-
-
Save miguelgmalpha/5c9e78d16312d156b0ec1d1c1bb09c1c to your computer and use it in GitHub Desktop.
| The AWS Client VPN for Linux is only provided for Ubuntu as a .deb package. I need it for Fedora. This was tested on Fedora 33. | |
| https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html | |
| Get the vpn client deb package. | |
| ``` | |
| curl https://d20adtppz83p9s.cloudfront.net/GTK/latest/awsvpnclient_amd64.deb -o awsvpnclient_amd64.deb | |
| ``` | |
| Install `alien` to convert the deb package to rpm. | |
| ``` | |
| dnf install alien.noarch -y | |
| ``` | |
| Convert the deb package to rpm. Some warnings will apper, don't worry. | |
| ``` | |
| alien -r awsvpnclient_amd64.deb --scripts | |
| ``` | |
| At this point, if I tried to install the generated rpm package, it failed because some conflicting folders. | |
| ``` | |
| Error: Transaction test error: | |
| file /etc from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /opt from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share/applications from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share/doc from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share/pixmaps from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /etc/systemd from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package systemd-246.14-1.fc33.x86_64 | |
| file /etc/systemd/system from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package systemd-246.14-1.fc33.x86_64 | |
| ``` | |
| We need to edit the rpm package and remove these already existing folders from the package using rpmrebuild. Install rpmrebuild. | |
| ``` | |
| dnf install rpmrebuild.noarch -y | |
| ``` | |
| And then, edit the rpm package with rpmrebuild removing the previous conflicting folders. https://superuser.com/questions/133317/is-it-possible-to-modify-rebuild-an-rpm-without-the-srpm/133323#133323 | |
| ``` | |
| rpmrebuild -e -p awsvpnclient-1.0.0-2.x86_64.rpm | |
| find the line(s) you wish to change | |
| make changes | |
| save and exit your editor (Esc:wq! in vi[m], Ctrl-x s in emacs) | |
| rpmrebuild will ask if you want to continue | |
| answer 'yes' | |
| check the last line of the rpmrebuild output to find your package | |
| ``` | |
| The rpm has been rebuilt and stored in the mentioned folder. Now, install it, it should work now. | |
| ``` | |
| sudo dnf install /home/user/rpmbuild/RPMS/x86_64/awsvpnclient-1.0.0-2.x86_64.rpm -y | |
| Running transaction | |
| Preparing : 1/1 | |
| Installing : lttng-ust-2.12.0-3.fc33.x86_64 1/2 | |
| Running scriptlet: awsvpnclient-1.0.0-2.x86_64 2/2 | |
| + LOG_FOLDER=/var/log/aws-vpn-client | |
| + mkdir -p /var/log/aws-vpn-client | |
| + LOG_FILE=/var/log/aws-vpn-client/preinst.log | |
| + sudo systemctl stop awsvpnclient | |
| + sudo systemctl disable awsvpnclient | |
| + sudo systemctl daemon-reload | |
| + sudo systemctl reset-failed | |
| Installing : awsvpnclient-1.0.0-2.x86_64 2/2 | |
| Running scriptlet: awsvpnclient-1.0.0-2.x86_64 2/2 | |
| + set -e | |
| + LOG_FOLDER=/var/log/aws-vpn-client | |
| + mkdir -p /var/log/aws-vpn-client | |
| + LOG_FILE=/var/log/aws-vpn-client/postinst.log | |
| + sudo systemctl enable awsvpnclient | |
| + sudo systemctl start awsvpnclient | |
| Verifying : lttng-ust-2.12.0-3.fc33.x86_64 1/2 | |
| Verifying : awsvpnclient-1.0.0-2.x86_64 2/2 | |
| Installed: | |
| awsvpnclient-1.0.0-2.x86_64 lttng-ust-2.12.0-3.fc33.x86_64 | |
| Complete! | |
| ``` | |
| Follow the steps from the official documentation from here :) | |
| https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html#client-vpn-connect-linux-connecting |
@BOPOHA it fails on Fedora 42:
Transaction failed: Rpm transaction failed. - file /usr/bin/ip from install of awsvpnclient-4.1.0-8.x86_64 conflicts with file from package iproute-6.12.0-3.fc42.x86_64
Same here. Once iproute is removed, installation succeeds, however once I try to connect I get an error. The following I found in the logs.
Apr 22 18:24:27 localhost-live awsvpnclient.desktop[9646]: System.AggregateException: One or more errors occurred. (An error occurred trying to start process '/sbin/ip' with working directory '/opt/awsvpnclient'. Too many levels of symbolic links)
Same here. Once iproute is removed, installation succeeds, however once I try to connect I get an error. The following I found in the logs.
Apr 22 18:24:27 localhost-live awsvpnclient.desktop[9646]: System.AggregateException: One or more errors occurred. (An error occurred trying to start process '/sbin/ip' with working directory '/opt/awsvpnclient'. Too many levels of symbolic links)
Seems expected. The package does the following:
ln -s /usr/sbin/ip %{buildroot}/usr/bin/ipWhich means that it makes /usr/bin/ip point to /usr/sbin/ip. And with changes to Fedora 42 /usr/sbin/ip now points to /usr/bin/ip. This creates an infinite cycle.
(simplified):
/usr/bin/ip -> /usr/sbin/ip -> /usr/bin/ip -> ...
The correct way this should flow is for sbin to always point unidirectionally to bin. Removing iproute makes no sense, the RPM for awsvpnclient should be adjusted instead. This basically means dropping the symlink creation.
@slagiewka I agree that removal of iproute does not make sense, but I chose a brute force approach to better understand what's going on here.
@BOPOHA it fails on Fedora 42: