OpenVPN/Documentation for testers

From Secure Computing Wiki
Revision as of 15:56, 19 November 2010 by Ecrist (talk | contribs)
Jump to navigation Jump to search
OpenVPN Topics

GENERAL: RoutingRIP RoutingBridgingFAQFirewallVPN ChainingHigh-AvailabilityTroubleshootingDonationsIRC meetingsDeveloper DocsTester Docs
OS RELATED: FreeBSD Routed FreeBSD Bridged

NOTE: As of 23th Apr 2010 this content has been moved here and will be updated there.

Instructions for testers

Reporting bugs

You should document a few things:

  • Operating system (e.g. OpenBSD 4.3)
  • Your ./configure command-line
  • Your OpenVPN version

Building OpenVPN testing from git

Fetching the sources

  • If you have not cloned the git repository:
git clone git://
cd openvpn-testing
git checkout -b allmerged origin/allmerged
  • If you already have git repository clone:
cd openvpn-testing
git checkout allmerged
git pull --rebase origin
  • Prepare for building:
autoreconf -vi

Building OpenVPN testing from snapshots

  • Unpack it
gzip -dc openvpn-YYYYWW.tar.gz | tar xvf -
cd openvpn-devel/

Configure and compile

When testing this version of OpenVPN, we would appreciate if all deprecated features would be disabled by default. We want to know how OpenVPN behaves for you without these features.

When doing the compile-time configuration of OpenVPN, please make sure the following arguments are included:

  • --disable-depr-random-resolv


./configure --disable-depr-random-resolv
make [-j <num CPU cores + 1>]

When testing this version, please give us a report to **TBD**. This report should also include the output of:

openvpn --version

in addition to the ./configure line use used for the compilation and all the configuration files you used. We would like to have both success and fail reports.


If OpenVPN crashes, you can help developers figure out the problem by giving them a backtrace of the crash. If you're running released (stable) version of OpenVPN, you should install the openvpn debug and gdb packages and then run openvpn via gdb. On "testing" turn on debugging before compilation. In either case you can get a backtrace of the crash like this:

$ gdb /usr/sbin/openvpn
[gdb info message...blablabla...]
(gdb) run --config <your config file> [--other-arguments-you-might-pass]
[wait for the crash]
(gdb) bt
[full backtrace should appear]

Enable core dump

In some cases, it's not possible to trigger the bug when running via gdb directly. In this case, you can enable core dumps. On most distributions and *nix OSes today, you need to enable this from your shell before starting OpenVPN.

 $ ulimit -c unlimited

Then run OpenVPN with the normal arguments. When OpenVPN crashes, it will now most likely create a core file which can be used for debugging the state of OpenVPN when it crashed.

 $ gdb openvpn {core file}
 [gdb info message...blablabla...]
 (gdb) bt
 [full backtrace should appear]

Please save the core files for a little while before deleting them. It might be that the developers would ask for a copy of the core file in some situations, to investigate more carefully the state OpenVPN was in when it crashed. But be also aware of that these core files can (will most likely) contain sensitive data, like encryption keys and certificates. So share with care.

Beware that if you start OpenVPN via init scripts, it will most likely not dump core files, unless you change the ulimit inside the init script.