I was running an OpenVPN 2.4.6 server on an Ubuntu 14.04 (Trusty) machine which needed to be upgraded to Ubuntu 18.04 (Bionic). I previously installed it on Trusty using the official OpenVPN repositories but that didn’t support the Bionic release at the time of writing.
The official Ubuntu Bionic repository offers OpenVPN too, but only version 2.4.4 and I don’t want to downgrade my installation. To solve this, I’ll compile OpenVPN from source and create a
.deb package to install it with.
Prepare the build system
Let’s start by installing the necessary build tools:
sudo apt-get update sudo apt-get install build-essential autoconf pkg-config
Now we’ll also need to install the libraries OpenVPN relies on:
sudo apt-get install liblzo2-dev libtool libssl-dev libpam0g-dev libssl1.0.0 openssl libsystemd-dev
Let’s grab the 2.4.6 source tarball from GitHub and extract it:
wget https://github.com/OpenVPN/openvpn/archive/v2.4.6.tar.gz -O openvpn-2.4.6.tar.gz tar -xvf openvpn-2.4.6.tar.gz
Go to the source directory and generate the configure script with
autoreconf, and then run it to get ready to compile the source code:
cd openvpn-2.4.6 autoreconf -ivf ./configure --prefix="/usr/" --enable-systemd
I added the
--enable-systemd flag so that OpenVPN will be compiled with Systemd support, because I manage all services with Systemd on Ubuntu 18.04.
Now we’re ready to compile it:
If you want to install the compiled binaries and configuration files right away, you can run
make install and you’re done. However, I want to create a
.deb package that I can reuse later.
Create a .deb package
I’ll use the super-handy fpm tool to generate the package, so let’s install that first:
sudo apt-get install ruby-dev sudo gem install fpm
Now we should install the OpenVPN files into a temporary directory. We’ll use this directory to layout the package contents with:
mkdir /tmp/openvpn-package/ make DESTDIR=/tmp/openvpn-package/ install
The contents of this temporary directory now mimics what will be installed by the package. There are a few extra directories I need, so I’ll add them first:
cd /tmp/openvpn-package/ mkdir -p etc/openvpn var/log/openvpn/ run/openvpn/
Finally, I also need systemd unit files to be able to (automatically) start and manage the OpenVPN server.
Smarter people than me already created these, so let’s make use of those! We can grab the source for the OpenVPN 2.4.6 package on Ubuntu 18.10 (Cosmic) and copy the systemd files out of it:
# Download the source tarball and extract the files: cd /tmp/ wget http://archive.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn\_2.4.6-1ubuntu2.debian.tar.xz tar -xvf openvpn\_2.4.6-1ubuntu2.debian.tar.xz # this will extract into the /tmp/debian/ directory # Copy the required files over: cd /tmp/openvpn-package mkdir -p lib/systemd/system/ lib/systemd/system-generators/ usr/lib/tmpfiles.d/ cp /tmp/debian/openvpn.conf usr/lib/tmpfiles.d/ cp /tmp/debian/[email protected] lib/systemd/system/ cp /tmp/debian/openvpn-generator lib/systemd/system-generators/
These files are pretty self-explanatory. In short, they work like this:
usr/lib/tmpfiles.d/openvpn.confwill make sure systemd creates the
/run/openvpn/directory on startup. This is the directory where the process PIDs will be stored in.
lib/systemd/system/[email protected]file is a template unit file that allows to run a specific OpenVPN configuration. I wrote a blog post earlier with a more detailed example of template files.
lib/systemd/system-generators/openvpn-generatorensures that systemd will start a separate service for each
[email protected]template unit file.
With everything in place, we can finally build the
fpm -s dir -t deb -C /tmp/openvpn-package/ \ --name openvpn \ --version 2.4.6 \ --depends openssl \ --depends libssl1.0.0 \ --depends liblzo2-2 \ --depends libpam0g \ --depends easy-rsa \ --depends libsystemd0 \ --deb-systemd "/tmp/debian/openvpn.service" \ --description "OpenVPN: virtual private network daemon" \ .
openvpn_2.4.6_amd64.deb file will now be created in the current working directory.
You can install it with
sudo apt-get install -f ./openvpn_2.4.6_amd64.deb or upload it to your private repository.
All that was left for me to do is copy over my existing configuration to
/etc/openvpn and start the service. If I have a server configuration called
/etc/openvpn, I can then start it with
sudo systemctl start [email protected].