-
-
Save miguelgmalpha/5c9e78d16312d156b0ec1d1c1bb09c1c to your computer and use it in GitHub Desktop.
| The AWS Client VPN for Linux is only provided for Ubuntu as a .deb package. I need it for Fedora. This was tested on Fedora 33. | |
| https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html | |
| Get the vpn client deb package. | |
| ``` | |
| curl https://d20adtppz83p9s.cloudfront.net/GTK/latest/awsvpnclient_amd64.deb -o awsvpnclient_amd64.deb | |
| ``` | |
| Install `alien` to convert the deb package to rpm. | |
| ``` | |
| dnf install alien.noarch -y | |
| ``` | |
| Convert the deb package to rpm. Some warnings will apper, don't worry. | |
| ``` | |
| alien -r awsvpnclient_amd64.deb --scripts | |
| ``` | |
| At this point, if I tried to install the generated rpm package, it failed because some conflicting folders. | |
| ``` | |
| Error: Transaction test error: | |
| file /etc from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /opt from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share/applications from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share/doc from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share/pixmaps from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /etc/systemd from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package systemd-246.14-1.fc33.x86_64 | |
| file /etc/systemd/system from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package systemd-246.14-1.fc33.x86_64 | |
| ``` | |
| We need to edit the rpm package and remove these already existing folders from the package using rpmrebuild. Install rpmrebuild. | |
| ``` | |
| dnf install rpmrebuild.noarch -y | |
| ``` | |
| And then, edit the rpm package with rpmrebuild removing the previous conflicting folders. https://superuser.com/questions/133317/is-it-possible-to-modify-rebuild-an-rpm-without-the-srpm/133323#133323 | |
| ``` | |
| rpmrebuild -e -p awsvpnclient-1.0.0-2.x86_64.rpm | |
| find the line(s) you wish to change | |
| make changes | |
| save and exit your editor (Esc:wq! in vi[m], Ctrl-x s in emacs) | |
| rpmrebuild will ask if you want to continue | |
| answer 'yes' | |
| check the last line of the rpmrebuild output to find your package | |
| ``` | |
| The rpm has been rebuilt and stored in the mentioned folder. Now, install it, it should work now. | |
| ``` | |
| sudo dnf install /home/user/rpmbuild/RPMS/x86_64/awsvpnclient-1.0.0-2.x86_64.rpm -y | |
| Running transaction | |
| Preparing : 1/1 | |
| Installing : lttng-ust-2.12.0-3.fc33.x86_64 1/2 | |
| Running scriptlet: awsvpnclient-1.0.0-2.x86_64 2/2 | |
| + LOG_FOLDER=/var/log/aws-vpn-client | |
| + mkdir -p /var/log/aws-vpn-client | |
| + LOG_FILE=/var/log/aws-vpn-client/preinst.log | |
| + sudo systemctl stop awsvpnclient | |
| + sudo systemctl disable awsvpnclient | |
| + sudo systemctl daemon-reload | |
| + sudo systemctl reset-failed | |
| Installing : awsvpnclient-1.0.0-2.x86_64 2/2 | |
| Running scriptlet: awsvpnclient-1.0.0-2.x86_64 2/2 | |
| + set -e | |
| + LOG_FOLDER=/var/log/aws-vpn-client | |
| + mkdir -p /var/log/aws-vpn-client | |
| + LOG_FILE=/var/log/aws-vpn-client/postinst.log | |
| + sudo systemctl enable awsvpnclient | |
| + sudo systemctl start awsvpnclient | |
| Verifying : lttng-ust-2.12.0-3.fc33.x86_64 1/2 | |
| Verifying : awsvpnclient-1.0.0-2.x86_64 2/2 | |
| Installed: | |
| awsvpnclient-1.0.0-2.x86_64 lttng-ust-2.12.0-3.fc33.x86_64 | |
| Complete! | |
| ``` | |
| Follow the steps from the official documentation from here :) | |
| https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html#client-vpn-connect-linux-connecting |
@snorfalorpagus Yup that solved it! Thank you!
Someone released unofficial client written in rust, no external libraries are needed https://crates.io/crates/openaws-vpn-client
OS: Fedora 37
Thanks guys for all the info on this post! Extremely, extremely helpful. 💯 🙏
I ended up taking the easy/lazy route and used @BOPOHA 's build.
However, it did still require adding Environment=DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1 to the awsvpnclient.service file still as well as my .bashrc file. So @snorfalorpagus thanks man!
