일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |
- 앨범북
- SSL
- 2FA
- 앱스토어
- 안드로이드
- appres
- FIDO2
- MSYS2
- SWIFT
- kmip
- otpkey
- SwiftUI
- Android
- Nodejs
- WebAuthn
- MFA
- albumbook
- OTP
- fido
- OSX
- 애플
- MYSQL
- apple
- 인증
- git
- css
- Xcode
- SSH
- openssl
- 앱리소스
- Today
- Total
인디노트
Compile Latest OpenVPN from Source on Debian 8 본문
Build OpenVPN from Source
First you should know that you can and should check the release notes at OpenVPN’s official page located here. Since we are going to build from source, the version we installed will not be automatically updated when you run a system update. Therefore it is recommended to periodically check the release notes page, and when a new version is available, you should build the latest source in order to keep OpenVPN version up to date.
Many of our guides uses OpenVPN, and we always recommend to use the latest version available. Consider for example the Force Torrent Traffic through VPN Split Tunnel Debian 8 + Ubuntu 16.04 guide from our Split Tunnel guide series. The aim is to ensure your privacy, and basically OpenVPN is the core of these guides, this is why I keep repeating the importance of being on the latest version.
Note: if you are using Ubuntu, then you should use the Official OpenVPN PPA provided in our guides, there is no need to compile since the PPA will provide you always the latest version available.
Install Required Build Dependencies
The first step is to install the required build dependencies for OpenVPN. Update the system and install the following packages
apt-get update
apt-get install libssl-dev liblzo2-dev libpam0g-dev build-essential -y
Get the Latest OpenVPN Source
The next step is to download the latest source, go to the OpenVPN Downloads page. You will need to grab the Source Tarball (gzip)
, right click on the tar.gz file and Copy Link Location (Firefox) to get the link. We will use the openvpn-2.3.12.tar.gz
file in the guide, as this is the latest version at the time of writing this guide.
Move to the tmp directory
cd /tmp
Download the source, we will use wget for this. Since you already copied the link to the source, just paste the link after the wget
command to insert into cli
wget https://swupdate.openvpn.org/community/releases/openvpn-2.3.12.tar.gz
Now extract the tarball, replace the version with the version you downloaded.
Hint: type the first two letters of openvpn: op, and pres TAB, the full filename will auto complete
tar xf openvpn-2.3.12.tar.gz
Move to the extracted directory (again, replacing the version number as per the downloaded file). Hint: you can use the first two letters and TAB to auto complete again
cd openvpn-2.3.12
Next step is to create the Makefile, which will also check the dependencies. Here comes a very important part: we need to change the default install directory to keep compatibility with our guides. The default Makefile installs OpenVPN to a different directory (it might be a bug in Makefile, since it is: /usr/sbin/sbin/
), while install from the repository is correct, and located in /usr/sbin/
To fix this, simply we need to add a prefix to the configuration to override the install directory
./configure --prefix=/usr
If it completes without any errors, then we are ready to start building OpenVPN
make
It should compile quite fast, even on a Raspberry Pi. When ready, we install the compiled OpenVPN
make install
Congratulations, you just compiled and installed the latest OpenVPN version from source!
To check the version of the installed OpenVPN
openvpn --version
The output will display the version and the enabled options, in our case 2.3.12.
Create the Default OpenVPN Configuration Folder
When you build from source, the default configuration directory and files are not created, like when using the repository. This is not a problem at all, since we will create these with a few simple commands.
Create the default directory
mkdir /etc/openvpn
Create the directory required for systemd unit
mkdir -p /run/openvpn/
Finally, we will put the update-resolv-conf
script into the /etc/openvpn
directory. This script will take care of the DNS update when using OpenVPN; you will see the purpose of this in the relevant guides.
Note: if you are doing an upgrade from an already compiled from source version, you do not need to recreate the default configuration folder, you can skip this step.
Create the script
nano /etc/openvpn/update-resolv-conf
Copy and paste the following
#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
#
# Example envs set from openvpn:
#
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#
[ -x /sbin/resolvconf ] || exit 0
[ "$script_type" ] || exit 0
[ "$dev" ] || exit 0
split_into_parts()
{
part1="$1"
part2="$2"
part3="$3"
}
case "$script_type" in
up)
NMSRVRS=""
SRCHS=""
for optionvarname in ${!foreign_option_*} ; do
option="${!optionvarname}"
echo "$option"
split_into_parts $option
if [ "$part1" = "dhcp-option" ] ; then
if [ "$part2" = "DNS" ] ; then
NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
elif [ "$part2" = "DOMAIN" ] ; then
SRCHS="${SRCHS:+$SRCHS }$part3"
fi
fi
done
R=""
[ "$SRCHS" ] && R="search $SRCHS
"
for NS in $NMSRVRS ; do
R="${R}nameserver $NS
"
done
echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
;;
down)
/sbin/resolvconf -d "${dev}.openvpn"
;;
esac
Make the script executable
chmod +x /etc/openvpn/update-resolv-conf
'개발 플랫폼 및 언어' 카테고리의 다른 글
Mac에서 Node.js 설치하기 (0) | 2018.11.02 |
---|---|
VMware .vmdk에서 KVM .qcow2 또는 Virtualbox로 .vdi로 변환 (0) | 2018.11.01 |
OS-X 초기 시스템 설치시 유선 네트워크 안될때 (0) | 2018.10.26 |
OS X 복원 모드 시동 후, 정적IP 설정 방법 (0) | 2018.10.26 |
Failed to detect host display topology, using one display as default (0) | 2018.10.23 |