Compile OpenVPN on Raspberry PI: Difference between revisions

From James's Wiki
(Created page with "==Compile latest version OpenVPN on Raspberry PI (Debian Stretch)== Compile Latest OpenVPN from Source on Debian 8 0 0 0 openvpn-logo-squareIf you are using Deb...")
 
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 3: Line 3:
Compile Latest OpenVPN from Source on Debian 8
Compile Latest OpenVPN from Source on Debian 8


    0
If you are using Debian 8, Minibian, Raspbian, or similar distribution based on Debian, then you normally you install OpenVPN from the Debian repository. This is unfortunately usually outdated, many versions behind the latest release.
    0
    0


openvpn-logo-squareIf you are using Debian 8, Minibian, Raspbian, or similar distribution based on Debian, then you normally you install OpenVPN from the Debian repository. This is unfortunately usually outdated, many versions behind the latest release.
If there is a service where you should always use the most up to date version, then OpenVPN certainly is. Not necessarily because of new features, but because of the security fixes that each new version addresses; OpenVPN developers will address critical vulnerabilities and release the new version when appropriate. Of course, each new version brings further fixes to OpenVPN which (most of the time) give us further improvements of this great software. Luckily, it is very easy and fast to build OpenVPN from source, even on ARM based devices, like the Raspberry Pi.


If there is a service where you should always use the most up to date version, then OpenVPN certainly is. Not necessarily because of new features, but because of the security fixes that each new version addresses; OpenVPN developers will address critical vulnerabilities and release the new version when appropriate. Of course, each new version brings further fixes to OpenVPN which (most of the time) give us further improvements of this great software. Luckily, it is very easy and fast to build OpenVPN from source, even on ARM based devices, like the Raspberry Pi.
==Build OpenVPN from Source==
VPN Service
All Platforms
Number of Connections
Monthly Cost
Annual Cost
Private Internet Access
Yes
5
$6.95
$39.95
($3.33 / month)
Pure VPN
Yes
5
$6.95
$59.95
($4.16 / month)
IPVanish
Yes
5
$10.00
$77.00
($6.41 / month)
Build OpenVPN from Source


First you should know that you can and should check the release notes at OpenVPN’s official page located here. Since we are going to build from source, the version we installed will not be automatically updated when you run a system update. Therefore it is recommended to periodically check the release notes page, and when a new version is available, you should build the latest source in order to keep OpenVPN version up to date.
First you should know that you can and should check the release notes at OpenVPN’s official page located here. Since we are going to build from source, the version we installed will not be automatically updated when you run a system update. Therefore it is recommended to periodically check the release notes page, and when a new version is available, you should build the latest source in order to keep OpenVPN version up to date.
Line 56: Line 18:
The first step is to install the required build dependencies for OpenVPN. Update the system and install the following packages
The first step is to install the required build dependencies for OpenVPN. Update the system and install the following packages


apt-get update
apt-get update
apt-get install libssl-dev liblzo2-dev libpam0g-dev build-essential -y
apt-get install libssl-dev liblzo2-dev libpam0g-dev build-essential -y


Get the Latest OpenVPN Source
Get the Latest OpenVPN Source


The next step is to download the latest source, go to the OpenVPN Downloads page. You will need to grab the Source Tarball (gzip), right click on the tar.gz file and Copy Link Location (Firefox) to get the link. We will use the openvpn-2.3.12.tar.gz file in the guide, as this is the latest version at the time of writing this guide.
The next step is to download the latest source, go to the OpenVPN Downloads page. https://openvpn.net/index.php/open-source/downloads.html You will need to grab the Source Tarball (gzip), right click on the tar.gz file and Copy Link Location (Firefox) to get the link. We will use the openvpn-2.3.12.tar.gz file in the guide, as this is the latest version at the time of writing this guide.


Move to the tmp directory
Move to the tmp directory


cd /tmp
cd /tmp


Download the source, we will use wget for this. Since you already copied the link to the source, just paste the link after the wget command to insert into cli
Download the source, we will use wget for this. Since you already copied the link to the source, just paste the link after the wget command to insert into cli


wget https://swupdate.openvpn.org/community/releases/openvpn-2.3.12.tar.gz
wget https://swupdate.openvpn.org/community/releases/openvpn-2.3.12.tar.gz


Now extract the tarball, replace the version with the version you downloaded.
Now extract the tarball, replace the version with the version you downloaded.
Line 75: Line 37:
Hint: type the first two letters of openvpn: op, and pres TAB, the full filename will auto complete
Hint: type the first two letters of openvpn: op, and pres TAB, the full filename will auto complete


tar xf openvpn-2.3.12.tar.gz
tar xf openvpn-2.3.12.tar.gz


Move to the extracted directory (again, replacing the version number as per the downloaded file). Hint: you can use the first two letters and TAB to auto complete again
Move to the extracted directory (again, replacing the version number as per the downloaded file). Hint: you can use the first two letters and TAB to auto complete again


cd openvpn-2.3.12
cd openvpn-2.3.12


Next step is to create the Makefile, which will also check the dependencies. Here comes a very important part: we need to change the default install directory to keep compatibility with our guides. The default Makefile installs OpenVPN to a different directory (it might be a bug in Makefile, since it is: /usr/sbin/sbin/), while install from the repository is correct, and located in /usr/sbin/ To fix this, simply we need to add a prefix to the configuration to override the install directory
Next step is to create the Makefile, which will also check the dependencies. Here comes a very important part: we need to change the default install directory to keep compatibility with our guides. The default Makefile installs OpenVPN to a different directory (it might be a bug in Makefile, since it is: /usr/sbin/sbin/), while install from the repository is correct, and located in /usr/sbin/ To fix this, simply we need to add a prefix to the configuration to override the install directory


./configure --prefix=/usr
./configure --prefix=/usr


If it completes without any errors, then we are ready to start building OpenVPN
If it completes without any errors, then we are ready to start building OpenVPN


make
make


It should compile quite fast, even on a Raspberry Pi. When ready, we install the compiled OpenVPN
It should compile quite fast, even on a Raspberry Pi. When ready, we install the compiled OpenVPN


make install
sudo make install


Congratulations, you just compiled and installed the latest OpenVPN version from source!
Congratulations, you just compiled and installed the latest OpenVPN version from source!
Line 97: Line 59:
To check the version of the installed OpenVPN
To check the version of the installed OpenVPN


openvpn --version
sudo openvpn --version


The output will display the version and the enabled options, in our case 2.3.12.
The output will display the version and the enabled options, in our case 2.3.12.
Line 106: Line 68:
Create the default directory
Create the default directory


mkdir /etc/openvpn
sudo mkdir /etc/openvpn


Create the directory required for systemd unit
Create the directory required for systemd unit


mkdir -p /run/openvpn/
sudo mkdir -p /run/openvpn/


Finally, we will put the update-resolv-conf script into the /etc/openvpn directory. This script will take care of the DNS update when using OpenVPN; you will see the purpose of this in the relevant guides.
Finally, we will put the update-resolv-conf script into the /etc/openvpn directory. This script will take care of the DNS update when using OpenVPN; you will see the purpose of this in the relevant guides.
Line 118: Line 80:
Create the script
Create the script


nano /etc/openvpn/update-resolv-conf
nano /etc/openvpn/update-resolv-conf


Copy and paste the following
Copy and paste the following


#!/bin/bash
#!/bin/bash
#  
#  
# Parses DHCP options from openvpn to update resolv.conf
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
#
# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL.  
# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL.  
#  
#  
# Example envs set from openvpn:
# Example envs set from openvpn:
#
#
#    foreign_option_1='dhcp-option DNS 193.43.27.132'
#    foreign_option_1='dhcp-option DNS 193.43.27.132'
#    foreign_option_2='dhcp-option DNS 193.43.27.133'
#    foreign_option_2='dhcp-option DNS 193.43.27.133'
#    foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#    foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#
#
 
[ -x /sbin/resolvconf ] || exit 0
[ -x /sbin/resolvconf ] || exit 0
[ "$script_type" ] || exit 0
[ "$script_type" ] || exit 0
[ "$dev" ] || exit 0
[ "$dev" ] || exit 0
 
split_into_parts()
split_into_parts()
{
{
part1="$1"
part1="$1"
part2="$2"
part2="$2"
part3="$3"
part3="$3"
}
}
 
case "$script_type" in
case "$script_type" in
  up)
  up)
NMSRVRS=""
NMSRVRS=""
SRCHS=""
SRCHS=""
for optionvarname in ${!foreign_option_*} ; do
for optionvarname in ${!foreign_option_*} ; do
option="${!optionvarname}"
option="${!optionvarname}"
echo "$option"
echo "$option"
split_into_parts $option
split_into_parts $option
if [ "$part1" = "dhcp-option" ] ; then
if [ "$part1" = "dhcp-option" ] ; then
if [ "$part2" = "DNS" ] ; then
if [ "$part2" = "DNS" ] ; then
NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
elif [ "$part2" = "DOMAIN" ] ; then
elif [ "$part2" = "DOMAIN" ] ; then
SRCHS="${SRCHS:+$SRCHS }$part3"
SRCHS="${SRCHS:+$SRCHS }$part3"
fi
fi
fi
fi
done
done
R=""
R=""
[ "$SRCHS" ] && R="search $SRCHS
[ "$SRCHS" ] && R="search $SRCHS
"
"
for NS in $NMSRVRS ; do
for NS in $NMSRVRS ; do
        R="${R}nameserver $NS
        R="${R}nameserver $NS
"
"
done
done
echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
;;
;;
  down)
  down)
/sbin/resolvconf -d "${dev}.openvpn"
/sbin/resolvconf -d "${dev}.openvpn"
;;
;;
esac
esac


Make the script executable
Make the script executable


chmod +x /etc/openvpn/update-resolv-conf
sudo chmod +x /etc/openvpn/update-resolv-conf


Conclusion
Conclusion

Latest revision as of 13:13, 13 January 2018

Compile latest version OpenVPN on Raspberry PI (Debian Stretch)

Compile Latest OpenVPN from Source on Debian 8

If you are using Debian 8, Minibian, Raspbian, or similar distribution based on Debian, then you normally you install OpenVPN from the Debian repository. This is unfortunately usually outdated, many versions behind the latest release.

If there is a service where you should always use the most up to date version, then OpenVPN certainly is. Not necessarily because of new features, but because of the security fixes that each new version addresses; OpenVPN developers will address critical vulnerabilities and release the new version when appropriate. Of course, each new version brings further fixes to OpenVPN which (most of the time) give us further improvements of this great software. Luckily, it is very easy and fast to build OpenVPN from source, even on ARM based devices, like the Raspberry Pi.

Build OpenVPN from Source

First you should know that you can and should check the release notes at OpenVPN’s official page located here. Since we are going to build from source, the version we installed will not be automatically updated when you run a system update. Therefore it is recommended to periodically check the release notes page, and when a new version is available, you should build the latest source in order to keep OpenVPN version up to date.

Many of our guides uses OpenVPN, and we always recommend to use the latest version available. Consider for example the Force Torrent Traffic through VPN Split Tunnel Debian 8 + Ubuntu 16.04 guide from our Split Tunnel guide series. The aim is to ensure your privacy, and basically OpenVPN is the core of these guides, this is why I keep repeating the importance of being on the latest version.

Note: if you are using Ubuntu, then you should use the Official OpenVPN PPA provided in our guides, there is no need to compile since the PPA will provide you always the latest version available. Install Required Build Dependencies

The first step is to install the required build dependencies for OpenVPN. Update the system and install the following packages 

apt-get update
apt-get install libssl-dev liblzo2-dev libpam0g-dev build-essential -y

Get the Latest OpenVPN Source

The next step is to download the latest source, go to the OpenVPN Downloads page. https://openvpn.net/index.php/open-source/downloads.html You will need to grab the Source Tarball (gzip), right click on the tar.gz file and Copy Link Location (Firefox) to get the link. We will use the openvpn-2.3.12.tar.gz file in the guide, as this is the latest version at the time of writing this guide.

Move to the tmp directory 

cd /tmp

Download the source, we will use wget for this. Since you already copied the link to the source, just paste the link after the wget command to insert into cli 

wget https://swupdate.openvpn.org/community/releases/openvpn-2.3.12.tar.gz

Now extract the tarball, replace the version with the version you downloaded.

Hint: type the first two letters of openvpn: op, and pres TAB, the full filename will auto complete 

tar xf openvpn-2.3.12.tar.gz

Move to the extracted directory (again, replacing the version number as per the downloaded file). Hint: you can use the first two letters and TAB to auto complete again 

cd openvpn-2.3.12

Next step is to create the Makefile, which will also check the dependencies. Here comes a very important part: we need to change the default install directory to keep compatibility with our guides. The default Makefile installs OpenVPN to a different directory (it might be a bug in Makefile, since it is: /usr/sbin/sbin/), while install from the repository is correct, and located in /usr/sbin/ To fix this, simply we need to add a prefix to the configuration to override the install directory 

./configure --prefix=/usr

If it completes without any errors, then we are ready to start building OpenVPN 

make

It should compile quite fast, even on a Raspberry Pi. When ready, we install the compiled OpenVPN 

sudo make install

Congratulations, you just compiled and installed the latest OpenVPN version from source!

To check the version of the installed OpenVPN 

sudo openvpn --version

The output will display the version and the enabled options, in our case 2.3.12. Create the Default OpenVPN Configuration Folder

When you build from source, the default configuration directory and files are not created, like when using the repository. This is not a problem at all, since we will create these with a few simple commands.

Create the default directory 

sudo mkdir /etc/openvpn

Create the directory required for systemd unit 

sudo mkdir -p /run/openvpn/

Finally, we will put the update-resolv-conf script into the /etc/openvpn directory. This script will take care of the DNS update when using OpenVPN; you will see the purpose of this in the relevant guides.

Note: if you are doing an upgrade from an already compiled from source version, you do not need to recreate the default configuration folder, you can skip this step.

Create the script 

nano /etc/openvpn/update-resolv-conf

Copy and paste the following 

#!/bin/bash
# 
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
# 
# Example envs set from openvpn:
#
#     foreign_option_1='dhcp-option DNS 193.43.27.132'
#     foreign_option_2='dhcp-option DNS 193.43.27.133'
#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#

[ -x /sbin/resolvconf ] || exit 0
[ "$script_type" ] || exit 0
[ "$dev" ] || exit 0

split_into_parts()
{
	part1="$1"
	part2="$2"
	part3="$3"
}

case "$script_type" in
  up)
	NMSRVRS=""
	SRCHS=""
	for optionvarname in ${!foreign_option_*} ; do
		option="${!optionvarname}"
		echo "$option"
		split_into_parts $option
		if [ "$part1" = "dhcp-option" ] ; then
			if [ "$part2" = "DNS" ] ; then
				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
			elif [ "$part2" = "DOMAIN" ] ; then
				SRCHS="${SRCHS:+$SRCHS }$part3"
			fi
		fi
	done
	R=""
	[ "$SRCHS" ] && R="search $SRCHS
"
	for NS in $NMSRVRS ; do
        	R="${R}nameserver $NS
"
	done
	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
	;;
  down)
	/sbin/resolvconf -d "${dev}.openvpn"
	;;
esac

Make the script executable 

sudo chmod +x /etc/openvpn/update-resolv-conf

Conclusion

As already mentioned, make sure you check OpenVPN’s site for new releases, and once a new version is released, just repeat the guide to ensure you are always using an up to date version.


Sources

https://www.htpcguides.com/compile-latest-openvpn-from-source-on-debian-8/

Retrieved from "https://wiki.jamesclaus.com/index.php?title=Compile_OpenVPN_on_Raspberry_PI&oldid=110"
Powered by MediaWiki