https://github.com/ansibleguy/openvpn-recompiled
OpenVPN re-compiled with useful flags
https://github.com/ansibleguy/openvpn-recompiled
openvpn openvpn-hardening openvpn-iproute2 openvpn-server openvpn-unprivileged
Last synced: 4 months ago
JSON representation
OpenVPN re-compiled with useful flags
- Host: GitHub
- URL: https://github.com/ansibleguy/openvpn-recompiled
- Owner: ansibleguy
- Created: 2023-07-31T03:56:26.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-08-15T21:44:42.000Z (over 2 years ago)
- Last Synced: 2025-06-09T14:51:06.264Z (6 months ago)
- Topics: openvpn, openvpn-hardening, openvpn-iproute2, openvpn-server, openvpn-unprivileged
- Language: Python
- Homepage:
- Size: 24.4 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: Readme.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
README
# OpenVPN Re-Compiled
[OpenVPN community](https://community.openvpn.net/openvpn) is a great application and project!
But its default packages may lack some important features that can only be enabled at compile-time - like:
* `--enable-iproute2` to enable OpenVPN to [run as unprivileged user](https://openvpn.net/community-resources/hardening-openvpn-security/)
This repository:
* wants to provide re-compiled packages for those use-cases
* focuses on server-side usage
* currently only has support for 64bit debian-based systems on x86_64 architecture
If you would like to see another combinations of flags - [check out the options](https://github.com/ansibleguy/openvpn-recompiled/blob/main/Flags.md) and [create an issue](https://github.com/ansibleguy/openvpn-recompiled/issues)
## Transparency
As security is important for a software like OpenVPN - it should be transparent and easy to understand how the binaries are build!
We are:
- pulling OpenVPN source-code directly from [swupdate.openvpn.org](https://swupdate.openvpn.org/community)
- not modifying OpenVPN code
To verify this behavior, you can check out the [build job](https://github.com/ansibleguy/openvpn-recompiled/blob/main/.github/workflows/build.yml) and [build script](https://github.com/ansibleguy/openvpn-recompiled/blob/main/scripts/build.sh).
## Usage
1. Download the re-compiled binary
Version `2.6.5` in this example.
```bash
wget https://github.com/ansibleguy/openvpn-recompiled/releases/download/2.6.5/openvpn-x86_64-debian+enable-iproute2
```
2. Uninstall existing OpenVPN
```bash
apt remove openvpn
```
3. Move it
```bash
sudo mv openvpn-x86_64-debian+enable-iproute2 /usr/local/bin/openvpn
sudo chmod 755 /usr/local/bin/openvpn
sudo chown root:root /usr/local/bin/openvpn
```
4. Verify
```bash
openvpn --version
> OpenVPN 2.6.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
> library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
> Originally developed by James Yonan
> Copyright (C) 2002-2023 OpenVPN Inc
> Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_dco=no enable_dco_arg=auto enable_debug=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_pam_dlopen=no enable_pedantic=no enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_wolfssl_options_h=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=auto with_sysroot=no
```