Last active
April 30, 2024 18:57
-
-
Save miguelgmalpha/5c9e78d16312d156b0ec1d1c1bb09c1c to your computer and use it in GitHub Desktop.
AWS Client VPN with SAML for Fedora
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The AWS Client VPN for Linux is only provided for Ubuntu as a .deb package. I need it for Fedora. This was tested on Fedora 33. | |
| https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html | |
| Get the vpn client deb package. | |
| ``` | |
| curl https://d20adtppz83p9s.cloudfront.net/GTK/latest/awsvpnclient_amd64.deb -o awsvpnclient_amd64.deb | |
| ``` | |
| Install `alien` to convert the deb package to rpm. | |
| ``` | |
| dnf install alien.noarch -y | |
| ``` | |
| Convert the deb package to rpm. Some warnings will apper, don't worry. | |
| ``` | |
| alien -r awsvpnclient_amd64.deb --scripts | |
| ``` | |
| At this point, if I tried to install the generated rpm package, it failed because some conflicting folders. | |
| ``` | |
| Error: Transaction test error: | |
| file /etc from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /opt from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share/applications from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share/doc from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /usr/share/pixmaps from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package filesystem-3.14-3.fc33.x86_64 | |
| file /etc/systemd from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package systemd-246.14-1.fc33.x86_64 | |
| file /etc/systemd/system from install of awsvpnclient-1.0.0-2.x86_64 conflicts with file from package systemd-246.14-1.fc33.x86_64 | |
| ``` | |
| We need to edit the rpm package and remove these already existing folders from the package using rpmrebuild. Install rpmrebuild. | |
| ``` | |
| dnf install rpmrebuild.noarch -y | |
| ``` | |
| And then, edit the rpm package with rpmrebuild removing the previous conflicting folders. https://superuser.com/questions/133317/is-it-possible-to-modify-rebuild-an-rpm-without-the-srpm/133323#133323 | |
| ``` | |
| rpmrebuild -e -p awsvpnclient-1.0.0-2.x86_64.rpm | |
| find the line(s) you wish to change | |
| make changes | |
| save and exit your editor (Esc:wq! in vi[m], Ctrl-x s in emacs) | |
| rpmrebuild will ask if you want to continue | |
| answer 'yes' | |
| check the last line of the rpmrebuild output to find your package | |
| ``` | |
| The rpm has been rebuilt and stored in the mentioned folder. Now, install it, it should work now. | |
| ``` | |
| sudo dnf install /home/user/rpmbuild/RPMS/x86_64/awsvpnclient-1.0.0-2.x86_64.rpm -y | |
| Running transaction | |
| Preparing : 1/1 | |
| Installing : lttng-ust-2.12.0-3.fc33.x86_64 1/2 | |
| Running scriptlet: awsvpnclient-1.0.0-2.x86_64 2/2 | |
| + LOG_FOLDER=/var/log/aws-vpn-client | |
| + mkdir -p /var/log/aws-vpn-client | |
| + LOG_FILE=/var/log/aws-vpn-client/preinst.log | |
| + sudo systemctl stop awsvpnclient | |
| + sudo systemctl disable awsvpnclient | |
| + sudo systemctl daemon-reload | |
| + sudo systemctl reset-failed | |
| Installing : awsvpnclient-1.0.0-2.x86_64 2/2 | |
| Running scriptlet: awsvpnclient-1.0.0-2.x86_64 2/2 | |
| + set -e | |
| + LOG_FOLDER=/var/log/aws-vpn-client | |
| + mkdir -p /var/log/aws-vpn-client | |
| + LOG_FILE=/var/log/aws-vpn-client/postinst.log | |
| + sudo systemctl enable awsvpnclient | |
| + sudo systemctl start awsvpnclient | |
| Verifying : lttng-ust-2.12.0-3.fc33.x86_64 1/2 | |
| Verifying : awsvpnclient-1.0.0-2.x86_64 2/2 | |
| Installed: | |
| awsvpnclient-1.0.0-2.x86_64 lttng-ust-2.12.0-3.fc33.x86_64 | |
| Complete! | |
| ``` | |
| Follow the steps from the official documentation from here :) | |
| https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html#client-vpn-connect-linux-connecting |
I can confirm that just the following commands worked for me:
sudo dnf copr enable vorona/aws-rpm-packages -y
sudo dnf install awsvpnclient icu openssl1.1 -y
sudo systemctl start awsvpnclient
On Fedora 37
Thanks everyone for the work and the tips ❤️
(edit typos)
I do confirm that installing it like other mentioned works on Fedora 38
6.5.5-200.fc38.x86_64 #1 SMP PREEMPT_DYNAMIC Sun Sep 24 15:52:44 UTC 2023 x86_64 GNU/Linux
sudo dnf copr enable vorona/aws-rpm-packages -y
sudo dnf install awsvpnclient
sudo systemctl start awsvpnclient
I confirm that this works on Fedora 39.
@BOPOHA Thanks for the builds!
Can you also build it for aarch64?
@BOPOHA Thanks for the builds!
Can you also build it for aarch64?
I'm going to ruin this for you. AWS has not yet released a client for Apple Silicon, let alone for linux/aarch64, which they barely support anyway.
It is not working on fedora 40 :(
nothing provides openssl1.1 needed by awsvpnclient-3.11.0-1.x86_64 from copr:copr.fedorainfracloud.org:vorona:aws-rpm-packages
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@wrossmann thanks for detailed description. the issue with libicu > 69 fixed in awsvpnclient-3.4.0-1.x86_64
(no needs to use DOTNET_SYSTEM_GLOBALIZATION_INVARIANT environment variable)