Compiling standalone OpenVPN 2.4.4

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
ignasbernotas
OpenVpn Newbie
Posts: 1
Joined: Wed Feb 14, 2018 12:53 pm

Compiling standalone OpenVPN 2.4.4

Post by ignasbernotas » Wed Feb 14, 2018 1:49 pm

Hi, I'm trying to build a shippable, openvpn binary so I could embed it into my app (OSX). However, I'm struggling to figure out how to do it. It compiles, but it still depends on dynamic openssl libraries, that I'd like to get rid of it (by that I mean, compile it into the binary), if possible since some VPN providers do it. Appears that static linking doesn't work. Any help is highly appreciated:) thanks!

Here's the output of my compiled version using the otool:

Code: Select all

otool -L built/openvpn/sbin/openvpn
built/openvpn/sbin/openvpn:
	/usr/local/opt/lzo/lib/liblzo2.2.dylib (compatibility version 3.0.0, current version 3.0.0)
	/usr/local/opt/openssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
	/usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1252.0.0)
	/usr/lib/libresolv.9.dylib (compatibility version 1.0.0, current version 1.0.0)
And here's the output of one of the VPN provider's binary:

Code: Select all

otool -L openvpn
openvpn:
	/usr/lib/libresolv.9.dylib (compatibility version 1.0.0, current version 1.0.0)
	/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.5)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1226.10.1)
Here are my configuration options:

Code: Select all

#!/usr/bin/env bash
BUILDING_PATH="/Users/ignas/vpn/builder/built"

PKG_CONFIG_PATH="$BUILDING_PATH/pkcs11-helper/lib/pkgconfig" \
PKCS11_HELPER_CFLAGS="-I$BUILDING_PATH/pkcs11-helper/include/" \
PKCS11_HELPER_LIBS="-L$BUILDING_PATH/pkcs11-helper/lib \
                                                           -lpkcs11-helper" \
CPPFLAGS="-I/usr/local/opt/openssl/include" \
LDFLAGS="-L/usr/local/opt/openssl/lib" \
OPENSSL_CFLAGS="-I/usr/local/opt/openssl/include/openssl/" \
OPENSSL_LIBS="-I/usr/local/opt/openssl/lib/ -lssl" \
./configure \
    --disable-debug \
    --disable-shared \
    --disable-dependency-tracking \
    --disable-silent-rules \
    --with-crypto-library=openssl \
    --enable-pkcs11=yes \
    --prefix="$BUILDING_PATH/openvpn" \
    --enable-static=yes \
    --enable-shared=no

make #LIBS="-all-static"
make install
Here's the output: not sure why this fails?

