Starting with OpenVPN 2.3, it became possible to build OpenVPN using either the OpenSSL cryptographic library or the PolarSSL library. The PolarSSL library is nowadays known as "mbedTLS". The PolarSSL library is used in the OpenVPN Connect apps for both Android and iOS, but the library can be used on all other supported platforms as well.
The goal of this recipe is to show how to determine which cryptographic library is used, including the run-time version number.
Set up the server certificate using the first recipe from Chapter 2, Client-server IP-only Networks. Use the client certificate and the intermediary CA certificate from the previous recipe. For this recipe, the computer was running Fedora 22 Linux and OpenVPN 2.3.10, built both for OpenSSL and for PolarSSL. Keep the server configuration file basic-udp-server.conf
from the Server-side routing recipe in Chapter 2, Client-server IP-only Networks.
[root@server]# openvpn --config basic-udp-server.conf
OpenVPN 2.3.10 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 4 2016 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.08
openvpn
process.LD_LIBRARY_PATH
to point to a more recent version of OpenSSL:[root@server]# export LD_LIBRARY_PATH=..../openssl-1.0.1s [root@server]# openvpn --config basic-udp-server.conf
OpenVPN 2.3.10 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 4 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.08
openvpn
process. [root@server]# .../openvpn-2.3.10polarssl/openvpn --config
basic-udp-server.conf
OpenVPN 2.3.10 x86_64-unknown-linux-gnu [SSL (PolarSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr 27 2016 library versions: PolarSSL 1.3.16, LZO 2.08
When OpenVPN starts the cryptographics libraries are loaded and initialized. At this point, the library's version string is retrieved and printed. By using different builds of the crypto libraries we see that only the few first lines of the server logfile alter.
The type and build of cryptographics library used determine some of the more advanced features of OpenVPN, as we will see in the next few recipes. The library version string provides vital information for debugging a non-working setup, as we will see in Chapter 6, Troubleshooting OpenVPN - Configurations.
3.139.237.5