-
-
Save miguelgmalpha/5c9e78d16312d156b0ec1d1c1bb09c1c to your computer and use it in GitHub Desktop.
The AWS Client VPN for Linux is only provided for Ubuntu as a .deb package. I need it for Fedora. This was tested on Fedora 33. | |
https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html | |
Get the vpn client deb package. | |
``` | |
curl https://d20adtppz83p9s.cloudfront.net/GTK/latest/awsvpnclient_amd64.deb -o awsvpnclient_amd64.deb | |
``` | |
Install `alien` to convert the deb package to rpm. | |
``` | |
dnf install alien.noarch -y | |
``` | |
Convert the deb package to rpm. Some warnings will apper, don't worry. | |
``` | |
alien -r awsvpnclient_amd64.deb --scripts | |
``` | |
At this point, if I tried to install the generated rpm package, it failed because some conflicting folders. | |
``` | |
Error: Transaction test error: | |
file /etc from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
file /opt from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
file /usr from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
file /usr/share from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
file /usr/share/applications from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
file /usr/share/doc from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
file /usr/share/pixmaps from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
file /etc/systemd from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package systemd-246.14-1.fc33.x86_64 | |
file /etc/systemd/system from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package systemd-246.14-1.fc33.x86_64 | |
``` | |
We need to edit the rpm package and remove these already existing folders from the package using rpmrebuild. Install rpmrebuild. | |
``` | |
dnf install rpmrebuild.noarch -y | |
``` | |
And then, edit the rpm package with rpmrebuild removing the previous conflicting folders. https://superuser.com/questions/133317/is-it-possible-to-modify-rebuild-an-rpm-without-the-srpm/133323#133323 | |
``` | |
rpmrebuild -e -p awsvpnclient-1.0.0-2.x86_64.rpm | |
find the line(s) you wish to change | |
make changes | |
save and exit your editor (Esc:wq! in vi[m], Ctrl-x s in emacs) | |
rpmrebuild will ask if you want to continue | |
answer 'yes' | |
check the last line of the rpmrebuild output to find your package | |
``` | |
The rpm has been rebuilt and stored in the mentioned folder. Now, install it, it should work now. | |
``` | |
sudo dnf install /home/user/rpmbuild/RPMS/x86_64/awsvpnclient-1.0.0-2.x86_64.rpm -y | |
Running transaction | |
Preparing : 1/1 | |
Installing : lttng-ust-2.12.0-3.fc33.x86_64 1/2 | |
Running scriptlet: awsvpnclient-1.0.0-2.x86_64 2/2 | |
+ LOG_FOLDER=/var/log/aws-vpn-client | |
+ mkdir -p /var/log/aws-vpn-client | |
+ LOG_FILE=/var/log/aws-vpn-client/preinst.log | |
+ sudo systemctl stop awsvpnclient | |
+ sudo systemctl disable awsvpnclient | |
+ sudo systemctl daemon-reload | |
+ sudo systemctl reset-failed | |
Installing : awsvpnclient-1.0.0-2.x86_64 2/2 | |
Running scriptlet: awsvpnclient-1.0.0-2.x86_64 2/2 | |
+ set -e | |
+ LOG_FOLDER=/var/log/aws-vpn-client | |
+ mkdir -p /var/log/aws-vpn-client | |
+ LOG_FILE=/var/log/aws-vpn-client/postinst.log | |
+ sudo systemctl enable awsvpnclient | |
+ sudo systemctl start awsvpnclient | |
Verifying : lttng-ust-2.12.0-3.fc33.x86_64 1/2 | |
Verifying : awsvpnclient-1.0.0-2.x86_64 2/2 | |
Installed: | |
awsvpnclient-1.0.0-2.x86_64 lttng-ust-2.12.0-3.fc33.x86_64 | |
Complete! | |
``` | |
Follow the steps from the official documentation from here :) | |
https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html#client-vpn-connect-linux-connecting |
I've removed that dependency. It works without it.
how to remove it?
ive remove it. but when installing.
You have to do the same for each of the listed directories while running rpmrebuild
.
i now remove it but its not running. i got Segmentation fault.
when i run $ ./AWS\ VPN\ Client
this is the error:
(AWS VPN Client:4772): Gtk-CRITICAL **: 17:01:58.420: gtk_tree_model_iter_nth_child: assertion 'n >= 0' failed
(AWS VPN Client:4772): Gtk-CRITICAL **: 17:01:58.420: gtk_list_store_get_path: assertion 'iter->stamp == priv->stamp' failed
Segmentation fault (core dumped)
when i run with sudo. $sudo ./AWS\ VPN\ Client
** (AWS VPN Client:4827): WARNING **: 17:04:08.829: AT-SPI: Could not obtain desktop path or name
** (AWS VPN Client:4827): WARNING **: 17:04:08.831: atk-bridge: GetRegisteredEvents returned message with unknown signature
** (AWS VPN Client:4827): WARNING **: 17:04:08.831: atk-bridge: get_device_events_reply: unknown signature
** (AWS VPN Client:4827): WARNING **: 17:04:08.831: atk-bridge: get_device_events_reply: unknown signature
(AWS VPN Client:4827): Gtk-CRITICAL **: 17:04:15.102: gtk_tree_model_iter_nth_child: assertion 'n >= 0' failed
(AWS VPN Client:4827): Gtk-CRITICAL **: 17:04:15.102: gtk_list_store_get_path: assertion 'iter->stamp == priv->stamp' failed
Segmentation fault
this is the error:
(AWS VPN Client:4772): Gtk-CRITICAL **: 17:01:58.420: gtk_tree_model_iter_nth_child: assertion 'n >= 0' failed
(AWS VPN Client:4772): Gtk-CRITICAL **: 17:01:58.420: gtk_list_store_get_path: assertion 'iter->stamp == priv->stamp' failed
Segmentation fault (core dumped)
Did you read through my comment? Most likely you're still missing the chmod
on that SQLite file.
Please review all my other comments as they are likely to already solve your future issues.
I'm now using the client on a proper Fedora install. I didn't need to patch anything related to those telemetry invariants (runtimeconfig.json). So there's one step less.
you can try my builds https://copr.fedorainfracloud.org/coprs/vorona/aws-rpm-packages/
or build your own rpm with spec https://github.com/BOPOHA/aws-rpm-packages/blob/main/awsvpnclient/awsvpnclient.spec
i cut out a lot of dependencies for telemetry, debugging and tracing. And, for example, the Workspace client starts working much faster.
Tested on F36
I can confirm using the directions in this thread the AWS VPN Client is running on Fedora 36.
Confirming following the efforts in the thread gives me a vpn client that works as well for Fedora 36.
Looking at the logs in /var/log/aws-vpn-client/configure-dns-up.log
I did additionally see this error after resolving the error 127 from ip not being in the script's PATH:
busctl command exit code: 1, output: Call failed: Could not activate remote peer: activation request failed: unknown unit.
To resolve that I had to enable systemd-resolved: sudo systemctl enable --now systemd-resolved
After making sure that service was running I stopped getting the "Connection Failed" error.
I've followed the instructions above and can get the GUI to display, but when I try to connect I get the following error:
No usable version of libssl was found
[1] 32288 IOT instruction (core dumped) ./AWS\ VPN\ Client
Running a very recent install of Fedora 36. I have openssl
and openssl-devel
installed.
Edit: This seems related to the update to OpenSSL 3.x (from 1.x) that happened in Fedora 36. I'm not sure how others aren't seeing the same problem.
Edit 2: Installing OpenSSL-1 from source fixes the above problem. Now I get "Unknown error occurred. Try again".
@snorfalorpagus It sounds like you figured out the OpenSSL-1, but on my side I was able to use the openssl1.1 package in the fedora repos vs building from source. At least I believe that is why I have it installed.
