# openvpn + pkcs11



## NE (Feb 11, 2014)

Hi,

I am tying to use openvpn with a pkcs11-compatible token. So I built it from security/openvpn port, using the « Use security/pkcs11-helper » option, but I can't get it working: every command involving pkcs11 just fails. Eg:


> % openvpn --show-pkcs11-ids /usr/local/lib/libopensc.so
> Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: show-pkcs11-ids (2.3.2)
> Use --help for more information.
> %


Furthermore:

 the openvpn man page has informations about pkcs11 commands/parameters while inner help (_ie_ `openvpn --help`) has none.
 `ldd /usr/sbin/openvpn` doesn't show any link with pkcs11*
 `truss openvpn --show-pkcs11-ids [...]` doesn't report any attempt to open any pkcs11 related file
Any hint ?


----------



## NE (Feb 13, 2014)

Fixed with the following patch applied to the security/openvpn Makefile:

```
--- Makefile.bak        2014-02-13 10:40:42.000000000 +0100
+++ Makefile    2014-02-13 06:54:19.000000000 +0100
@@ -62,6 +62,7 @@
 
 .if ${PORT_OPTIONS:MPKCS11}
 LIB_DEPENDS+=  libpkcs11-helper.so:${PORTSDIR}/security/pkcs11-helper
+CONFIGURE_ARGS+=       --enable-pkcs11=yes
 .else
 CONFIGURE_ARGS+=       --disable-pkcs11
 .endif
```


----------