Code: Select all

configure: error: openssl check failed

Code: Select all

checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... ./install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking build system type... x86_64-apple-darwin17.4.0
checking host system type... x86_64-apple-darwin17.4.0
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... none
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking minix/config.h usability... no
checking minix/config.h presence... no
checking for minix/config.h... no
checking whether it is safe to define __EXTENSIONS__... yes
checking for pkg-config... no
checking how to run the C preprocessor... gcc -E
checking whether ln -s works... yes
checking for a sed that does not truncate output... /usr/bin/sed
checking whether make sets $(MAKE)... (cached) yes
checking for ifconfig... /sbin/ifconfig
checking for route... /sbin/route
checking for ip... no
checking for systemd-ask-password... no
checking for netstat... netstat
checking for man2html... no
checking for git... git
checking how to print strings... printf
checking for a sed that does not truncate output... (cached) /usr/bin/sed
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /Library/Developer/CommandLineTools/usr/bin/ld
checking if the linker (/Library/Developer/CommandLineTools/usr/bin/ld) is GNU ld... no
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking the maximum length of command line arguments... 196608
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking how to convert x86_64-apple-darwin17.4.0 file names to x86_64-apple-darwin17.4.0 format... func_convert_file_noop
checking how to convert x86_64-apple-darwin17.4.0 file names to toolchain format... func_convert_file_noop
checking for /Library/Developer/CommandLineTools/usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... no
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for mt... no
checking if : is a manifest tool... no
checking for dsymutil... dsymutil
checking for nmedit... nmedit
checking for lipo... lipo
checking for otool... otool
checking for otool64... no
checking for -single_module linker flag... yes
checking for -exported_symbols_list linker flag... yes
checking for -force_load linker flag... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... yes
checking for gcc option to produce PIC... -fno-common -DPIC
checking if gcc PIC flag -fno-common -DPIC works... yes
checking if gcc static flag -static works... no
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/Library/Developer/CommandLineTools/usr/bin/ld) supports shared libraries... yes
checking dynamic linker characteristics... darwin17.4.0 dyld
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... no
checking whether to build static libraries... yes
checking for windres... no
checking for an ANSI C-conforming const... yes
checking for inline... inline
checking for working volatile... yes
checking for off_t... yes
checking for pid_t... yes
checking for size_t... yes
checking for uid_t in sys/types.h... yes
checking for int8_t... yes
checking for int16_t... yes
checking for int32_t... yes
checking for int64_t... yes
checking for uint8_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking return type of signal handlers... void
checking for ISO C 1999 vararg macro support... yes
checking for GNU GCC vararg macro support... yes
checking for socklen_t... yes
checking for C compiler empty array size... 0
checking size of unsigned int... 4
checking size of unsigned long... 8
checking stdio.h usability... yes
checking stdio.h presence... yes
checking for stdio.h... yes
checking stdarg.h usability... yes
checking stdarg.h presence... yes
checking for stdarg.h... yes
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking time.h usability... yes
checking time.h presence... yes
checking for time.h... yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking io.h usability... no
checking io.h presence... no
checking for io.h... no
checking direct.h usability... no
checking direct.h presence... no
checking for direct.h... no
checking ctype.h usability... yes
checking ctype.h presence... yes
checking for ctype.h... yes
checking for sys/types.h... (cached) yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking signal.h usability... yes
checking signal.h presence... yes
checking for signal.h... yes
checking for unistd.h... (cached) yes
checking for dlfcn.h... (cached) yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking netinet/in_systm.h usability... yes
checking netinet/in_systm.h presence... yes
checking for netinet/in_systm.h... yes
checking netinet/tcp.h usability... yes
checking netinet/tcp.h presence... yes
checking for netinet/tcp.h... yes
checking arpa/inet.h usability... yes
checking arpa/inet.h presence... yes
checking for arpa/inet.h... yes
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking windows.h usability... no
checking windows.h presence... no
checking for windows.h... no
checking winsock2.h usability... no
checking winsock2.h presence... no
checking for winsock2.h... no
checking ws2tcpip.h usability... no
checking ws2tcpip.h presence... no
checking for ws2tcpip.h... no
checking versionhelpers.h usability... no
checking versionhelpers.h presence... no
checking for versionhelpers.h... no
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking for sys/stat.h... (cached) yes
checking sys/mman.h usability... yes
checking sys/mman.h presence... yes
checking for sys/mman.h... yes
checking sys/file.h usability... yes
checking sys/file.h presence... yes
checking for sys/file.h... yes
checking sys/wait.h usability... yes
checking sys/wait.h presence... yes
checking for sys/wait.h... yes
checking for unistd.h... (cached) yes
checking for signal.h... (cached) yes
checking libgen.h usability... yes
checking libgen.h presence... yes
checking for libgen.h... yes
checking stropts.h usability... no
checking stropts.h presence... no
checking for stropts.h... no
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking pwd.h usability... yes
checking pwd.h presence... yes
checking for pwd.h... yes
checking grp.h usability... yes
checking grp.h presence... yes
checking for grp.h... yes
checking sys/sockio.h usability... yes
checking sys/sockio.h presence... yes
checking for sys/sockio.h... yes
checking sys/uio.h usability... yes
checking sys/uio.h presence... yes
checking for sys/uio.h... yes
checking linux/sockios.h usability... no
checking linux/sockios.h presence... no
checking for linux/sockios.h... no
checking linux/types.h usability... no
checking linux/types.h presence... no
checking for linux/types.h... no
checking sys/poll.h usability... yes
checking sys/poll.h presence... yes
checking for sys/poll.h... yes
checking sys/epoll.h usability... no
checking sys/epoll.h presence... no
checking for sys/epoll.h... no
checking err.h usability... yes
checking err.h presence... yes
checking for err.h... yes
checking for net/if.h... yes
checking for netinet/ip.h... yes
checking for resolv.h... yes
checking for sys/un.h... yes
checking for net/if_utun.h... yes
checking for sys/kern_control.h... yes
checking for in_addr_t... yes
checking for in_port_t... yes
checking for struct iphdr... no
checking for struct sock_extended_err... no
checking for struct msghdr... yes
checking for struct cmsghdr... yes
checking for struct in_pktinfo... (cached) no
checking for sa_family_t... yes
checking for struct in_pktinfo.ipi_spec_dst... yes
checking for struct sockaddr_in6... yes
checking whether SO_MARK is declared... no
configure: checking anonymous union support...
yes
checking linker supports --wrap... no
checking whether SIGHUP is declared... yes
checking whether SIGINT is declared... yes
checking whether SIGUSR1 is declared... yes
checking whether SIGUSR2 is declared... yes
checking whether SIGTERM is declared... yes
checking vfork.h usability... no
checking vfork.h presence... no
checking for vfork.h... no
checking for fork... yes
checking for vfork... yes
checking for working fork... yes
checking for working vfork... (cached) yes
checking for daemon... yes
checking for chroot... yes
checking for getpwnam... yes
checking for setuid... yes
checking for nice... yes
checking for system... yes
checking for getpid... yes
checking for dup... yes
checking for dup2... yes
checking for getpass... yes
checking for syslog... yes
checking for openlog... yes
checking for mlockall... yes
checking for getgrnam... yes
checking for setgid... yes
checking for setgroups... yes
checking for stat... yes
checking for flock... yes
checking for readv... yes
checking for writev... yes
checking for time... yes
checking for gettimeofday... yes
