-
-
Save miguelgmalpha/5c9e78d16312d156b0ec1d1c1bb09c1c to your computer and use it in GitHub Desktop.
| The AWS Client VPN for Linux is only provided for Ubuntu as a .deb package. I need it for Fedora. This was tested on Fedora 33. | |
| https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html | |
| Get the vpn client deb package. | |
| ``` | |
| curl https://d20adtppz83p9s.cloudfront.net/GTK/latest/awsvpnclient_amd64.deb -o awsvpnclient_amd64.deb | |
| ``` | |
| Install `alien` to convert the deb package to rpm. | |
| ``` | |
| dnf install alien.noarch -y | |
| ``` | |
| Convert the deb package to rpm. Some warnings will apper, don't worry. | |
| ``` | |
| alien -r awsvpnclient_amd64.deb --scripts | |
| ``` | |
| At this point, if I tried to install the generated rpm package, it failed because some conflicting folders. | |
| ``` | |
| Error: Transaction test error: | |
| file /etc from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /opt from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share/applications from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share/doc from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share/pixmaps from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /etc/systemd from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package systemd-246.14-1.fc33.x86_64 | |
| file /etc/systemd/system from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package systemd-246.14-1.fc33.x86_64 | |
| ``` | |
| We need to edit the rpm package and remove these already existing folders from the package using rpmrebuild. Install rpmrebuild. | |
| ``` | |
| dnf install rpmrebuild.noarch -y | |
| ``` | |
| And then, edit the rpm package with rpmrebuild removing the previous conflicting folders. https://superuser.com/questions/133317/is-it-possible-to-modify-rebuild-an-rpm-without-the-srpm/133323#133323 | |
| ``` | |
| rpmrebuild -e -p awsvpnclient-1.0.0-2.x86_64.rpm | |
| find the line(s) you wish to change | |
| make changes | |
| save and exit your editor (Esc:wq! in vi[m], Ctrl-x s in emacs) | |
| rpmrebuild will ask if you want to continue | |
| answer 'yes' | |
| check the last line of the rpmrebuild output to find your package | |
| ``` | |
| The rpm has been rebuilt and stored in the mentioned folder. Now, install it, it should work now. | |
| ``` | |
| sudo dnf install /home/user/rpmbuild/RPMS/x86_64/awsvpnclient-1.0.0-2.x86_64.rpm -y | |
| Running transaction | |
| Preparing : 1/1 | |
| Installing : lttng-ust-2.12.0-3.fc33.x86_64 1/2 | |
| Running scriptlet: awsvpnclient-1.0.0-2.x86_64 2/2 | |
| + LOG_FOLDER=/var/log/aws-vpn-client | |
| + mkdir -p /var/log/aws-vpn-client | |
| + LOG_FILE=/var/log/aws-vpn-client/preinst.log | |
| + sudo systemctl stop awsvpnclient | |
| + sudo systemctl disable awsvpnclient | |
| + sudo systemctl daemon-reload | |
| + sudo systemctl reset-failed | |
| Installing : awsvpnclient-1.0.0-2.x86_64 2/2 | |
| Running scriptlet: awsvpnclient-1.0.0-2.x86_64 2/2 | |
| + set -e | |
| + LOG_FOLDER=/var/log/aws-vpn-client | |
| + mkdir -p /var/log/aws-vpn-client | |
| + LOG_FILE=/var/log/aws-vpn-client/postinst.log | |
| + sudo systemctl enable awsvpnclient | |
| + sudo systemctl start awsvpnclient | |
| Verifying : lttng-ust-2.12.0-3.fc33.x86_64 1/2 | |
| Verifying : awsvpnclient-1.0.0-2.x86_64 2/2 | |
| Installed: | |
| awsvpnclient-1.0.0-2.x86_64 lttng-ust-2.12.0-3.fc33.x86_64 | |
| Complete! | |
| ``` | |
| Follow the steps from the official documentation from here :) | |
| https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html#client-vpn-connect-linux-connecting |
I confirm that this works on Fedora 39.
@BOPOHA Thanks for the builds!
Can you also build it for aarch64?
@BOPOHA Thanks for the builds!
Can you also build it for aarch64?
I'm going to ruin this for you. AWS has not yet released a client for Apple Silicon, let alone for linux/aarch64, which they barely support anyway.
It is not working on fedora 40 :(
nothing provides openssl1.1 needed by awsvpnclient-3.11.0-1.x86_64 from copr:copr.fedorainfracloud.org:vorona:aws-rpm-packages
It works on Fedora 40 / 41 now: https://copr.fedorainfracloud.org/coprs/vorona/aws-rpm-packages/
It works on Fedora 40 / 41 now: https://copr.fedorainfracloud.org/coprs/vorona/aws-rpm-packages/
It'll still fail when trying to connect with this message (even after installing openssl1.1 and openssl1.1-devel): No usable version of libssl was found
There's a new version of the client, 4.1, which supports Ubuntu 22.04 and 24.04 (which I take to mean no longer relies on OpenSSL1.1), but it has yet to be built in the COPR repo.
One of my devs upgraded to Fedora 41 which broke his VPN.
We've tracked it down to /opt/awsvpnclient/Resources/openvpn/configure-dns which logged the following:
Tue Nov 26 13:55:13 PST 2024 Executing up script with parameters 'tun0 1500 0 10.255.66.162 255.255.255.224 init'
Tue Nov 26 13:55:13 PST 2024 Configuring to use DNS servers from OpenVPN
Tue Nov 26 13:55:13 PST 2024 Getting DNS servers from OpenVPN
Tue Nov 26 13:55:13 PST 2024 foreign_option_1 from OpenVPN: dhcp-option DNS 172.29.0.2
Tue Nov 26 13:55:13 PST 2024 Getting device index for tun0
Tue Nov 26 13:55:13 PST 2024 'ip link show dev tun0' exit code: 127, output:
Which indicates that the ip binary cannot be found. This may have something to do with the changes surrounding sbin lately, but the PATH in the environment in which this script is running seems to have neither /sbin/ nor /usr/sbin in its PATH.
We have temporarily worked around this with ln -s /usr/sbin/ip /bin/ip which seems to let the VPN work.
I have replicated this issue and workaround on a fresh Fedora 41 install in a VM.
edit: it has dawned on me that there should be an actual repo in which to raise an actual issue, and I've done so at.
Y'all, this is known since 2022 😉
https://gist.github.com/miguelgmalpha/5c9e78d16312d156b0ec1d1c1bb09c1c?permalink_comment_id=4215154#gistcomment-4215154
Im trying on Fedora 42 Beta
conflict with iproute-6.12.0-3.fc42.x86_64?
Must be related to the unification https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin that's for F42.
If anyone wants AWS Client VPN (specifically for SAML auth) alternative on Fedora Asahi Linux, here is a docker image that makes it work: https://github.com/pgagnidze/aws-vpn-client-docker
edit: Well, it will probably work on other Linux distributions as well.
@BOPOHA it fails on Fedora 42:
Transaction failed: Rpm transaction failed.
- file /usr/bin/ip from install of awsvpnclient-4.1.0-8.x86_64 conflicts with file from package iproute-6.12.0-3.fc42.x86_64
I do confirm that installing it like other mentioned works on Fedora 38
6.5.5-200.fc38.x86_64 #1 SMP PREEMPT_DYNAMIC Sun Sep 24 15:52:44 UTC 2023 x86_64 GNU/Linux