Skip to content

Instantly share code, notes, and snippets.

@Anubisss

Anubisss/README.md

Last active Sep 28, 2020
Embed
What would you like to do?
How to compile statically linked OpenVPN client for ARMv5

How to compile statically linked OpenVPN client for ARMv5

You need to install ARMv5 gcc cross compiler: apt-get install gcc-arm-linux-gnueabi

You have to define a directory (via --prefix) where all of your binaries will be installed (copied). In the guide I use the following: /home/user/vpn_compile

OpenSSL

  1. Download the source: wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
  2. Extract it and change the working directory: tar -xvf openssl-1.0.2j.tar.gz && cd openssl-1.0.2j
  3. Configure it: ./Configure gcc -static -no-shared --prefix=/home/user/vpn_compile --cross-compile-prefix=arm-linux-gnueabi-
  4. Compile: make
  5. Install: make install

LZO

  1. Download the source: wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.09.tar.gz
  2. Extract it and change the working directory: tar -xvf lzo-2.09.tar.gz && cd lzo-2.09
  3. Configure it: ./configure --prefix=/home/user/vpn_compile --enable-static --target=arm-linux-gnueabi --host=arm-linux-gnueabi --disable-debug
  4. Compile: make
  5. Install: make install

OpenVPN

  1. Download the source: wget https://swupdate.openvpn.org/community/releases/openvpn-2.3.12.tar.gz
  2. Extract it and change the working directory: tar -xvf openvpn-2.3.12.tar.gz && cd openvpn-2.3.12
  3. Configure it: ./configure --target=arm-linux-gnueabi --host=arm-linux-gnueabi --prefix=/home/user/vpn_compile --disable-server --enable-static --disable-shared --disable-debug --disable-plugins OPENSSL_SSL_LIBS="-L/home/user/vpn_compile/lib -lssl" OPENSSL_SSL_CFLAGS="-I/home/user/vpn_compile/include" OPENSSL_CRYPTO_LIBS="-L/home/user/vpn_compile/lib -lcrypto" OPENSSL_CRYPTO_CFLAGS="-I/home/user/vpn_compile/include" LZO_CFLAGS="-I/home/user/vpn_compile/include" LZO_LIBS="-L/home/user/vpn_compile/lib -llzo2"
  4. Compile: make LIBS="-all-static"
  5. Install: make install

Your OpenVPN client is here: /home/user/vpn_compile/sbin/openvpn

Make sure this is what you need:

$ file /home/user/vpn_compile/sbin/openvpn
/home/user/vpn_compile/sbin/openvpn: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, for GNU/Linux 3.2.0, BuildID[sha1]=e6fd2008c129fef90ed9826e3ffb9d53e83eb42c, not stripped

Versions

Build system:

$ uname -rm
4.4.0-45-generic x86_64
$ cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.1 LTS"
$ arm-linux-gnueabi-gcc --version
arm-linux-gnueabi-gcc (Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.1) 5.4.0 20160609

Target system:

$ uname -rm
3.2.34 armv5tejl
$ openvpn --version
OpenVPN 2.3.12 arm-unknown-linux-gnueabi [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 27 2016
library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=no enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=no enable_plugin_down_root=no enable_plugins=no enable_port_share=yes enable_selinux=no enable_server=no enable_shared=no enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no
@BenoitDuffez

This comment has been minimized.

Copy link

@BenoitDuffez BenoitDuffez commented Jul 1, 2017

Step OpenVPN, end of step 3: missing slash:

LZO_LIBS="-L/home/user/vpn_compilelib -llzo2"

vs

LZO_LIBS="-L/home/user/vpn_compile/lib -llzo2"

Otherwise thanks a lot for all of this. I'd still need to figure out how to build for linux 2.6 though, my target device has a very old kernel.

@adrianhans

This comment has been minimized.

Copy link

@adrianhans adrianhans commented Jul 6, 2017

if experiencing any error related to "unable to find openssl lib" (e.g. configure: error: openssl check failed), you may want to try replacing
OPENSSL_SSL_LIBS="-L/home/user/vpn_compile/lib -lssl" OPENSSL_SSL_CFLAGS="-I/home/user/vpn_compile/include" OPENSSL_CRYPTO_LIBS="-L/home/user/vpn_compile/lib -lcrypto" OPENSSL_CRYPTO_CFLAGS="-I/home/user/vpn_compile/include" LZO_CFLAGS="-I/home/user/vpn_compile/include" LZO_LIBS="-L/home/user/vpn_compilelib -llzo2"

with

OPENSSL_SSL_CFLAGS="-I/home/user/vpn_compile/include" OPENSSL_CRYPTO_CFLAGS="-I/home/user/vpn_compile/include" LZO_CFLAGS="-I/home/user/vpn_compile/include" LIBS="-L/home/user/vpn_compile/lib -lssl -lcrypto -llzo2"

since the order of "-lssl -lcrypto -llzo2" matters. It works for me.

@Anubisss

This comment has been minimized.

Copy link
Owner Author

@Anubisss Anubisss commented Sep 19, 2017

@BenoitDuffez Thanks i fixed it.

@mzpqnxow

This comment has been minimized.

Copy link

@mzpqnxow mzpqnxow commented Apr 14, 2018

I just want to point out here to save others time.. some time between OpenVPN 2.3 and OpenVPN 2.4.5 the names of the variables related to OpenSSL changed from OPENSSL_SSL_CFLAGS to OPENSSL_CFLAGS as well as OPENSSL_SSL_LIBS to OPENSSL_LIBS. I was banging my head against a wall until I finally just did a diff of the ./configure --help output of the 2 versions :>

Building for a Ubiquity EdgeRouter, my final configure command for OpenVPN 2.4.5 (latest stable) ended up like this (note I added LZ4 and a few other things just to match the stock Ubiquity shipped OpenVPN:

~/openvpn-2.4.5$ ./configure --disable-plugins --target=mips-32-linux-musl --host=mips-32-linux-musl --prefix=/home/user/vpn_compile --disable-server --enable-static --disable-shared --disable-debug OPENSSL_LIBS="-L/home/user/vpn_compile/lib -lssl" OPENSSL_CFLAGS="-I/home/user/vpn_compile/include" OPENSSL_CRYPTO_LIBS="-L/home/user/vpn_compile/lib -lcrypto" OPENSSL_CRYPTO_CFLAGS="-I/home/user/vpn_compile/include" LZO_CFLAGS="-I/home/user/vpn_compile/include" LZ4_CFLAGS='-I/home/user/vpn_compile/include' LZO_LIBS="-L/home/user/vpn_compile/lib -llzo2" LZ4_LIBS="-L/home/user/vpn_compile/lib -llz4" LIBS="-L/home/user/vpn_compile/lib -lssl -lcrypto -llzo2 -llz4" IFCONFIG=/sbin/ifconfig ROUTE=/sbin/route NETSTAT=/bin/netstat IPROUTE=/sbin/ip --enable-x509-alt-username --enable-fast-install --enable-iproute2
@hanneshoettinger

This comment has been minimized.

Copy link

@hanneshoettinger hanneshoettinger commented Jul 1, 2020

I am building 2.4.9 (2.3.12 works with the given description, thanks for that!!):
./configure --target=arm-linux-gnueabihf --host=arm-linux-gnueabihf --prefix=/home/user/vpn_compile --disable-server --enable-static --disable-shared --disable-debug --disable-plugins OPENSSL_LIBS="-L/home/user/vpn_compile/lib -lssl" OPENSSL_CFLAGS="-I/home/user/vpn_compile/include" OPENSSL_CRYPTO_LIBS="-L/home/user/vpn_compile/lib -lcrypto" OPENSSL_CRYPTO_CFLAGS="-I/home/user/vpn_compile/include" LZO_CFLAGS="-I/home/user/vpn_compile/include" LZO_LIBS="-L/home/user/vpn_compile/lib -llzo2" LIBS="-L/home/user/vpn_compile/lib -lssl -lcrypto -llzo2"

However, resulting in:

/home/user/vpn_compile/lib/libssl.a(statem_clnt.o): In function `tls_construct_client_hello':
statem_clnt.c:(.text+0x1a2): undefined reference to `OPENSSL_sk_num'
statem_clnt.c:(.text+0x1be): undefined reference to `OPENSSL_sk_value'
statem_clnt.c:(.text+0x332): undefined reference to `RAND_bytes'
statem_clnt.c:(.text+0x39a): undefined reference to `ERR_add_error_data'
statem_clnt.c:(.text+0x458): undefined reference to `OPENSSL_sk_num'
statem_clnt.c:(.text+0x470): undefined reference to `OPENSSL_sk_value'
/home/user/vpn_compile/lib/libssl.a(statem_clnt.o): In function `tls_construct_cke_gost':
statem_clnt.c:(.text+0x660): undefined reference to `X509_get0_pubkey'
statem_clnt.c:(.text+0x666): undefined reference to `EVP_PKEY_CTX_new'
statem_clnt.c:(.text+0x67e): undefined reference to `CRYPTO_malloc'
statem_clnt.c:(.text+0x68a): undefined reference to `EVP_PKEY_encrypt_init'
statem_clnt.c:(.text+0x696): undefined reference to `RAND_bytes'
statem_clnt.c:(.text+0x6be): undefined reference to `EVP_PKEY_CTX_free'
statem_clnt.c:(.text+0x6ce): undefined reference to `CRYPTO_clear_free'
statem_clnt.c:(.text+0x6d4): undefined reference to `EVP_MD_CTX_free'
statem_clnt.c:(.text+0x724): undefined reference to `EVP_MD_CTX_new'
statem_clnt.c:(.text+0x72e): undefined reference to `OBJ_nid2sn'
statem_clnt.c:(.text+0x732): undefined reference to `EVP_get_digestbyname'
statem_clnt.c:(.text+0x73a): undefined reference to `EVP_DigestInit'
statem_clnt.c:(.text+0x784): undefined reference to `EVP_DigestUpdate'
statem_clnt.c:(.text+0x794): undefined reference to `EVP_DigestUpdate'
statem_clnt.c:(.text+0x7a6): undefined reference to `EVP_DigestFinal_ex'
statem_clnt.c:(.text+0x7b0): undefined reference to `EVP_MD_CTX_free'
statem_clnt.c:(.text+0x7c8): undefined reference to `EVP_PKEY_CTX_ctrl'
statem_clnt.c:(.text+0x7ec): undefined reference to `EVP_PKEY_encrypt'
statem_clnt.c:(.text+0x856): undefined reference to `EVP_PKEY_CTX_free'
/home/user/vpn_compile/lib/libssl.a(statem_clnt.o): In function `tls_construct_cke_psk_preamble':
statem_clnt.c:(.text+0xa48): undefined reference to `CRYPTO_memdup'
statem_clnt.c:(.text+0xa5a): undefined reference to `CRYPTO_strdup'
statem_clnt.c:(.text+0xa80): undefined reference to `CRYPTO_free'
statem_clnt.c:(.text+0xa98): undefined reference to `CRYPTO_free'
statem_clnt.c:(.text+0xaf0): undefined reference to `OPENSSL_cleanse'
statem_clnt.c:(.text+0xaf8): undefined reference to `OPENSSL_cleanse'
statem_clnt.c:(.text+0xb06): undefined reference to `CRYPTO_clear_free'
statem_clnt.c:(.text+0xb14): undefined reference to `CRYPTO_clear_free'
/home/user/vpn_compile/lib/libssl.a(statem_clnt.o): In function `tls_construct_client_key_exchange':
statem_clnt.c:(.text+0xc68): undefined reference to `CRYPTO_clear_free'
statem_clnt.c:(.text+0xc7c): undefined reference to `CRYPTO_clear_free'
statem_clnt.c:(.text+0xcaa): undefined reference to `X509_get0_pubkey'
statem_clnt.c:(.text+0xcb0): undefined reference to `EVP_PKEY_get0_RSA'
statem_clnt.c:(.text+0xcc6): undefined reference to `CRYPTO_malloc'
statem_clnt.c:(.text+0xce8): undefined reference to `RAND_bytes'
statem_clnt.c:(.text+0xd4a): undefined reference to `EVP_PKEY_get0_DH'
statem_clnt.c:(.text+0xd6a): undefined reference to `EVP_PKEY_free'
statem_clnt.c:(.text+0xda0): undefined reference to `EVP_PKEY_CTX_new'
statem_clnt.c:(.text+0xda8): undefined reference to `EVP_PKEY_encrypt_init'
.
.
.

Any idea what's wrong?
openssl 1.1.1f

@Anubisss

This comment has been minimized.

Copy link
Owner Author

@Anubisss Anubisss commented Jul 2, 2020

@hanneshoettinger I have no idea to be honest. I'm not working on/with this anymore.
From the error message it looks like you have to link (-l) some lib (or the proper version?) to able to compile (link) the openSSL.

@trendymail

This comment has been minimized.

Copy link

@trendymail trendymail commented Sep 25, 2020

Hello!

Long story short: this page/tutorial and your replies saved my life... ^^

@Anubisss: many many thanks for your hard work. It's simply awesome!

Below, a quick digest (tested twice) to build OpenVPN 2.4.9 (server & client) with lzo and lz4 for ARM using Debian 9.

