Last active
November 15, 2024 20:26
-
-
Save miguelgmalpha/5c9e78d16312d156b0ec1d1c1bb09c1c to your computer and use it in GitHub Desktop.
AWS Client VPN with SAML for Fedora
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The AWS Client VPN for Linux is only provided for Ubuntu as a .deb package. I need it for Fedora. This was tested on Fedora 33. | |
https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html | |
Get the vpn client deb package. | |
``` | |
curl https://d20adtppz83p9s.cloudfront.net/GTK/latest/awsvpnclient_amd64.deb -o awsvpnclient_amd64.deb | |
``` | |
Install `alien` to convert the deb package to rpm. | |
``` | |
dnf install alien.noarch -y | |
``` | |
Convert the deb package to rpm. Some warnings will apper, don't worry. | |
``` | |
alien -r awsvpnclient_amd64.deb --scripts | |
``` | |
At this point, if I tried to install the generated rpm package, it failed because some conflicting folders. | |
``` | |
Error: Transaction test error: | |
file /etc from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
file /opt from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
file /usr from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
file /usr/share from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
file /usr/share/applications from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
file /usr/share/doc from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
file /usr/share/pixmaps from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
file /etc/systemd from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package systemd-246.14-1.fc33.x86_64 | |
file /etc/systemd/system from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package systemd-246.14-1.fc33.x86_64 | |
``` | |
We need to edit the rpm package and remove these already existing folders from the package using rpmrebuild. Install rpmrebuild. | |
``` | |
dnf install rpmrebuild.noarch -y | |
``` | |
And then, edit the rpm package with rpmrebuild removing the previous conflicting folders. https://superuser.com/questions/133317/is-it-possible-to-modify-rebuild-an-rpm-without-the-srpm/133323#133323 | |
``` | |
rpmrebuild -e -p awsvpnclient-1.0.0-2.x86_64.rpm | |
find the line(s) you wish to change | |
make changes | |
save and exit your editor (Esc:wq! in vi[m], Ctrl-x s in emacs) | |
rpmrebuild will ask if you want to continue | |
answer 'yes' | |
check the last line of the rpmrebuild output to find your package | |
``` | |
The rpm has been rebuilt and stored in the mentioned folder. Now, install it, it should work now. | |
``` | |
sudo dnf install /home/user/rpmbuild/RPMS/x86_64/awsvpnclient-1.0.0-2.x86_64.rpm -y | |
Running transaction | |
Preparing : 1/1 | |
Installing : lttng-ust-2.12.0-3.fc33.x86_64 1/2 | |
Running scriptlet: awsvpnclient-1.0.0-2.x86_64 2/2 | |
+ LOG_FOLDER=/var/log/aws-vpn-client | |
+ mkdir -p /var/log/aws-vpn-client | |
+ LOG_FILE=/var/log/aws-vpn-client/preinst.log | |
+ sudo systemctl stop awsvpnclient | |
+ sudo systemctl disable awsvpnclient | |
+ sudo systemctl daemon-reload | |
+ sudo systemctl reset-failed | |
Installing : awsvpnclient-1.0.0-2.x86_64 2/2 | |
Running scriptlet: awsvpnclient-1.0.0-2.x86_64 2/2 | |
+ set -e | |
+ LOG_FOLDER=/var/log/aws-vpn-client | |
+ mkdir -p /var/log/aws-vpn-client | |
+ LOG_FILE=/var/log/aws-vpn-client/postinst.log | |
+ sudo systemctl enable awsvpnclient | |
+ sudo systemctl start awsvpnclient | |
Verifying : lttng-ust-2.12.0-3.fc33.x86_64 1/2 | |
Verifying : awsvpnclient-1.0.0-2.x86_64 2/2 | |
Installed: | |
awsvpnclient-1.0.0-2.x86_64 lttng-ust-2.12.0-3.fc33.x86_64 | |
Complete! | |
``` | |
Follow the steps from the official documentation from here :) | |
https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html#client-vpn-connect-linux-connecting |
It works on Fedora 40 / 41 now: https://copr.fedorainfracloud.org/coprs/vorona/aws-rpm-packages/
It'll still fail when trying to connect with this message (even after installing openssl1.1
and openssl1.1-devel
): No usable version of libssl was found
There's a new version of the client, 4.1, which supports Ubuntu 22.04 and 24.04 (which I take to mean no longer relies on OpenSSL1.1), but it has yet to be built in the COPR repo.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It works on Fedora 40 / 41 now: https://copr.fedorainfracloud.org/coprs/vorona/aws-rpm-packages/