인디노트

Compile Latest OpenVPN from Source on Debian 8 본문

개발 플랫폼 및 언어

Compile Latest OpenVPN from Source on Debian 8

인디개발자 2018. 10. 30. 16:13

Build OpenVPN from Source

First you should know that you can and should check the release notes at OpenVPN’s official page located here. Since we are going to build from source, the version we installed will not be automatically updated when you run a system update. Therefore it is recommended to periodically check the release notes page, and when a new version is available, you should build the latest source in order to keep OpenVPN version up to date.

Many of our guides uses OpenVPN, and we always recommend to use the latest version available. Consider for example the Force Torrent Traffic through VPN Split Tunnel Debian 8 + Ubuntu 16.04 guide from our Split Tunnel guide series. The aim is to ensure your privacy, and basically OpenVPN is the core of these guides, this is why I keep repeating the importance of being on the latest version.

Note: if you are using Ubuntu, then you should use the Official OpenVPN PPA provided in our guides, there is no need to compile since the PPA will provide you always the latest version available.

Install Required Build Dependencies

The first step is to install the required build dependencies for OpenVPN. Update the system and install the following packages

apt-get update
apt-get install libssl-dev liblzo2-dev libpam0g-dev build-essential -y

Get the Latest OpenVPN Source

The next step is to download the latest source, go to the OpenVPN Downloads page. You will need to grab the Source Tarball (gzip), right click on the tar.gz file and Copy Link Location (Firefox) to get the link. We will use the openvpn-2.3.12.tar.gz file in the guide, as this is the latest version at the time of writing this guide.

Move to the tmp directory

cd /tmp

Download the source, we will use wget for this. Since you already copied the link to the source, just paste the link after the wget command to insert into cli

wget https://swupdate.openvpn.org/community/releases/openvpn-2.3.12.tar.gz

Now extract the tarball, replace the version with the version you downloaded.

Hint: type the first two letters of openvpn: op, and pres TAB, the full filename will auto complete

tar xf openvpn-2.3.12.tar.gz

Move to the extracted directory (again, replacing the version number as per the downloaded file). Hint: you can use the first two letters and TAB to auto complete again

cd openvpn-2.3.12

Next step is to create the Makefile, which will also check the dependencies. Here comes a very important part: we need to change the default install directory to keep compatibility with our guides. The default Makefile installs OpenVPN to a different directory (it might be a bug in Makefile, since it is: /usr/sbin/sbin/), while install from the repository is correct, and located in /usr/sbin/ To fix this, simply we need to add a prefix to the configuration to override the install directory

./configure --prefix=/usr

If it completes without any errors, then we are ready to start building OpenVPN

make

It should compile quite fast, even on a Raspberry Pi. When ready, we install the compiled OpenVPN

make install

Congratulations, you just compiled and installed the latest OpenVPN version from source!

To check the version of the installed OpenVPN

openvpn --version

The output will display the version and the enabled options, in our case 2.3.12.

Create the Default OpenVPN Configuration Folder

When you build from source, the default configuration directory and files are not created, like when using the repository. This is not a problem at all, since we will create these with a few simple commands.

Create the default directory

mkdir /etc/openvpn

Create the directory required for systemd unit

mkdir -p /run/openvpn/

Finally, we will put the update-resolv-conf script into the /etc/openvpn directory. This script will take care of the DNS update when using OpenVPN; you will see the purpose of this in the relevant guides.

Note: if you are doing an upgrade from an already compiled from source version, you do not need to recreate the default configuration folder, you can skip this step.

Create the script

nano /etc/openvpn/update-resolv-conf

Copy and paste the following

#!/bin/bash
# 
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
# 
# Example envs set from openvpn:
#
#     foreign_option_1='dhcp-option DNS 193.43.27.132'
#     foreign_option_2='dhcp-option DNS 193.43.27.133'
#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#

[ -x /sbin/resolvconf ] || exit 0
[ "$script_type" ] || exit 0
[ "$dev" ] || exit 0

split_into_parts()
{
	part1="$1"
	part2="$2"
	part3="$3"
}

case "$script_type" in
  up)
	NMSRVRS=""
	SRCHS=""
	for optionvarname in ${!foreign_option_*} ; do
		option="${!optionvarname}"
		echo "$option"
		split_into_parts $option
		if [ "$part1" = "dhcp-option" ] ; then
			if [ "$part2" = "DNS" ] ; then
				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
			elif [ "$part2" = "DOMAIN" ] ; then
				SRCHS="${SRCHS:+$SRCHS }$part3"
			fi
		fi
	done
	R=""
	[ "$SRCHS" ] && R="search $SRCHS
"
	for NS in $NMSRVRS ; do
        	R="${R}nameserver $NS
"
	done
	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
	;;
  down)
	/sbin/resolvconf -d "${dev}.openvpn"
	;;
esac

Make the script executable

chmod +x /etc/openvpn/update-resolv-conf


반응형
Comments