Great thread all around.
Hope AWS releases a native RPM soon... 😬
edit: regarding BOPOHA's install instructions:
If you don't care or want workspacesclient; you can just install openssl1.1 instead.
That dependency along with the env variable were the real juicers that got things to work.
Thanks @BOPOHA your builds are working for me with Fedora 37.
my exact steps to get everything running were:
-
run these commands
dnf copr enable vorona/aws-rpm-packages -y
dnf install awsvpnclient -y && systemctl start awsvpnclient
dnf install workspacesclient -y
dnf install icu
dnf install openssl -
update ~/.bashrc to add the line:
export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1 -
in /usr/lib/systemd/system/awsvpnclient.service add this line to the [service] section:
Environment=DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1 -
run these commands:
systemctl daemon-reload
systemctl restart awsvpnclient
Then from my Start Menu I can run the AWS VPN Client application
- package
icuis not installed on my system [*] opensslis not required from my point of view, butopenssl1.1is aworkspacesclientdependency and installed automaticallyDOTNET_SYSTEM_GLOBALIZATION_INVARIANTi dont understand what it is for [*]:
- the environment setting (~/.bashrc) has no effect on launching the application via the Start Menu application icon.
- pass the DOTNET_SYSTEM_GLOBALIZATION_INVARIANT env variable to the backed service is also strange
* - I only have an integrated GPU, maybe that's the difference.
Or maybe you still have some garbage left from previous installations via alien/rpmrebuild.
Try the following:
dnf remove workspacesclient icu openssl1.1
rm -rf /opt/workspacesclient/ /usr/lib/x86_64-linux-gnu/pcoip-client/ /usr/share/applications/workspacesclient.desktop /opt/awsvpnclient /usr/share/applications/awsvpnclient.desktop
dnf install workspacesclient awsvpnclient
you can report an issue here
Confirming that the solution from @BOPOHA works on Fedora 37 Workstation. Thanks!
I was about to install a different OS.
I've got @BOPOHA 's build working on Fedora 37 Workstation as well, however, I've had to do similar to @martinrw.
I don't use workspaces, so am not installing that - here's what I ultimately needed to get it working - all based on reading the logs and resolving any errors:
sudo dnf copr enable vorona/aws-rpm-packages -ysudo dnf install awsvpnclient icu openssl1.1 -y- Add
Environment=DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1to the[Service]section of/usr/lib/systemd/system/awsvpnclient.service sudo systemctl start awsvpnclient- Modify the desktop application launcher
Execline toExec=env DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1 /opt/awsvpnclient/AWSVPNClientin/usr/share/applications/awsvpnclient.desktop
There are definitely some things BOPOHA says shouldn't be required, but they are on my setup.
Thanks for eveyone's pas comments here and for BOPOHA for providing a usable build.
Someone have check the compatibility of @BOPOHA build with the last version of AWS VPN Client in version 3.2.0 ?
I ask that because it's the last sotfware who block me to go on Fedora and not Ubuntu because i don't like Ubuntu.
I will check that on my side but this question is just in case if someone have already test.
Just stumbled across this gist, I can confirm that AWS did not made any significant changes in 3.2.0 (I am maintaining the AUR version 😉), so simple upgrade of the package should work.
I am certain most problems will be solved once AWS will support ubuntu 22.04, as they would then need to upgrade all the dependencies. Of course, it would be much easier if they would just open source their client...
you can try my builds https://copr.fedorainfracloud.org/coprs/vorona/aws-rpm-packages/
or build your own rpm with spec https://github.com/BOPOHA/aws-rpm-packages/blob/main/awsvpnclient/awsvpnclient.spec
i cut out a lot of dependencies for telemetry, debugging and tracing. And, for example, the Workspace client starts working much faster. Tested on F36
Getting one of @BOPOHA builds worked for me I just need to install this package https://fedora.pkgs.org/36/fedora-x86_64/openssl1.1-1.1.1n-1.fc36.x86_64.rpm.html and configure the ICU as define in this MS doc https://github.com/dotnet/core/blob/main/Documentation/build-and-install-rhel6-prerequisites.md#install-the-libraries-into-the-netcoredeps-subdirectory-of-your-net-core-application
Just want to add that up until today I was running Fedora 35 and this worked just fine. I started testing upgrades to 36 and 37, and while 36 worked out of the box, 37 broke with:
Process terminated. Couldn't find a valid ICU package installed on the system. Set the configuration flag System.Globalization.Invariant to true if you want to run with no globalization support.
at System.Environment.FailFast(System.String)
at System.Globalization.GlobalizationMode.GetGlobalizationInvariantMode()
at System.Globalization.GlobalizationMode..cctor()
at System.TimeZoneInfo.GetDisplayName(TimeZoneDisplayNameType, System.String ByRef)
at System.TimeZoneInfo..ctor(Byte[], System.String, Boolean)
at System.TimeZoneInfo.GetTimeZoneFromTzData(Byte[], System.String)
at System.TimeZoneInfo.GetLocalTimeZoneFromTzFile()
at System.TimeZoneInfo+CachedData.CreateLocal()
at System.CurrentSystemTimeZone..ctor()
at System.TimeZone.get_CurrentTimeZone()
at GLib.Marshaller..cctor()
at GLib.Marshaller.StringToPtrGStrdup(System.String)
at GLib.Global.set_ProgramName(System.String)
at Gtk.Application.SetPrgname()
at Gtk.Application.Init()
at ACVC.GTK.Program.Initialize()
at ACVC.GTK.Program.Main(System.String[])
Aborted (core dumped)
from the client. Adding the suggested DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1 made the client work, but the service would then fail during the login process. Adding the same env var to the service file got it to work as well.
For the record, my package versions are:
openssl-3.0.8-1.fc37.x86_64
workspacesclient-4.5.0.2006-1.x86_64
icu-71.1-2.fc37.x86_64
awsvpnclient-3.2.0-1.x86_64
and, judging by the dnf logs it looks like ICU69 worked and 70 or 71 must be where it gets unhappy.
2023-03-02T14:46:35-0800 SUBDEBUG Upgrade: icu-71.1-2.fc37.x86_64
2023-03-02T14:47:22-0800 SUBDEBUG Upgraded: icu-69.1-6.fc36.x86_64
2023-03-02T14:49:29-0800 SUBDEBUG Upgraded: libicu-69.1-6.fc36.x86_64
2022-10-10T14:57:05-0700 SUBDEBUG Upgrade: libicu-69.1-6.fc35.x86_64
2022-10-10T15:11:01-0700 SUBDEBUG Upgraded: libicu-69.1-2.fc35.x86_64
@wrossmann thanks for detailed description. the issue with libicu > 69 fixed in awsvpnclient-3.4.0-1.x86_64
(no needs to use DOTNET_SYSTEM_GLOBALIZATION_INVARIANT environment variable)
I can confirm that just the following commands worked for me:
sudo dnf copr enable vorona/aws-rpm-packages -y
sudo dnf install awsvpnclient icu openssl1.1 -y
sudo systemctl start awsvpnclient
On Fedora 37
Thanks everyone for the work and the tips ❤️
(edit typos)
I do confirm that installing it like other mentioned works on Fedora 38
6.5.5-200.fc38.x86_64 #1 SMP PREEMPT_DYNAMIC Sun Sep 24 15:52:44 UTC 2023 x86_64 GNU/Linux
sudo dnf copr enable vorona/aws-rpm-packages -y
sudo dnf install awsvpnclient
sudo systemctl start awsvpnclient
I confirm that this works on Fedora 39.
@BOPOHA Thanks for the builds!
Can you also build it for aarch64?
@BOPOHA Thanks for the builds!
Can you also build it for aarch64?
I'm going to ruin this for you. AWS has not yet released a client for Apple Silicon, let alone for linux/aarch64, which they barely support anyway.
It is not working on fedora 40 :(
nothing provides openssl1.1 needed by awsvpnclient-3.11.0-1.x86_64 from copr:copr.fedorainfracloud.org:vorona:aws-rpm-packages
It works on Fedora 40 / 41 now: https://copr.fedorainfracloud.org/coprs/vorona/aws-rpm-packages/
It works on Fedora 40 / 41 now: https://copr.fedorainfracloud.org/coprs/vorona/aws-rpm-packages/
It'll still fail when trying to connect with this message (even after installing openssl1.1 and openssl1.1-devel): No usable version of libssl was found
There's a new version of the client, 4.1, which supports Ubuntu 22.04 and 24.04 (which I take to mean no longer relies on OpenSSL1.1), but it has yet to be built in the COPR repo.
@CL-BB I had the same issue when upgrading to Fedora 37.
In addition to adding the environment variable to my
.zshrc:I also had to update
/etc/systemd/system/awsvpnclient.serviceso the service which runs asroothas it too.I figured this out looking at the logs for the service: