- Changed "Supported platforms" to reflect current support status of the
mentioned operatingsystems
- Removed mentions of the obsolete Python and domake-win buildsystems
- Added mention of official Debian/RPM packages
- Added links to the Wiki
- Added mention of the new openvpn-build cross-compile environment
- Added PolarSSL to and removed pthreads from the "Optional" section
- Added mention of t_client.sh test framework
- Removed some very old (pre-2005) nuggets of (obsolete) information
- Other minor cleanups
- Some reorganization
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1359107974-1481-1-git-send-email-samuli@openvpn.net
URL: http://article.gmane.org/gmane.network.openvpn.devel/7303
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 607a678d371c56d368319b0a7a1bb147008d5822)
... | ... |
@@ -12,36 +12,53 @@ QUICK START: |
12 | 12 |
Unix: |
13 | 13 |
./configure && make && make-install |
14 | 14 |
|
15 |
- Windows MinGW, using MSYS bash shell: |
|
16 |
- ./domake-win (see comments in the script for more info) |
|
15 |
+ Cross-compile for Windows on Unix |
|
17 | 16 |
|
18 |
- Windows Visual Studio: |
|
19 |
- python win\build_all.py |
|
17 |
+ See INSTALL-win32.txt |
|
20 | 18 |
|
21 | 19 |
************************************************************************* |
22 | 20 |
|
23 | 21 |
To download OpenVPN, go to: |
24 | 22 |
|
25 |
- http://openvpn.net/download.html |
|
23 |
+ http://openvpn.net/download.html |
|
26 | 24 |
|
27 |
-For step-by-step installation instructions with real-world |
|
28 |
-examples see: |
|
25 |
+OpenVPN releases are also available as Debian/RPM packages: |
|
29 | 26 |
|
30 |
- http://openvpn.net/howto.html |
|
27 |
+ https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos |
|
28 |
+ |
|
29 |
+To download easy-rsa go to: |
|
30 |
+ |
|
31 |
+ https://github.com/OpenVPN/easy-rsa |
|
32 |
+ |
|
33 |
+To download tap-windows driver source code go to: |
|
34 |
+ |
|
35 |
+ https://github.com/OpenVPN/tap-windows |
|
36 |
+ |
|
37 |
+To get the cross-compilation environment go to: |
|
38 |
+ |
|
39 |
+ https://github.com/OpenVPN/openvpn-build |
|
40 |
+ |
|
41 |
+For step-by-step instructions with real-world examples see: |
|
42 |
+ |
|
43 |
+ http://openvpn.net/howto.html |
|
44 |
+ https://community.openvpn.net/openvpn/wiki |
|
31 | 45 |
|
32 | 46 |
For examples see: |
33 | 47 |
|
34 |
- http://openvpn.net/examples.html |
|
48 |
+ http://openvpn.net/examples.html |
|
49 |
+ |
|
50 |
+Also see the man page for more information, usage examples, and information on |
|
51 |
+firewall configuration. |
|
35 | 52 |
|
36 | 53 |
************************************************************************* |
37 | 54 |
|
38 | 55 |
SUPPORTED PLATFORMS: |
39 |
- (1) Linux 2.2+ |
|
56 |
+ (1) Linux (kernel 2.6+) |
|
40 | 57 |
(2) Solaris |
41 |
- (3) OpenBSD 3.0+ (Comes with OpenSSL and TUN devices by default) |
|
42 |
- (4) Mac OS X Darwin |
|
43 |
- (5) FreeBSD |
|
44 |
- (6) NetBSD |
|
58 |
+ (3) OpenBSD 5.1+ |
|
59 |
+ (4) Mac OS X Darwin 10.5+ |
|
60 |
+ (5) FreeBSD 7.4+ |
|
61 |
+ (6) NetBSD 5.0+ |
|
45 | 62 |
(7) Windows (WinXP and higher) |
46 | 63 |
|
47 | 64 |
SUPPORTED PROCESSOR ARCHITECTURES: |
... | ... |
@@ -55,14 +72,15 @@ REQUIRES: |
55 | 55 |
TUN/TAP Driver Configuration section below for more info. |
56 | 56 |
|
57 | 57 |
OPTIONAL (but recommended): |
58 |
- (1) OpenSSL library, necessary for encryption, version 0.9.5 or higher |
|
58 |
+ (1) OpenSSL library, necessary for encryption, version 0.9.8 or higher |
|
59 | 59 |
required, available from http://www.openssl.org/ |
60 |
- (2) LZO real-time compression library, required for link compression, |
|
60 |
+ (2) PolarSSL library, an alternative for encryption, version 1.1 or higher |
|
61 |
+ required, available from https://polarssl.org/ |
|
62 |
+ (3) LZO real-time compression library, required for link compression, |
|
61 | 63 |
available from http://www.oberhumer.com/opensource/lzo/ |
62 | 64 |
OpenBSD users can use ports or packages to install lzo, but remember |
63 | 65 |
to add CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" |
64 | 66 |
directives to "configure", since gcc will not find them otherwise. |
65 |
- (3) Pthread library. |
|
66 | 67 |
|
67 | 68 |
OPTIONAL (for developers only): |
68 | 69 |
(1) Autoconf 2.59 or higher + Automake 1.9 or higher |
... | ... |
@@ -74,15 +92,18 @@ OPTIONAL (for developers only): |
74 | 74 |
|
75 | 75 |
CHECK OUT SOURCE FROM SOURCE REPOSITORY: |
76 | 76 |
|
77 |
- git clone https://github.com/OpenVPN/openvpn |
|
77 |
+ Clone the repository: |
|
78 |
+ |
|
79 |
+ git clone https://github.com/OpenVPN/openvpn |
|
80 |
+ git clone git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn |
|
78 | 81 |
|
79 | 82 |
Check out stable version: |
80 | 83 |
|
81 |
- git checkout -b 2.2 remotes/origin/release/2.2 |
|
84 |
+ git checkout -b 2.2 remotes/origin/release/2.2 |
|
82 | 85 |
|
83 | 86 |
Check out master (unstable) branch: |
84 | 87 |
|
85 |
- git checkout master |
|
88 |
+ git checkout master |
|
86 | 89 |
|
87 | 90 |
|
88 | 91 |
************************************************************************* |
... | ... |
@@ -112,7 +133,7 @@ BUILD A TARBALL FROM SOURCE REPOSITORY CHECKOUT: |
112 | 112 |
|
113 | 113 |
************************************************************************* |
114 | 114 |
|
115 |
-LOOPBACK TESTS (after BUILD): |
|
115 |
+TESTS (after BUILD): |
|
116 | 116 |
|
117 | 117 |
make check (Run all tests below) |
118 | 118 |
|
... | ... |
@@ -126,6 +147,9 @@ Test SSL/TLS negotiations (runs for 2 minutes): |
126 | 126 |
./openvpn --config sample/sample-config-files/loopback-client (In one window) |
127 | 127 |
./openvpn --config sample/sample-config-files/loopback-server (Simultaneously in another window) |
128 | 128 |
|
129 |
+For more thorough client-server tests you can configure your own, private test |
|
130 |
+environment. See tests/t_client.rc-sample for details. |
|
131 |
+ |
|
129 | 132 |
************************************************************************* |
130 | 133 |
|
131 | 134 |
OPTIONS for ./configure: |
... | ... |
@@ -205,7 +229,7 @@ ENVIRONMENT for ./configure: |
205 | 205 |
|
206 | 206 |
************************************************************************* |
207 | 207 |
|
208 |
-BUILDING ON LINUX 2.4+ FROM RPM |
|
208 |
+BUILDING ON LINUX 2.6+ FROM RPM |
|
209 | 209 |
|
210 | 210 |
You can build a binary RPM directly from the OpenVPN tarball file: |
211 | 211 |
|
... | ... |
@@ -224,7 +248,7 @@ startup or shutdown, based on OpenVPN .conf files in /etc/openvpn. |
224 | 224 |
See the comments in openvpn.init for more information. |
225 | 225 |
|
226 | 226 |
Installing the RPM will also configure the TUN/TAP device node |
227 |
-for linux 2.4. |
|
227 |
+for linux 2.6. |
|
228 | 228 |
|
229 | 229 |
Note that the current openvpn.spec file, which instructs the rpm tool |
230 | 230 |
how to build a package, will build OpenVPN with all options enabled, |
... | ... |
@@ -236,56 +260,15 @@ you edit the openvpn.spec file. |
236 | 236 |
|
237 | 237 |
TUN/TAP Driver Configuration: |
238 | 238 |
|
239 |
-* Linux 2.4 or higher (with integrated TUN/TAP driver): |
|
240 |
- |
|
241 |
- (1) make device node: mknod /dev/net/tun c 10 200 |
|
242 |
- (2a) add to /etc/modules.conf: alias char-major-10-200 tun |
|
243 |
- (2b) load driver: modprobe tun |
|
244 |
- (3) enable routing: echo 1 > /proc/sys/net/ipv4/ip_forward |
|
245 |
- |
|
246 |
- Note that either of steps (2a) or (2b) is sufficient. While (2a) |
|
247 |
- only needs to be done once per install, (2b) needs to be done once |
|
248 |
- per reboot. If you install from RPM (see above) and use the |
|
249 |
- openvpn.init script, these steps are taken care of for you. |
|
250 |
- |
|
251 |
-* Linux 2.2 or Solaris: |
|
239 |
+* Linux 2.6 or higher (with integrated TUN/TAP driver): |
|
252 | 240 |
|
253 |
- You should obtain |
|
254 |
- version 1.1 of the TUN/TAP driver from |
|
255 |
- http://vtun.sourceforge.net/tun/ |
|
256 |
- and follow the installation instructions. |
|
241 |
+ (1) load driver: modprobe tun |
|
242 |
+ (2) enable routing: echo 1 > /proc/sys/net/ipv4/ip_forward |
|
257 | 243 |
|
258 |
- If you use OpenVPN on Linux 2.2 or 2.4 or Solaris, you may be |
|
259 |
- suffering from a bug which causes connections to hang under heavy load. |
|
260 |
- The symptoms are very similar to the MTU problems discussed frequently |
|
261 |
- in the OpenVPN mailing lists. But it turns out that this bug is not caused by |
|
262 |
- MTU problems. It's a bug in the tun/tap driver. A patch is provided here: |
|
244 |
+ Note that (1) needs to be done once per reboot. If you install from RPM (see |
|
245 |
+ above) and use the openvpn.init script, these steps are taken care of for you. |
|
263 | 246 |
|
264 |
- http://openvpn.net/patch/tun-sb.patch |
|
265 |
- |
|
266 |
-* Solaris |
|
267 |
- |
|
268 |
- For 64 bit, I used the tun-1.1.tar.gz source and compiled it. |
|
269 |
- |
|
270 |
- Of course there is a but :) |
|
271 |
- In the tun-1-1\solaris\Makefile I changed a line so it compiles with 64 bit |
|
272 |
- |
|
273 |
- CFLAGS = $(DEFS) -m64 -O2 -Wall -D_KERNEL -I. |
|
274 |
- |
|
275 |
- I just added -m64 and it worked. |
|
276 |
- |
|
277 |
- The tun driver works fine as said previously, however we noticed there is a |
|
278 |
- minor problem when creating multiple tunnels on Solaris. |
|
279 |
- Mr Tycho Fruru changed the code in tun.c file where he locked the tun device |
|
280 |
- number to -1. This way it is impossible to specify the name of the tun device |
|
281 |
- but it is still possible to have multiple devices. |
|
282 |
- The modification will increment automatically meaning starting from tun0 ---> |
|
283 |
- tunX I know you are not responsible for the tun coding but if you think the |
|
284 |
- modification can be useful for you feel free to use it. |
|
285 |
- |
|
286 |
- http://openvpn.net/solaris/tun.c |
|
287 |
- |
|
288 |
-* FreeBSD 4.1.1+: |
|
247 |
+* FreeBSD: |
|
289 | 248 |
|
290 | 249 |
FreeBSD ships with the TUN/TAP driver, and the device nodes for tap0, |
291 | 250 |
tap1, tap2, tap3, tun0, tun1, tun2 and tun3 are made by default. |
... | ... |
@@ -303,41 +286,23 @@ TUN/TAP Driver Configuration: |
303 | 303 |
|
304 | 304 |
* OpenBSD: |
305 | 305 |
|
306 |
- OpenBSD ships with tun0 and tun1 installed by default on pre-3.5 systems, |
|
307 |
- while 3.5 and later have dynamically created tun* devices so you only need |
|
306 |
+ OpenBSD has dynamically created tun* devices so you only need |
|
308 | 307 |
to create an empty /etc/hostname.tun0 (tun1, tun2 and so on) for each tun |
309 | 308 |
you plan to use to create the device(s) at boot. |
310 | 309 |
|
311 |
-* Mac OS X: |
|
312 |
- |
|
313 |
- 2005.02.13: Angelo Laub has developed a GUI for OS X: |
|
314 |
- |
|
315 |
- http://rechenknecht.net/OpenVPN-GUI/ |
|
316 |
- |
|
317 |
- 2004.10.26: Mattias Nissler has developed a new TUN/TAP driver for |
|
318 |
- MAC OS X: |
|
319 |
- |
|
320 |
- http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ |
|
321 |
- |
|
322 |
- Christoph Pfisterer's old TUN driver can be obtained at |
|
323 |
- http://chrisp.de/en/projects/tunnel.html -- note that it |
|
324 |
- is no longer being maintained. |
|
310 |
+* Solaris: |
|
325 | 311 |
|
326 |
-* Solaris9 Sparc/64 |
|
312 |
+ You need a TUN/TAP kernel driver for OpenVPN to work: |
|
327 | 313 |
|
328 |
- The kernel module for solaris |
|
329 |
- can be generated by adding the -m64 switch to a modern |
|
330 |
- gcc compiler (I'm using 3.2) The resulting kernel driver |
|
331 |
- needs to be manually copied to /kernel/drv/sparcv9/ and then a |
|
332 |
- reconfiguration reboot. (boot -r). |
|
314 |
+ http://www.whiteboard.ne.jp/~admin2/tuntap/ |
|
333 | 315 |
|
334 |
-* Windows XP/2003/Vista |
|
316 |
+* Windows XP/2003/Vista/7: |
|
335 | 317 |
|
336 |
- See domake-win for building instructions. |
|
337 |
- See INSTALL-win32.txt for usage info. |
|
318 |
+ OpenVPN on Windows needs a TUN/TAP kernel driver to work. OpenVPN installers |
|
319 |
+ include this driver, so installing it separately is not usually required. |
|
320 |
+ The driver source code is available here: |
|
338 | 321 |
|
339 |
- See the man page for more information, usage examples, and |
|
340 |
- information on firewall configuration. |
|
322 |
+ https://github.com/OpenVPN/tap-windows |
|
341 | 323 |
|
342 | 324 |
************************************************************************* |
343 | 325 |
|