checking for ctime... yes
checking for memset... yes
checking for vsnprintf... yes
checking for strdup... yes
checking for setsid... yes
checking for chdir... yes
checking for putenv... yes
checking for getpeername... yes
checking for unlink... yes
checking for chsize... no
checking for ftruncate... yes
checking for execve... yes
checking for getpeereid... yes
checking for umask... yes
checking for basename... yes
checking for dirname... yes
checking for access... yes
checking for epoll_create... no
checking for dlopen in -ldl... yes
checking for inet_ntoa in -lnsl... no
checking for socket in -lsocket... no
checking for gethostbyname in -lresolv... yes
checking for sendmsg... yes
checking for recvmsg... yes
checking for inet_ntop... yes
checking for inet_pton... yes
checking for socket... yes
checking for recv... yes
checking for recvfrom... yes
checking for send... yes
checking for sendto... yes
checking for listen... yes
checking for accept... yes
checking for connect... yes
checking for bind... yes
checking for select... yes
checking for gethostbyname... yes
checking for inet_ntoa... yes
checking for setsockopt... yes
checking for getsockopt... yes
checking for getsockname... yes
checking for poll... yes
checking for library containing __res_init... no
checking for library containing res_9_init... -lresolv
checking net/if_tun.h usability... no
checking net/if_tun.h presence... no
checking for net/if_tun.h... no
checking net/tun/if_tun.h usability... no
checking net/tun/if_tun.h presence... no
checking for net/tun/if_tun.h... no
checking linux/if_tun.h usability... no
checking linux/if_tun.h presence... no
checking for linux/if_tun.h... no
checking tap-windows.h usability... no
checking tap-windows.h presence... no
checking for tap-windows.h... no
checking whether TUNSETPERSIST is declared... no
checking for setcon in -lselinux... no
checking for pam_start in -lpam... yes
checking for PKCS11_HELPER... yes
checking for SSL_CTX_new... yes
checking for EVP_CIPHER_CTX_set_key_length... no
configure: error: openssl check failed
/Library/Developer/CommandLineTools/usr/bin/make  all-recursive
Making all in build
Making all in msvc
Making all in msvc-generate
make[4]: Nothing to be done for `all'.
make[4]: Nothing to be done for `all-am'.
make[3]: Nothing to be done for `all-am'.
Making all in distro
Making all in rpm
make[3]: Nothing to be done for `all'.
Making all in systemd
make[3]: Nothing to be done for `all'.
make[3]: Nothing to be done for `all-am'.
Making all in include
/Library/Developer/CommandLineTools/usr/bin/make  all-am
Making all in src
Making all in compat
make[3]: Nothing to be done for `all'.
Making all in openvpn
make[3]: Nothing to be done for `all'.
Making all in openvpnserv
make[3]: Nothing to be done for `all'.
Making all in plugins
Making all in auth-pam
make[4]: Nothing to be done for `all'.
Making all in down-root
make[4]: Nothing to be done for `all'.
make[4]: Nothing to be done for `all-am'.
make[3]: Nothing to be done for `all-am'.
Making all in sample
make[2]: Nothing to be done for `all'.
Making all in doc
make[2]: Nothing to be done for `all'.
Making all in vendor
make[2]: Nothing to be done for `all'.
Making all in tests
Making all in unit_tests
make[4]: Nothing to be done for `all-am'.
make[3]: Nothing to be done for `all-am'.
/Library/Developer/CommandLineTools/usr/bin/make  install-recursive
Making install in build
Making install in msvc
Making install in msvc-generate
make[5]: Nothing to be done for `install-exec-am'.
make[5]: Nothing to be done for `install-data-am'.
make[5]: Nothing to be done for `install-exec-am'.
make[5]: Nothing to be done for `install-data-am'.
make[4]: Nothing to be done for `install-exec-am'.
make[4]: Nothing to be done for `install-data-am'.
Making install in distro
Making install in rpm
make[4]: Nothing to be done for `install-exec-am'.
make[4]: Nothing to be done for `install-data-am'.
Making install in systemd
make[4]: Nothing to be done for `install-exec-am'.
/Library/Developer/CommandLineTools/usr/bin/make  install-data-hook
make[5]: Nothing to be done for `install-data-hook'.
make[4]: Nothing to be done for `install-exec-am'.
make[4]: Nothing to be done for `install-data-am'.
Making install in include
make[3]: Nothing to be done for `install-exec-am'.
