Skip to content

Instantly share code, notes, and snippets.

@miguelgmalpha
Last active November 15, 2024 20:26
Show Gist options
  • Save miguelgmalpha/5c9e78d16312d156b0ec1d1c1bb09c1c to your computer and use it in GitHub Desktop.
Save miguelgmalpha/5c9e78d16312d156b0ec1d1c1bb09c1c to your computer and use it in GitHub Desktop.
AWS Client VPN with SAML for Fedora
The AWS Client VPN for Linux is only provided for Ubuntu as a .deb package. I need it for Fedora. This was tested on Fedora 33.
https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html
Get the vpn client deb package.
```
curl https://d20adtppz83p9s.cloudfront.net/GTK/latest/awsvpnclient_amd64.deb -o awsvpnclient_amd64.deb
```
Install `alien` to convert the deb package to rpm.
```
dnf install alien.noarch -y
```
Convert the deb package to rpm. Some warnings will apper, don't worry.
```
alien -r awsvpnclient_amd64.deb --scripts
```
At this point, if I tried to install the generated rpm package, it failed because some conflicting folders.
```
Error: Transaction test error:
file /etc from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64
file /opt from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64
file /usr from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64
file /usr/share from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64
file /usr/share/applications from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64
file /usr/share/doc from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64
file /usr/share/pixmaps from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64
file /etc/systemd from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package systemd-246.14-1.fc33.x86_64
file /etc/systemd/system from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package systemd-246.14-1.fc33.x86_64
```
We need to edit the rpm package and remove these already existing folders from the package using rpmrebuild. Install rpmrebuild.
```
dnf install rpmrebuild.noarch -y
```
And then, edit the rpm package with rpmrebuild removing the previous conflicting folders. https://superuser.com/questions/133317/is-it-possible-to-modify-rebuild-an-rpm-without-the-srpm/133323#133323
```
rpmrebuild -e -p awsvpnclient-1.0.0-2.x86_64.rpm
find the line(s) you wish to change
make changes
save and exit your editor (Esc:wq! in vi[m], Ctrl-x s in emacs)
rpmrebuild will ask if you want to continue
answer 'yes'
check the last line of the rpmrebuild output to find your package
```
The rpm has been rebuilt and stored in the mentioned folder. Now, install it, it should work now.
```
sudo dnf install /home/user/rpmbuild/RPMS/x86_64/awsvpnclient-1.0.0-2.x86_64.rpm -y
Running transaction
Preparing : 1/1
Installing : lttng-ust-2.12.0-3.fc33.x86_64 1/2
Running scriptlet: awsvpnclient-1.0.0-2.x86_64 2/2
+ LOG_FOLDER=/var/log/aws-vpn-client
+ mkdir -p /var/log/aws-vpn-client
+ LOG_FILE=/var/log/aws-vpn-client/preinst.log
+ sudo systemctl stop awsvpnclient
+ sudo systemctl disable awsvpnclient
+ sudo systemctl daemon-reload
+ sudo systemctl reset-failed
Installing : awsvpnclient-1.0.0-2.x86_64 2/2
Running scriptlet: awsvpnclient-1.0.0-2.x86_64 2/2
+ set -e
+ LOG_FOLDER=/var/log/aws-vpn-client
+ mkdir -p /var/log/aws-vpn-client
+ LOG_FILE=/var/log/aws-vpn-client/postinst.log
+ sudo systemctl enable awsvpnclient
+ sudo systemctl start awsvpnclient
Verifying : lttng-ust-2.12.0-3.fc33.x86_64 1/2
Verifying : awsvpnclient-1.0.0-2.x86_64 2/2
Installed:
awsvpnclient-1.0.0-2.x86_64 lttng-ust-2.12.0-3.fc33.x86_64
Complete!
```
Follow the steps from the official documentation from here :)
https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html#client-vpn-connect-linux-connecting
@terala
Copy link

terala commented Oct 18, 2023

I confirm that this works on Fedora 39.

@pgagnidze
Copy link

@BOPOHA Thanks for the builds!

Can you also build it for aarch64?

@slagiewka
Copy link

@BOPOHA Thanks for the builds!

Can you also build it for aarch64?

I'm going to ruin this for you. AWS has not yet released a client for Apple Silicon, let alone for linux/aarch64, which they barely support anyway.

@rodries
Copy link

rodries commented Apr 30, 2024

It is not working on fedora 40 :(
nothing provides openssl1.1 needed by awsvpnclient-3.11.0-1.x86_64 from copr:copr.fedorainfracloud.org:vorona:aws-rpm-packages

@kowalej-925
Copy link

@krg-digital
Copy link

krg-digital commented Nov 15, 2024

It works on Fedora 40 / 41 now: https://copr.fedorainfracloud.org/coprs/vorona/aws-rpm-packages/

It'll still fail when trying to connect with this message (even after installing openssl1.1 and openssl1.1-devel): No usable version of libssl was found

There's a new version of the client, 4.1, which supports Ubuntu 22.04 and 24.04 (which I take to mean no longer relies on OpenSSL1.1), but it has yet to be built in the COPR repo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment