Installing OpenVPN on OpenSolaris 2008.11

This is a short step-by-step howto that shows how I’ve installed OpenVPN on OpenSolaris 2008.11.

Step 1: Install GCC

# rolemod -K type=normal root
# pkg install SUNWgcc

Step 2: Install the TUN/TAP Driver

Grab the TUN/TAP driver for Solaris, unpack it in /usr/local/src and configure it:

# mkdir -p /usr/local/src
# cd /usr/local/src
# wget
# tar xvfz tuntap.tar.gz
# chown -R root:root tuntap
# cd tuntap
# ./configure

On 64bit you must modify the generated Makefile to call ld with the correct options. Add a LDFLAGS variable and replace $(LD) by $(LD) $(LDFLAGS):

LDFLAGS = -melf_x86_64
modules: tun.o tap.o
        $(LD) $(LDFLAGS) -r -o tun tun.o
        $(LD) $(LDFLAGS) -r -o tap tap.o

Run make and make install. The errors from /usr/sbin/rem_drv can be ignored as the module usually wasn’t installed before so it obviously can’t be removed.

Step 3: Install OpenVPN

Grab the latest RC of OpenVPN 2.1 (currently 2.1rc15) and unpack it in /usr/local/src:

# cd /usr/local/src
# wget
# tar xvfz openvpn-2.1_rc15.tar.gz
# chown -R root:root openvpn-2.1_rc15
# cd openvpn-2.1_rc15

You must replace tun.c from OpenVPN with the corresponding patched file:

# wget -O tun.c
# ./configure --disable-lzo
# make
# make install

If you do not disable LZO compression you must install the LZO library and headers before. We don’t use it so we don’t bother.

The OpenVPN binary is now available in /usr/local/sbin/openvpn.

Step 4: Configure OpenVPN

Configuration of OpenVPN is not different on Solaris than on any other supported platform. You can find the detailed documentation in the OpenVPN Howto.

If you get a Can't set PPA 1: File exists (errno=17) error and OpenVPN exits the tun interface may still be plumbed. Remove it with

# ifconfig tun0 unplumb

9 thoughts on “Installing OpenVPN on OpenSolaris 2008.11

  1. Hello, did you managed to get rid of the warning:  Driver (tun) successfully added to system but failed to attach? I’m assuming tun won’t be of any use here and I’ll use tap instead, but correct me if you didn’t get that warning.

  2. ok, got rid of that problem, let me point out a couple of things I encountered that are not covered in your post:

    1.- The LDFLAG you added (-melf_x86_64) works with gnu ld, for solaris ld you should use -64 instead.
    2.- The tun and tap (along with tun.conf and tap.conf) drivers should be placed under /platform/i86pc/kernel/drv and /platform/i86pc/kernel/drv/amd64 (for x86_64). The value of i86pc might change depending on the architecture of the processor and is the result of "uname -m".

    Other than that, it’s good to see a good howto on this (although an average user should now how to do this already =P)

    Best regards.

  3. Thanks for contributing your experience.
    Unfortunately I am not yet an average OpenSolaris user but still a newbie. I have experience with Linux and OpenSolaris 2008.11 is my current personal adventure 🙂

  4. Nice helped alot however I had to do some digging
    around a little to figure out the startup.  I know this might
    be documented in the link you referenced but for easy reference
    here is what I did.  First to debug:
    openvpn <client.conf>

    Then once it was working I used these start/stop commands:
    openvpn –daemon –writepid /tmp/ –cd /etc/openvpn/ –config /etc/openvpn/client.conf

    kill `cat /tmp/`

    The comment about how to get configure to find the "lzo" lib was handy too!


  5. While trying to follow your how-to with OSOL 2009.06,
    I encountered the following problem after run make command:

    gcc -DHAVE_CONFIG_H -I.    -I.  -g -O2 -MT tun.o -MD -MP -MF .deps/tun.Tpo -c -o tun.o tun.c
    tun.c:1394:2: #error I need the symbol TUNNEWPPA from net/if_tun.h
    tun.c: In function `open_tun':
    tun.c:1460: error: `TUNNEWPPA' undeclared (first use in this function)
    tun.c:1460: error: (Each undeclared identifier is reported only once
    tun.c:1460: error: for each function it appears in.)
    *** Error code 1
    make: Fatal error: Command failed for target `tun.o'

Leave a Reply

Your email address will not be published. Required fields are marked *