 .././install-sh -c -d '/Users/ignas/vpn/builder/built/openvpn/include'
 /usr/bin/install -c -m 644 openvpn-plugin.h openvpn-msg.h '/Users/ignas/vpn/builder/built/openvpn/include'
Making install in src
Making install in compat
make[4]: Nothing to be done for `install-exec-am'.
make[4]: Nothing to be done for `install-data-am'.
Making install in openvpn
 ../.././install-sh -c -d '/Users/ignas/vpn/builder/built/openvpn/sbin'
  /bin/sh ../../libtool   --mode=install /usr/bin/install -c openvpn '/Users/ignas/vpn/builder/built/openvpn/sbin'
libtool: install: /usr/bin/install -c openvpn /Users/ignas/vpn/builder/built/openvpn/sbin/openvpn
make[4]: Nothing to be done for `install-data-am'.
Making install in openvpnserv
make[4]: Nothing to be done for `install-data-am'.
Making install in plugins
Making install in auth-pam
make[5]: Nothing to be done for `install-exec-am'.
 ../../.././install-sh -c -d '/Users/ignas/vpn/builder/built/openvpn/share/doc/openvpn'
 /usr/bin/install -c -m 644 README.auth-pam '/Users/ignas/vpn/builder/built/openvpn/share/doc/openvpn'
 ../../.././install-sh -c -d '/Users/ignas/vpn/builder/built/openvpn/lib/openvpn/plugins'
 /bin/sh ../../../libtool   --mode=install /usr/bin/install -c   openvpn-plugin-auth-pam.la '/Users/ignas/vpn/builder/built/openvpn/lib/openvpn/plugins'
libtool: install: /usr/bin/install -c .libs/openvpn-plugin-auth-pam.so /Users/ignas/vpn/builder/built/openvpn/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
libtool: install: /usr/bin/install -c .libs/openvpn-plugin-auth-pam.lai /Users/ignas/vpn/builder/built/openvpn/lib/openvpn/plugins/openvpn-plugin-auth-pam.la
libtool: install: warning: remember to run `libtool --finish /Users/ignas/vpn/builder/built/openvpn/bin/lib/openvpn/plugins'
Making install in down-root
make[5]: Nothing to be done for `install-exec-am'.
 ../../.././install-sh -c -d '/Users/ignas/vpn/builder/built/openvpn/share/doc/openvpn'
 /usr/bin/install -c -m 644 README.down-root '/Users/ignas/vpn/builder/built/openvpn/share/doc/openvpn'
 ../../.././install-sh -c -d '/Users/ignas/vpn/builder/built/openvpn/lib/openvpn/plugins'
 /bin/sh ../../../libtool   --mode=install /usr/bin/install -c   openvpn-plugin-down-root.la '/Users/ignas/vpn/builder/built/openvpn/lib/openvpn/plugins'
libtool: install: /usr/bin/install -c .libs/openvpn-plugin-down-root.so /Users/ignas/vpn/builder/built/openvpn/lib/openvpn/plugins/openvpn-plugin-down-root.so
libtool: install: /usr/bin/install -c .libs/openvpn-plugin-down-root.lai /Users/ignas/vpn/builder/built/openvpn/lib/openvpn/plugins/openvpn-plugin-down-root.la
libtool: install: warning: remember to run `libtool --finish /Users/ignas/vpn/builder/built/openvpn/bin/lib/openvpn/plugins'
make[5]: Nothing to be done for `install-exec-am'.
make[5]: Nothing to be done for `install-data-am'.
make[4]: Nothing to be done for `install-exec-am'.
make[4]: Nothing to be done for `install-data-am'.
Making install in sample
make[3]: Nothing to be done for `install-exec-am'.
Making install in doc
make[3]: Nothing to be done for `install-exec-am'.
 .././install-sh -c -d '/Users/ignas/vpn/builder/built/openvpn/share/doc/openvpn'
 /usr/bin/install -c -m 644 management-notes.txt '/Users/ignas/vpn/builder/built/openvpn/share/doc/openvpn'
 .././install-sh -c -d '/Users/ignas/vpn/builder/built/openvpn/share/man/man8'
 /usr/bin/install -c -m 644 openvpn.8 '/Users/ignas/vpn/builder/built/openvpn/share/man/man8'
Making install in vendor
make[3]: Nothing to be done for `install-exec-am'.
make[3]: Nothing to be done for `install-data-am'.
Making install in tests
Making install in unit_tests
make[5]: Nothing to be done for `install-exec-am'.
make[5]: Nothing to be done for `install-data-am'.
make[4]: Nothing to be done for `install-exec-am'.
make[4]: Nothing to be done for `install-data-am'.
make[3]: Nothing to be done for `install-exec-am'.
 ./install-sh -c -d '/Users/ignas/vpn/builder/built/openvpn/share/doc/openvpn'
 /usr/bin/install -c -m 644 README README.IPv6 README.mbedtls Changes.rst COPYRIGHT.GPL COPYING '/Users/ignas/vpn/builder/built/openvpn/share/doc/openvpn'

jeremyrutman
OpenVpn Newbie
Posts: 1
Joined: Wed Mar 07, 2018 9:15 am

Re: Compiling standalone OpenVPN 2.4.4

Post by jeremyrutman » Wed Mar 07, 2018 9:29 am

I also get the openssl check failed for openvpn 2.4.5 when I try
./configure

Post Reply