Debian

apt-get install build-essential gcc-arm-linux-gnueabi ca-certificates

mkdir /home/source /home/openvpn

LZO

cd /home/source
wget https://www.oberhumer.com/opensource/lzo/download/lzo-2.10.tar.gz
tar xvzf lzo-2.10.tar.gz

cd lzo-2.10
./configure --prefix=/home/openvpn --enable-static --target=arm-linux-gnueabi --host=arm-linux-gnueabi

make && make install

LZ4

cd /home/source
wget https://github.com/lz4/lz4/archive/v1.9.2.tar.gz
tar xvzf v1.9.2.tar.gz

cd lz4-1.9.2
make && PREFIX=/home/openvpn make install

Openssl

cd /home/source
wget https://www.openssl.org/source/openssl-1.1.1h.tar.gz
tar xvzf openssl-1.1.1h.tar.gz

cd openssl-1.1.1h
./Configure gcc -static -no-shared --prefix=/home/openvpn --cross-compile-prefix=arm-linux-gnueabi-

make && make install

OpenVPN

cd /home/source
wget https://swupdate.openvpn.org/community/releases/openvpn-2.4.9.tar.gz
tar xvzf openvpn-2.4.9.tar.gz

cd openvpn-2.4.9
./configure --target=arm-linux-gnueabi --host=arm-linux-gnueabi --prefix=/home/openvpn --enable-static --disable-shared --disable-debug --disable-plugins OPENSSL_CFLAGS="-I/home/openvpn/include" OPENSSL_LIBS="-L/home/openvpn/lib -lssl -lcrypto" LZO_CFLAGS="-I/home/openvpn/include" LZO_LIBS="-L/home/openvpn/lib -llzo2" LZ4_CFLAGS="-I/home/openvpn/include" LZ4_LIBS="-L/home/openvpn/lib -llz4" IFCONFIG=/sbin/ifconfig ROUTE=/sbin/route NETSTAT=/bin/netstat IPROUTE=/sbin/ip --enable-iproute2

make LIBS="-all-static" && make install

Final

cd /home/openvpn/sbin/

openvpn (static) binary is here!

@Anubisss

This comment has been minimized.

Copy link
Owner Author

@Anubisss Anubisss commented Sep 26, 2020

@trendymail Great work, thank you!

@ksaurabh02

This comment has been minimized.

Copy link

@ksaurabh02 ksaurabh02 commented Sep 28, 2020

@trendymail

Hello!

Long story short: this page/tutorial and your replies saved my life... ^^

@Anubisss: many many thanks for your hard work. It's simply awesome!

Below, a quick digest (tested twice) to build OpenVPN 2.4.9 (server & client) with lzo and lz4 for ARM using Debian 9.

Debian

apt-get install build-essential gcc-arm-linux-gnueabi ca-certificates

mkdir /home/source /home/openvpn

LZO

cd /home/source
wget https://www.oberhumer.com/opensource/lzo/download/lzo-2.10.tar.gz
tar xvzf lzo-2.10.tar.gz

cd lzo-2.10
./configure --prefix=/home/openvpn --enable-static --target=arm-linux-gnueabi --host=arm-linux-gnueabi

make && make install

LZ4

cd /home/source
wget https://github.com/lz4/lz4/archive/v1.9.2.tar.gz
tar xvzf v1.9.2.tar.gz

cd lz4-1.9.2
make && PREFIX=/home/openvpn make install

Openssl

cd /home/source
wget https://www.openssl.org/source/openssl-1.1.1h.tar.gz
tar xvzf openssl-1.1.1h.tar.gz

cd openssl-1.1.1h
./Configure gcc -static -no-shared --prefix=/home/openvpn --cross-compile-prefix=arm-linux-gnueabi-

make && make install

OpenVPN

cd /home/source
wget https://swupdate.openvpn.org/community/releases/openvpn-2.4.9.tar.gz
tar xvzf openvpn-2.4.9.tar.gz

cd openvpn-2.4.9
./configure --target=arm-linux-gnueabi --host=arm-linux-gnueabi --prefix=/home/openvpn --enable-static --disable-shared --disable-debug --disable-plugins OPENSSL_CFLAGS="-I/home/openvpn/include" OPENSSL_LIBS="-L/home/openvpn/lib -lssl -lcrypto" LZO_CFLAGS="-I/home/openvpn/include" LZO_LIBS="-L/home/openvpn/lib -llzo2" LZ4_CFLAGS="-I/home/openvpn/include" LZ4_LIBS="-L/home/openvpn/lib -llz4" IFCONFIG=/sbin/ifconfig ROUTE=/sbin/route NETSTAT=/bin/netstat IPROUTE=/sbin/ip --enable-iproute2

make LIBS="-all-static" && make install

Final

cd /home/openvpn/sbin/

openvpn (static) binary is here!

I am getting configure: error: openssl check failed.
I fixed it, for future reference. Do Check config.log, there would be different errors. See how you can fix them

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.