wiki:TesterDocumentation

Version 15 (modified by samuli, 6 years ago) (diff)

--

Building development versions of OpenVPN

Downloading OpenVPN snapshots

There are two ways to get development versions of OpenVPN. First option is to get snapshot builds available here:

There are several directories there, one per git branch. New features are available in the allmerged branch. Weekly snapshots (Backup) of various OpenVPN branches are also available here.

Once you've downloaded a snapshot package, extract it:

gzip -dc openvpn-<something>.tar.gz | tar xvf -
cd openvpn-<something>/

Fetching sources using git

Second option is to fetch sources using Git. This method is preferred, as it allows you to easily keep using the latest code. For instructions take a look here.

Building

First prepare for building:

autoreconf -vi

When testing this version of OpenVPN, we would appreciate if all deprecated features would be disabled by default. We want to know how OpenVPN behaves for you without these features. When doing the compile-time configuration of OpenVPN, please make sure the following arguments are included:

  • --disable-depr-random-resolv

Example:

./configure
make [-j <num CPU cores + 1>]

Once you've ran make, you can install OpenVPN using

make install

TAP-driver debugging

Occasionally you may have to try out different versions of the Windows TAP-driver. This can be done with <openvpn-install-dir\bin\tapinstall.exe. This tool is actually renamed Devcon.exe.

It's fairly straighforward to use tapinstall.exe from a command-prompt. The <id> is an identifier which tapinstall.exe uses to detect the correct driver. In case of OpenVPN 2.2* it's tap0901. This may be different in older/newer versions. To view information about an installer driver use

$ tapinstall.exe hwids <id>

To uninstall a driver use:

$ tapinstall.exe remove tap0901

To install a new TAP-driver use

$ tapinstall.exe install <something.inf> <id>

It's also possible to extract TAP-drivers from OpenVPN installer without installing OpenVPN.

OpenVPN Debugging

If OpenVPN crashes, you can help developers figure out the problem by giving them a backtrace of the crash. If you're running released (stable) version of OpenVPN, you should install the openvpn debug and gdb packages and then run openvpn via gdb. On "testing" turn on debugging before compilation. In either case you can get a backtrace of the crash like this:

$ gdb /usr/sbin/openvpn
[gdb info message...blablabla...]
(gdb) run --config <your config file> [--other-arguments-you-might-pass]
[wait for the crash]
(gdb) bt
[full backtrace should appear]

Enable core dump

In some cases, it's not possible to trigger the bug when running via gdb directly. In this case, you can enable core dumps. On most distributions and *nix OSes today, you need to enable this from your shell before starting OpenVPN.

$ ulimit -c unlimited

Then run OpenVPN with the normal arguments. When OpenVPN crashes, it will now most likely create a core file which can be used for debugging the state of OpenVPN when it crashed.

$ gdb openvpn {core file}
[gdb info message...blablabla...]
(gdb) bt
[full backtrace should appear]

Please save the core files for a little while before deleting them. It might be that the developers would ask for a copy of the core file in some situations, to investigate more carefully the state OpenVPN was in when it crashed. But be also aware of that these core files can (will most likely) contain sensitive data, like encryption keys and certificates. So share with care.

Beware that if you start OpenVPN via init scripts, it will most likely not dump core files, unless you change the ulimit inside the init script.

Reporting bugs

First, you should know how to report bugs efficiently. In each bug report you should document a few things:

  • Operating system (e.g. OpenBSD 4.3)
  • Your ./configure command-line
  • The complete output of openvpn --version

Whenever possible, also provide logs with appropriate log level (5 or greater) from both the client and server; see --verb in OpenVPN man-page for details. Only include the log sections that are relevant to the bug, e.g. with something like this:

$ tail -n 0 -f <openvpn-log-file>

Note that if you're testing out a new feature or trying to reproduce a bug, we'd like to have both success and failure reports.

If the bug you've found is a regression and you want to see it fixed as soon as possible, you can help by doing a Git bisect. This technique is described here:

If you manage to find the commit that caused the regression, fixing it is much easier for the developers.

Attachments (1)

Download all attachments as: .zip