Since I'm curious about IPv6 support, I tried to compile the latest version of OpenVPN. openvpn-201204 on FreeBSD compiles and seems to work fine.
openvpn-git-master (3a90edbd194140eef51c245edfcf9afc0ecb2d13) on Mac OS X fails:
Code: Select all
% sudo make check
...
SKIP: t_client.sh
Sat Feb 11 13:50:55 2012 OpenVPN 2.x-master x86_64-apple-darwin11.2.0 [SSL (OpenSSL)] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on Feb 11 2012
Sat Feb 11 13:50:55 2012 OpenVPN 2.x-master x86_64-apple-darwin11.2.0 [SSL (OpenSSL)] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on Feb 11 2012
Sat Feb 11 13:50:55 2012 Cipher 'BF-CBC' uses a mode not supported by OpenVPN in your current configuration. CBC mode is always supported, while CFB and OFB modes are supported only when using SSL/TLS authentication and key exchange mode, and when OpenVPN has been built with ALLOW_NON_CBC_CIPHERS.
Sat Feb 11 13:50:55 2012 Exiting due to fatal error
FAIL: t_lpback.sh
...
My first idea was to check if openssl was correctly found, but I do not see anything out of the ordinary. Does anyone have advise I can investigate this?
Code: Select all
% ./configure --with-lzo-headers=/opt/local/include --with-lzo-lib=/opt/local/lib
...
configure: checking for pkcs11-helper Library and Header files...
checking pkcs11-helper-1.0/pkcs11h-core.h usability... no
checking pkcs11-helper-1.0/pkcs11h-core.h presence... no
checking for pkcs11-helper-1.0/pkcs11h-core.h... no
pkcs11-helper headers not found.
configure: checking for OpenSSL Crypto Library and Header files...
checking openssl/evp.h usability... yes
checking openssl/evp.h presence... yes
checking for openssl/evp.h... yes
checking for EVP_CIPHER_CTX_init in -lcrypto... yes
checking for EVP_CIPHER_CTX_init in -leay32... no
checking that OpenSSL Library is at least version 0.9.6... yes
checking for EVP_CIPHER_CTX_set_key_length... yes
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking for ENGINE_load_builtin_engines... yes
checking for ENGINE_register_all_complete... yes
checking for ENGINE_cleanup... yes
...
% /usr/local/sbin/openvpn --version
OpenVPN 2.x-master x86_64-apple-darwin11.2.0 [SSL (OpenSSL)] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on Feb 11 2012
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
$ ./configure --with-lzo-headers=/opt/local/include --with-lzo-lib=/opt/local/lib
Compile time defines: ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_OPENSSL USE_SSL
% otool -l /usr/local/sbin/openvpn
...
Load command 11
cmd LC_LOAD_DYLIB
cmdsize 64
name /opt/local/lib/libssl.1.0.0.dylib (offset 24)
time stamp 2 Thu Jan 1 01:00:02 1970
current version 1.0.0
compatibility version 1.0.0
Load command 12
cmd LC_LOAD_DYLIB
cmdsize 64
name /opt/local/lib/libcrypto.1.0.0.dylib (offset 24)
time stamp 2 Thu Jan 1 01:00:02 1970
current version 1.0.0
compatibility version 1.0.0
Load command 13
cmd LC_LOAD_DYLIB
cmdsize 56
name /opt/local/lib/liblzo2.2.dylib (offset 24)
time stamp 2 Thu Jan 1 01:00:02 1970
current version 3.0.0
compatibility version 3.0.0
Load command 14
cmd LC_LOAD_DYLIB
cmdsize 56
name /usr/lib/libSystem.B.dylib (offset 24)
time stamp 2 Thu Jan 1 01:00:02 1970
current version 159.1.0
compatibility version 1.0.0
...
% /opt/local/bin/openssl ciphers
CDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
% /opt/local/bin/openssl version
OpenSSL 1.0.0f 4 Jan 2012
% uname -rsv
Darwin 11.2.0 Darwin Kernel Version 11.2.0: Tue Aug 9 20:54:00 PDT 2011; root:xnu-1699.24.8~1/RELEASE_X86_64