Unsure about the unknown error though. Do you see any additional logs in the /var/log/aws-vpn-client
log files?
I didn't realise the older version of OpenSSL would be available as a separate package rather than another version of the same package. Thanks @jdollar.
The "unknown error occurred" above turned out to be the same issue, but in another place. When I installed OpenSSL 1.x it installed to /usr/local/lib64
which I was passing to the executable with LD_LIBRARY_PATH
. The problem was caused by the awsvpnclient
service crashing because it didn't know about this path. Fixing the environment for that fixed the problem, although I'll probably try it with the official package now instead.
you can try my builds https://copr.fedorainfracloud.org/coprs/vorona/aws-rpm-packages/
or build your own rpm with spec https://github.com/BOPOHA/aws-rpm-packages/blob/main/awsvpnclient/awsvpnclient.spec
i cut out a lot of dependencies for telemetry, debugging and tracing. And, for example, the Workspace client starts working much faster. Tested on F36
@BOPOHA , I've used your package on Fedora 36 and it's working now, but strangely I had to replace ip
with /usr/sbin/ip
in /opt/awsvpnclient/Service/Resources/openvpn/configure-dns
to get it to work.
Before that it was failing to connect and showing this in the log:
2022-11-25 13:06:17.424 -03:00 [DBG] >LOG:1669392377,I,/opt/awsvpnclient/Service/Resources/openvpn/configure-dns tun0 1500 1552 10.3.240.2 255.255.255.224 init
2022-11-25 13:06:17.446 -03:00 [DBG] >LOG:1669392377,F,WARNING: Failed running command (--up/--down): could not execute external program
I just updated to fedora 37 from 36 and my client stopped working. It outputs this error when starting it:
Process terminated. Couldn't find a valid ICU package installed on the system. Set the configuration flag System.Globalization.Invariant to true if you want to run with no globalization support.
at System.Environment.FailFast(System.String)
at System.Globalization.GlobalizationMode.GetGlobalizationInvariantMode()
at System.Globalization.GlobalizationMode..cctor()
at System.TimeZoneInfo.GetDisplayName(TimeZoneDisplayNameType, System.String ByRef)
at System.TimeZoneInfo..ctor(Byte[], System.String, Boolean)
at System.TimeZoneInfo.GetTimeZoneFromTzData(Byte[], System.String)
at System.TimeZoneInfo.GetLocalTimeZoneFromTzFile()
at System.TimeZoneInfo+CachedData.CreateLocal()
at System.CurrentSystemTimeZone..ctor()
at System.TimeZone.get_CurrentTimeZone()
at GLib.Marshaller..cctor()
at GLib.Marshaller.StringToPtrGStrdup(System.String)
at GLib.Global.set_ProgramName(System.String)
at Gtk.Application.SetPrgname()
at Gtk.Application.Init()
at ACVC.GTK.Program.Initialize()
at ACVC.GTK.Program.Main(System.String[])
Aborted (core dumped)
I have the package icu
installed. I found that adding DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
would resolve it but attempting to connect would be met with "unknown error occurred". I tried replacing the rpm package I repackaged my self using this thread with the copr version linked above but it encounters the same problem. I can't seem to find any logs that point me in a direction.
Has anyone else run into this?
@CL-BB I had the same issue when upgrading to Fedora 37.
I have the package
icu
installed. I found that addingDOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
would resolve it but attempting to connected would be met with "unknown error occurred". I tried removing the rpm package I repackaged my self using this thread with the copr version linked above but it encounters the same problem. I can't seem to find any logs that point me in a direction.Has anyone else run into this?
In addition to adding the environment variable to my .zshrc
:
export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
I also had to update /etc/systemd/system/awsvpnclient.service
so the service which runs as root
has it too.
[Service]
Type=simple
ExecStart=/opt/awsvpnclient/Service/ACVC.GTK.Service
Restart=always
RestartSec=1s
User=root
Environment=DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
[Install]
WantedBy=multi-user.target
I figured this out looking at the logs for the service:
journalctl _SYSTEMD_UNIT=awsvpnclient.service
@snorfalorpagus Yup that solved it! Thank you!
Someone released unofficial client written in rust, no external libraries are needed https://crates.io/crates/openaws-vpn-client
OS: Fedora 37
Thanks guys for all the info on this post! Extremely, extremely helpful. 💯 🙏
I ended up taking the easy/lazy route and used @BOPOHA 's build.
However, it did still require adding Environment=DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
to the awsvpnclient.service
file still as well as my .bashrc
file. So @snorfalorpagus thanks man!
Great thread all around.
Hope AWS releases a native RPM soon... 😬
edit: regarding BOPOHA's install instructions:
If you don't care or want workspacesclient
; you can just install openssl1.1
instead.
That dependency along with the env variable were the real juicers that got things to work.
Thanks @BOPOHA your builds are working for me with Fedora 37.
my exact steps to get everything running were:
-
run these commands
dnf copr enable vorona/aws-rpm-packages -y
dnf install awsvpnclient -y && systemctl start awsvpnclient
dnf install workspacesclient -y
dnf install icu
dnf install openssl
-
update ~/.bashrc to add the line:
export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
-
in /usr/lib/systemd/system/awsvpnclient.service add this line to the [service] section:
Environment=DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
-
run these commands:
systemctl daemon-reload
systemctl restart awsvpnclient
Then from my Start Menu I can run the AWS VPN Client application
- package
icu
is not installed on my system [*] openssl
is not required from my point of view, butopenssl1.1
is aworkspacesclient
dependency and installed automaticallyDOTNET_SYSTEM_GLOBALIZATION_INVARIANT
i dont understand what it is for [*]:
- the environment setting (~/.bashrc) has no effect on launching the application via the Start Menu application icon.
- pass the DOTNET_SYSTEM_GLOBALIZATION_INVARIANT env variable to the backed service is also strange
*
- I only have an integrated GPU, maybe that's the difference.
Or maybe you still have some garbage left from previous installations via alien/rpmrebuild.
Try the following:
dnf remove workspacesclient icu openssl1.1
rm -rf /opt/workspacesclient/ /usr/lib/x86_64-linux-gnu/pcoip-client/ /usr/share/applications/workspacesclient.desktop /opt/awsvpnclient /usr/share/applications/awsvpnclient.desktop
dnf install workspacesclient awsvpnclient
you can report an issue here
Confirming that the solution from @BOPOHA works on Fedora 37 Workstation. Thanks!
I was about to install a different OS.
I've got @BOPOHA 's build working on Fedora 37 Workstation as well, however, I've had to do similar to @martinrw.
I don't use workspaces, so am not installing that - here's what I ultimately needed to get it working - all based on reading the logs and resolving any errors:
sudo dnf copr enable vorona/aws-rpm-packages -y
sudo dnf install awsvpnclient icu openssl1.1 -y
- Add
Environment=DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
to the[Service]
section of/usr/lib/systemd/system/awsvpnclient.service
sudo systemctl start awsvpnclient
- Modify the desktop application launcher
Exec
line toExec=env DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1 /opt/awsvpnclient/AWSVPNClient
in/usr/share/applications/awsvpnclient.desktop
There are definitely some things BOPOHA says shouldn't be required, but they are on my setup.
Thanks for eveyone's pas comments here and for BOPOHA for providing a usable build.
Someone have check the compatibility of @BOPOHA build with the last version of AWS VPN Client in version 3.2.0 ?
I ask that because it's the last sotfware who block me to go on Fedora and not Ubuntu because i don't like Ubuntu.
I will check that on my side but this question is just in case if someone have already test.
Just stumbled across this gist, I can confirm that AWS did not made any significant changes in 3.2.0 (I am maintaining the AUR version 😉), so simple upgrade of the package should work.
I am certain most problems will be solved once AWS will support ubuntu 22.04, as they would then need to upgrade all the dependencies. Of course, it would be much easier if they would just open source their client...
you can try my builds https://copr.fedorainfracloud.org/coprs/vorona/aws-rpm-packages/
or build your own rpm with spec https://github.com/BOPOHA/aws-rpm-packages/blob/main/awsvpnclient/awsvpnclient.spec
i cut out a lot of dependencies for telemetry, debugging and tracing. And, for example, the Workspace client starts working much faster. Tested on F36
Getting one of @BOPOHA builds worked for me I just need to install this package https://fedora.pkgs.org/36/fedora-x86_64/openssl1.1-1.1.1n-1.fc36.x86_64.rpm.html and configure the ICU as define in this MS doc https://github.com/dotnet/core/blob/main/Documentation/build-and-install-rhel6-prerequisites.md#install-the-libraries-into-the-netcoredeps-subdirectory-of-your-net-core-application
Just want to add that up until today I was running Fedora 35 and this worked just fine. I started testing upgrades to 36 and 37, and while 36 worked out of the box, 37 broke with:
Process terminated. Couldn't find a valid ICU package installed on the system. Set the configuration flag System.Globalization.Invariant to true if you want to run with no globalization support.
at System.Environment.FailFast(System.String)
at System.Globalization.GlobalizationMode.GetGlobalizationInvariantMode()
at System.Globalization.GlobalizationMode..cctor()
at System.TimeZoneInfo.GetDisplayName(TimeZoneDisplayNameType, System.String ByRef)
at System.TimeZoneInfo..ctor(Byte[], System.String, Boolean)
at System.TimeZoneInfo.GetTimeZoneFromTzData(Byte[], System.String)
at System.TimeZoneInfo.GetLocalTimeZoneFromTzFile()
at System.TimeZoneInfo+CachedData.CreateLocal()
at System.CurrentSystemTimeZone..ctor()
at System.TimeZone.get_CurrentTimeZone()
at GLib.Marshaller..cctor()
at GLib.Marshaller.StringToPtrGStrdup(System.String)
at GLib.Global.set_ProgramName(System.String)
at Gtk.Application.SetPrgname()
at Gtk.Application.Init()
at ACVC.GTK.Program.Initialize()
at ACVC.GTK.Program.Main(System.String[])
Aborted (core dumped)
from the client. Adding the suggested DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
made the client work, but the service would then fail during the login process. Adding the same env var to the service file got it to work as well.
For the record, my package versions are:
openssl-3.0.8-1.fc37.x86_64
workspacesclient-4.5.0.2006-1.x86_64
icu-71.1-2.fc37.x86_64
awsvpnclient-3.2.0-1.x86_64
and, judging by the dnf logs it looks like ICU69 worked and 70 or 71 must be where it gets unhappy.
2023-03-02T14:46:35-0800 SUBDEBUG Upgrade: icu-71.1-2.fc37.x86_64
2023-03-02T14:47:22-0800 SUBDEBUG Upgraded: icu-69.1-6.fc36.x86_64
2023-03-02T14:49:29-0800 SUBDEBUG Upgraded: libicu-69.1-6.fc36.x86_64
2022-10-10T14:57:05-0700 SUBDEBUG Upgrade: libicu-69.1-6.fc35.x86_64
2022-10-10T15:11:01-0700 SUBDEBUG Upgraded: libicu-69.1-2.fc35.x86_64
@wrossmann thanks for detailed description. the issue with libicu > 69 fixed in awsvpnclient-3.4.0-1.x86_64
(no needs to use DOTNET_SYSTEM_GLOBALIZATION_INVARIANT environment variable)
I can confirm that just the following commands worked for me:
sudo dnf copr enable vorona/aws-rpm-packages -y
sudo dnf install awsvpnclient icu openssl1.1 -y
sudo systemctl start awsvpnclient
On Fedora 37
Thanks everyone for the work and the tips ❤️
(edit typos)
I've removed that dependency. It works without it.