Arch Linux User Repository

Please note the following requirements for AWS VPN Client:

• If you depend on DNS servers from VPN you need to have a running systemd-resolved.service. Please ensure it does not conflict with any other DNS resolver service or configuration you may use. sudo systemctl --now enable systemd-resolved.service

• You have to enable and start the awsvpnclient.service after installation: sudo systemctl --now enable awsvpnclient

For troubelshooting its worth checking first the logs:

/home/$USER/.config/AWSVPNClient/
/var/log/aws-vpn-client/$USER/

See also the official docs: https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html

If you face any other problem please check the troubleshooting guide (DNS issues): https://docs.aws.amazon.com/vpn/latest/clientvpn-user/linux-troubleshooting.html#aws-provided-client

FWIW I submitted a support ticket and asked our Technical Account Manager to bump it to the team working on the client. So far no action.

IP forwarding is currently disabled when using the AWS Client VPN Desktop Application. It has been disabled since the launch of the service on December 18, 2018, in order to address an issue reported by NIST. We understand, however, that some customers may need this functionality for their services. While we do not have a specific date at this time, we do plan to safely enable IP forwarding in an upcoming release.

And this was in... August 2022. There were releases since, none has fixed it.

If you're up for it, you could do the same - create a support ticket to move this to the team. Maybe if there's enough voices, they will make this higher priority.

Has anyone looked into having it not constantly overwrite sysctl net.ipv4.ip_forward=0?

Yeah. It's a bit of a hack, but after installing or updating I modify /opt/awsvpnclient/Service/Resources/openvpn/configure-dns to turn forwarding back on right after it calls the configure_dns and reset_dns functions.

Has anyone looked into having it not constantly overwrite sysctl net.ipv4.ip_forward=0?

I guess they don't want you forwarding connections over a shared bastion (since you pay per connection) - but =1 may be needed for other purposes, such as running docker containers or building images with a bridged internet connection.

Hi all.

Yesterday I was connecting to the AWS VPN client without any issues. Today I turned on my laptop, connected to the VPN and immediately lost access to the internet.

I checked the versions and noticed that 3.2.0 was released on 23rd. Tried to install the new version and it solved the problem.

Just writing in case someone else has the same problem.

P.s: I can open a merge request with the changes if necessary, but to be honest I never changed any repo in AUR so I don't know what's the process like

2022-12-21 20:18:51.325 +03:00 [INF] Logger initialized 2022-12-21 20:18:51.354 +03:00 [DBG] Auto culture: Auto UI culture: 2022-12-21 20:18:51.434 +03:00 [INF] Loading attributes file from /home/suhayb/.config/AWSVPNClient/MetricsAttributes 2022-12-21 20:18:51.506 +03:00 [DBG] Metrics attributes saved to file: /home/suhayb/.config/AWSVPNClient/MetricsAttributes 2022-12-21 20:18:51.506 +03:00 [DBG] Database path: /home/suhayb/.config/AWSVPNClient/awsvpnclientmetrics.db 2022-12-21 20:18:51.576 +03:00 [INF] Loading profile store from /home/suhayb/.config/AWSVPNClient/ConnectionProfiles 2022-12-21 20:18:51.596 +03:00 [INF] Saving profile store to /home/suhayb/.config/AWSVPNClient/ConnectionProfiles 2022-12-21 20:18:51.631 +03:00 [DBG] User selected profile index: 0 2022-12-21 20:18:51.632 +03:00 [INF] Loading preferences file from /home/suhayb/.config/AWSVPNClient/Preferences 2022-12-21 20:18:51.632 +03:00 [DBG] Current metadata schema version is 1, which is less or equal to current supported version: 1. 2022-12-21 20:18:51.640 +03:00 [DBG] Current preferences schema version is 1, which is less or equal to current supported version: 1. 2022-12-21 20:18:51.666 +03:00 [ERR] Exception occurred while initializing tables Unable to load shared library 'SQLite.Interop.dll' or one of its dependencies. In order to help diagnose loading problems, consider setting the LD_DEBUG environment variable: libSQLite.Interop.dll: cannot open shared object file: No such file or directory at System.Data.SQLite.UnsafeNativeMethods.sqlite3_config_none(SQLiteConfigOpsEnum op) at System.Data.SQLite.SQLite3.StaticIsInitialized() at System.Data.SQLite.SQLiteLog.PrivateInitialize(String className) at System.Data.SQLite.SQLiteLog.Initialize(String className) at System.Data.SQLite.SQLiteConnection..ctor(String connectionString, Boolean parseViaFramework) at System.Data.SQLite.SQLiteConnection..ctor(String connectionString) at ACVC.Core.Utils.DatabaseUtils.TableExists(String databaseFile, String tableName) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/Utils/DatabaseUtils.cs:line 166 at ACVC.Core.Utils.DatabaseUtils.InitializeTables(String databaseFile) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/Utils/DatabaseUtils.cs:line 48 2022-12-21 20:18:51.666 +03:00 [DBG] Metric agent started

I also add the same issue and installing openssl-1.1 solved it.

$ uname -r
5.15.78-1-MANJARO

Like @cotko and @charrington said, I've encountered the same issue and the proposed solution also worked.

(I'm running Arch Linux)

I have same problem with No usable version of libssl was found as @charrington mentioned since latest sys update. And is also gone after installing openssl-1.1.

@charrington I cannot reproduce your issue. It works totally fine with the normal openssl (3.x as of today) package (what should be installed by default), the openssl-1.1 package is definitely not required. Do you use any other distribution than the main stream arch linux?