Skip to Content

Installing OpenVPN 2.4.6 on Ubuntu 18.04

Posted on

I was running an OpenVPN 2.4.6 server on an Ubuntu 14.04 (Trusty) machine which needed to be upgraded to Ubuntu 18.04 (Bionic). I previously installed it on Trusty using the official OpenVPN repositories but that didn’t support the Bionic release at the time of writing.

The official Ubuntu Bionic repository offers OpenVPN too, but only version 2.4.4 and I don’t want to downgrade my installation. To solve this, I’ll compile OpenVPN from source and create a .deb package to install it with.

Prepare the build system

Let’s start by installing the necessary build tools:

sudo apt-get update
sudo apt-get install build-essential autoconf pkg-config

Now we’ll also need to install the libraries OpenVPN relies on:

sudo apt-get install liblzo2-dev libtool libssl-dev libpam0g-dev libssl1.0.0 openssl libsystemd-dev

Let’s grab the 2.4.6 source tarball from GitHub and extract it:

wget https://github.com/OpenVPN/openvpn/archive/v2.4.6.tar.gz -O openvpn-2.4.6.tar.gz
tar -xvf openvpn-2.4.6.tar.gz

Compile OpenVPN

Go to the source directory and generate the configure script with autoreconf, and then run it to get ready to compile the source code:

cd openvpn-2.4.6
autoreconf -ivf
./configure --prefix="/usr/" --enable-systemd

I added the --enable-systemd flag so that OpenVPN will be compiled with Systemd support, because I manage all services with Systemd on Ubuntu 18.04.

Now we’re ready to compile it:

make

If you want to install the compiled binaries and configuration files right away, you can run make install and you’re done. However, I want to create a .deb package that I can reuse later.

Create a .deb package

I’ll use the super-handy fpm tool to generate the package, so let’s install that first:

sudo apt-get install ruby-dev
sudo gem install fpm

Now we should install the OpenVPN files into a temporary directory. We’ll use this directory to layout the package contents with:

mkdir /tmp/openvpn-package/
make DESTDIR=/tmp/openvpn-package/ install

The contents of this temporary directory now mimics what will be installed by the package. There are a few extra directories I need, so I’ll add them first:

cd /tmp/openvpn-package/
mkdir -p etc/openvpn var/log/openvpn/ run/openvpn/ 

Finally, I also need systemd unit files to be able to (automatically) start and manage the OpenVPN server.

Smarter people than me already created these, so let’s make use of those! We can grab the source for the OpenVPN 2.4.6 package on Ubuntu 18.10 (Cosmic) and copy the systemd files out of it:

# Download the source tarball and extract the files:
cd /tmp/
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn\_2.4.6-1ubuntu2.debian.tar.xz
tar -xvf openvpn\_2.4.6-1ubuntu2.debian.tar.xz # this will extract into the /tmp/debian/ directory

# Copy the required files over:
cd /tmp/openvpn-package
mkdir -p lib/systemd/system/ lib/systemd/system-generators/ usr/lib/tmpfiles.d/

cp /tmp/debian/openvpn.conf usr/lib/tmpfiles.d/
cp /tmp/debian/[email protected] lib/systemd/system/
cp /tmp/debian/openvpn-generator lib/systemd/system-generators/

These files are pretty self-explanatory. In short, they work like this:

  1. The usr/lib/tmpfiles.d/openvpn.conf will make sure systemd creates the /run/openvpn/ directory on startup. This is the directory where the process PIDs will be stored in.
  2. The lib/systemd/system/[email protected] file is a template unit file that allows to run a specific OpenVPN configuration. I wrote a blog post earlier with a more detailed example of template files.
  3. The lib/systemd/system-generators/openvpn-generator ensures that systemd will start a separate service for each *.conf file in /etc/openvpn using the [email protected] template unit file.

With everything in place, we can finally build the .deb package:

fpm -s dir -t deb -C /tmp/openvpn-package/ \
  --name openvpn \
  --version 2.4.6 \
  --depends openssl \
  --depends libssl1.0.0 \
  --depends liblzo2-2 \
  --depends libpam0g \
  --depends easy-rsa \
  --depends libsystemd0 \
  --deb-systemd "/tmp/debian/openvpn.service" \
  --description "OpenVPN: virtual private network daemon" \
  .

The openvpn_2.4.6_amd64.deb file will now be created in the current working directory.

You can install it with sudo apt-get install -f ./openvpn_2.4.6_amd64.deb or upload it to your private repository.

All that was left for me to do is copy over my existing configuration to /etc/openvpn and start the service. If I have a server configuration called server.conf in /etc/openvpn, I can then start it with sudo systemctl start [email protected].

comments powered by Disqus