brew info openssl).

make [-j <num CPU cores + 1>]  CPPFLAGS=-I/usr/local/opt/openssl/include LDFLAGS=-L/usr/local/opt/openssl/lib

TAP-driver debugging

Please take a look here.

OpenVPN Debugging

If OpenVPN crashes, you can help developers figure out the problem by giving them a backtrace of the crash. If you're running released (stable) version of OpenVPN, you should install the openvpn debug and gdb packages and then run openvpn via gdb. On "testing" turn on debugging before compilation. In either case you can get a backtrace of the crash like this:

$ gdb /usr/sbin/openvpn
[gdb info message...blablabla...]
(gdb) run --config <your config file> [--other-arguments-you-might-pass]
[wait for the crash]
(gdb) bt
[full backtrace should appear]

Enable core dump

In some cases, it's not possible to trigger the bug when running via gdb directly. In this case, you can enable core dumps. On most distributions and *nix OSes today, you need to enable this from your shell before starting OpenVPN.

$ ulimit -c unlimited

Then run OpenVPN with the normal arguments. When OpenVPN crashes, it will now most likely create a core file which can be used for debugging the state of OpenVPN when it crashed.

$ gdb openvpn {core file}
[gdb info message...blablabla...]
(gdb) bt
[full backtrace should appear]

Please save the core files for a little while before deleting them. It might be that the developers would ask for a copy of the core file in some situations, to investigate more carefully the state OpenVPN was in when it crashed. But be also aware of that these core files can (will most likely) contain sensitive data, like encryption keys and certificates. So share with care.

Beware that if you start OpenVPN via init scripts, it will most likely not dump core files, unless you change the ulimit inside the init script.

Reporting bugs

If you're not sure if your problem is really a bug, you can ask about it on OpenVPN support channels.

If you've genuinely found a bug, have a look if the same issue has been reported to Trac, and if it has been fixed already. If you've found a new, unfixed bug, make sure you know how to report bugs efficiently; good bug reports help resolv the problem quickly. In each bug report you should document a few things:

  • Operating system (e.g. OpenBSD 4.3)
  • The complete output of openvpn --version, or...
  • ...the full filename of the Windows installer you used
  • Relevant parts of OpenVPN client and/or server logs (when available) at verb 5 verbosity (see the man page)
  • If you built OpenVPN youself: the ./configure command line you used
  • Plus fill in all the fields in Trac according to your best ability

If the bug you've found is a regression and you want to see it fixed as soon as possible, you can help by doing a Git bisect. This technique is described here:

Bisecting is an advanced technique and you're not expected to do it before filing bug reports.

Last modified 2 months ago Last modified on 04/14/16 05:30:35

Attachments (1)

Download all attachments as: .zip