openvpn3/README.rst

OpenVPN 3
=========

OpenVPN 3 is a C++ class library that implements the functionality
of an OpenVPN client, and is protocol-compatible with the OpenVPN
2.x branch.

OpenVPN 3 includes a minimal client wrapper (``cli``) that links in with
the library and provides basic command line functionality.

NOTE: As of early 2016, OpenVPN 3 is primarily of interest to developers
because it does not yet replicate the full functionality of OpenVPN 2.x.
In particular, server functionality is not yet implemented.

Building OpenVPN 3 client on Mac OS X
-------------------------------------

OpenVPN 3 should be built in a non-root Mac OS X account.
Make sure that Xcode is installed with optional command-line tools.
(These instructions have been tested with Xcode 5.1.1).

Create the directories ``~/src`` and ``~/src/mac``::

    mkdir -p ~/src/mac

Clone the OpenVPN 3 repo::

    cd ~/src
    mkdir ovpn3
    cd ovpn3
    git clone ... core

Export the shell variable ``O3`` to point to the OpenVPN 3 top level
directory::

    export O3=~/src/ovpn3

Download source tarballs (``.tar.gz`` or ``.tgz``) for these dependency
libraries into ``~/Downloads``

See the file ``$O3/core/deps/lib-versions`` for the expected
version numbers of each dependency.  If you want to use a different
version of the library than listed here, you can edit this file.

1. Asio -- https://github.com/chriskohlhoff/asio
2. mbed TLS (2.3.0 or higher) -- https://tls.mbed.org/
3. LZ4 -- https://github.com/Cyan4973/lz4

For dependencies that are typically cloned from github vs.
provided as a .tar.gz file, tools are provided to convert
the github to a .tar.gz file.  See "snapshot" scripts under
$O3/core/deps

Note that while OpenSSL is listed in lib-versions, it is
not required for Mac builds.

Build the dependencies::

    OSX_ONLY=1 $O3/core/scripts/mac/build-all

Now build the OpenVPN 3 client executable::

    cd $O3/core
    . vars/vars-osx64
    . vars/setpath
    cd test/ovpncli
    PSSL=1 LZ4=1 build cli

This will build the OpenVPN 3 client library with a small client
wrapper (``cli``).  It will also statically link in all external
dependencies (Asio, PolarSSL, and LZ4), so ``cli`` may be distributed
to other Macs and will run as a standalone executable.

These build scripts will create a **x86_x64** Mac OS X executable,
with a minimum deployment target of 10.8.x.  The Mac OS X tuntap driver is not
required, as OpenVPN 3 can use the integrated utun interface if
available.

To view the client wrapper options::

    ./cli -h

To connect::

    ./cli client.ovpn

Contributing
------------

See `<CONTRIBUTING.rst>`_.

License
-------

See `<LICENSE.rst>`_.
Added README.rst. Contains basic instructions for building a Mac OS X client based on OpenVPN 3. 2014-08-31 22:05:13 +02:00			`OpenVPN 3`
			`=========`

			`OpenVPN 3 is a C++ class library that implements the functionality`
			`of an OpenVPN client, and is protocol-compatible with the OpenVPN`
			`2.x branch.`

			OpenVPN 3 includes a minimal client wrapper (``cli``) that links in with
			`the library and provides basic command line functionality.`

Minor changes to README.rst: * Revise the date associated with the assertion that OpenVPN 3 is of primary interest to developers. * Revise the minimum PolarSSL/mbedTLS version. 2015-12-29 05:31:45 +01:00			`NOTE: As of early 2016, OpenVPN 3 is primarily of interest to developers`
Updated README.rst. 2015-11-25 04:04:21 +01:00			`because it does not yet replicate the full functionality of OpenVPN 2.x.`
			`In particular, server functionality is not yet implemented.`
Added README.rst. Contains basic instructions for building a Mac OS X client based on OpenVPN 3. 2014-08-31 22:05:13 +02:00
			`Building OpenVPN 3 client on Mac OS X`
			`-------------------------------------`

			`OpenVPN 3 should be built in a non-root Mac OS X account.`
			`Make sure that Xcode is installed with optional command-line tools.`
			`(These instructions have been tested with Xcode 5.1.1).`

			Create the directories ``~/src`` and ``~/src/mac``::

			`mkdir -p ~/src/mac`

			`Clone the OpenVPN 3 repo::`

			`cd ~/src`
			`mkdir ovpn3`
			`cd ovpn3`
			`git clone ... core`

			Export the shell variable ``O3`` to point to the OpenVPN 3 top level
			`directory::`

			`export O3=~/src/ovpn3`

			Download source tarballs (``.tar.gz`` or ``.tgz``) for these dependency
			libraries into ``~/Downloads``

			See the file ``$O3/core/deps/lib-versions`` for the expected
			`version numbers of each dependency. If you want to use a different`
			`version of the library than listed here, you can edit this file.`

Boost dependency elimination -- final removal of Boost dependency. Asio is now included as a standalone, header-only dependency. 2015-06-06 18:59:18 +02:00			`1. Asio -- https://github.com/chriskohlhoff/asio`
mbedTLS: Port from polarssl-1.3 to mbedtls-2.3 (functional) This patch builds on work by David Sommerseth <davids@openvpn.net> to move the PolarSSL API from polarssl-1.3 to mbedtls-2.3, which has significant differences in some areas. - Strings containing keys, certificates, CRLs, and DH parameters need to be NULL-terminated and the length argument provided to the corresponding mbedtls parse function must be able to read the NULL-terminator. These places have been modified with a '+1' to the length argument (x509cert.hpp, x509crl.hpp, dh.hpp, pkctx.hpp). - The SSL context object has been split up in mbedtls-2.3 Now many of the SSL configurations are done in a separate SSL config object, which is added to the SSL context once configured. In addition private/public keys are now stored in a separate pk_context, which is later on attached to the SSL context. Due to this, many of the calls setting either SSL configuration parameters or working with pk_contexts have been refactored. (sslctx.hpp) - The older API loading the CA chain took a hostname argument. The new API requires mbedtls_ssl_set_hostname() explicitly to be called setting hostname. Some refactoring was needed here too (sslctx.hpp). - x509_oid_get_description() is now replaced by mbedtls_oid_get_extended_key_usage(). - when mbedTLS renamed OID_CMP to MBEDTLS_OID_CMP, the return value was changed so that a return value of 0 now means equal rather than not-equal. - mbedtls/platform.h must be loaded before any other mbedtls include files (sslchoose.hpp). - All functions and macros related to mbedTLS are now prefixed with mbedtls_/MBEDTLS_ - Refactored External PKI and added some options to cli.cpp to make it easier to test that the feature still works correctly. This included removing the sig_type var and standardizing on a PKCS#1 digest prefix per RFC 3447. - Updated test keys to 2048 bits. - Updated dependency build scripts to build mbedTLS. - Enable MD4 in mbedTLS build script (needed for NTLM auth). - Use an allow-all X509 cert profile to preserve compatibility with older configs. Going forward, we will implement new options to increase strictness on minimum RSA key size and required cert signing algs. - Added human-readable reason strings that explain why a given cert in the chain wasn't accepted. - This patch doesn't rename any files or rename internal OpenVPN 3 symbols such as PolarSSLContext. This will be done in a separate commit. Signed-off-by: James Yonan <james@openvpn.net> 2017-02-23 23:20:31 +01:00			`2. mbed TLS (2.3.0 or higher) -- https://tls.mbed.org/`
Updated README.rst. 2015-11-25 04:04:21 +01:00			`3. LZ4 -- https://github.com/Cyan4973/lz4`
Added README.rst. Contains basic instructions for building a Mac OS X client based on OpenVPN 3. 2014-08-31 22:05:13 +02:00
Updated README.rst. 2015-11-25 04:04:21 +01:00			`For dependencies that are typically cloned from github vs.`
			`provided as a .tar.gz file, tools are provided to convert`
			`the github to a .tar.gz file. See "snapshot" scripts under`
			`$O3/core/deps`

			`Note that while OpenSSL is listed in lib-versions, it is`
Added README.rst. Contains basic instructions for building a Mac OS X client based on OpenVPN 3. 2014-08-31 22:05:13 +02:00			`not required for Mac builds.`

			`Build the dependencies::`

			`OSX_ONLY=1 $O3/core/scripts/mac/build-all`

			`Now build the OpenVPN 3 client executable::`

			`cd $O3/core`
Updated README.rst. 2015-11-25 04:04:21 +01:00			`. vars/vars-osx64`
Added README.rst. Contains basic instructions for building a Mac OS X client based on OpenVPN 3. 2014-08-31 22:05:13 +02:00			`. vars/setpath`
			`cd test/ovpncli`
Updated README.rst. 2015-11-25 04:04:21 +01:00			`PSSL=1 LZ4=1 build cli`
Added README.rst. Contains basic instructions for building a Mac OS X client based on OpenVPN 3. 2014-08-31 22:05:13 +02:00
			`This will build the OpenVPN 3 client library with a small client`
			wrapper (``cli``). It will also statically link in all external
Updated README.rst. 2015-11-25 04:04:21 +01:00			dependencies (Asio, PolarSSL, and LZ4), so ``cli`` may be distributed
			`to other Macs and will run as a standalone executable.`
Added README.rst. Contains basic instructions for building a Mac OS X client based on OpenVPN 3. 2014-08-31 22:05:13 +02:00
Updated README.rst. 2015-11-25 04:04:21 +01:00			`These build scripts will create a x86_x64 Mac OS X executable,`
			`with a minimum deployment target of 10.8.x. The Mac OS X tuntap driver is not`
Added README.rst. Contains basic instructions for building a Mac OS X client based on OpenVPN 3. 2014-08-31 22:05:13 +02:00			`required, as OpenVPN 3 can use the integrated utun interface if`
			`available.`

			`To view the client wrapper options::`

			`./cli -h`

			`To connect::`

			`./cli client.ovpn`
Add Contributor License Agreement and OpenSSL linking exception Signed-off-by: Samuli Seppänen <samuli@openvpn.net> 2017-01-10 14:20:00 +01:00
			`Contributing`
			`------------`

			See `<CONTRIBUTING.rst>`_.

			`License`
			`-------`

			See `<LICENSE.rst>`_.