| Git Clone URL: | https://aur.archlinux.org/awsvpnclient.git (read-only, click to copy) |
|---|---|
| Package Base: | awsvpnclient |
| Description: | AWS VPN Client |
| Upstream URL: | https://aws.amazon.com/vpn/ |
| Keywords: | aws aws-clientvpn aws-vpn aws-vpnclient clientvpn |
| Licenses: | custom |
| Submitter: | project0 |
| Maintainer: | project0 |
| Last Packager: | project0 |
| Votes: | 9 |
| Popularity: | 0.001063 |
| First Submitted: | 2021-06-26 08:56 (UTC) |
| Last Updated: | 2024-04-25 14:45 (UTC) |
@7thSon Can you share more details about the error you retrieve? I still do not understand at which point you face problems (opening the browser? Error message before?). Did you also checked the logs in /home/$USER/.config/AWSVPNClient/?
Do you use federated-auth (SAML)?
I'm also having problems with this, at the end of the log I get this:
2021-07-05 11:07:41.412 +02:00 [DBG] [TI=13] Starting OpenVPN process with command: "/opt/awsvpnclient/Service/Resources/openvpn/acvc-openvpn" --config "/home/user/.config/AWSVPNClient/OpenVpnConfigs/AWSVPN" --management 127.0.0.1 8096 "/home/user/.config/AWSVPNClient/acvc-8096.txt" --management-query-passwords --script-security 2 --up /opt/awsvpnclient/Service/Resources/openvpn/configure-dns --down /opt/awsvpnclient/Service/Resources/openvpn/configure-dns --up-restart --down-pre
2021-07-05 11:07:41.413 +02:00 [DBG] [TI=11] Listening for OpenVPN output from [4121]
2021-07-05 11:07:41.422 +02:00 [DBG] [TI=11] [PID: 4121] Mon Jul 5 11:07:41 2021 WARNING: file '/home/user/.config/AWSVPNClient/acvc-8096.txt' is group or others accessible
2021-07-05 11:07:41.423 +02:00 [DBG] [TI=11] [PID: 4121] Mon Jul 5 11:07:41 2021 OpenVPN 2.4.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 19 2021
2021-07-05 11:07:41.423 +02:00 [DBG] [TI=11] [PID: 4121] Mon Jul 5 11:07:41 2021 library versions: OpenSSL 1.0.2u 20 Dec 2019
2021-07-05 11:07:41.423 +02:00 [DBG] [TI=11] [PID: 4121] Mon Jul 5 11:07:41 2021 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:8096
2021-07-05 11:07:41.423 +02:00 [DBG] [TI=11] [PID: 4121] Mon Jul 5 11:07:41 2021 Need password(s) from management interface, waiting...
2021-07-05 11:07:42.433 +02:00 [DBG] [TI=13] Wait for OpenVPN processes to finish graceful shutdown
2021-07-05 11:07:42.439 +02:00 [DBG] [TI=13] OpenVPN process may still in graceful shutdown. Sleep 300 ms
2021-07-05 11:07:42.750 +02:00 [DBG] [TI=13] OpenVPN process may still in graceful shutdown. Sleep 300 ms
2021-07-05 11:07:43.073 +02:00 [DBG] [TI=13] OpenVPN process may still in graceful shutdown. Sleep 300 ms
2021-07-05 11:07:43.396 +02:00 [DBG] [TI=13] Finished waiting OpenVPN graceful shutdown. Proceed with killing any orphaned OpenVPN processes
2021-07-05 11:07:43.406 +02:00 [DBG] Attempting to kill process: 4121
2021-07-05 11:07:43.506 +02:00 [DBG] Orphaned process are alive: False
2021-07-05 11:07:43.506 +02:00 [DBG] [TI=13] Attempting to restore /etc/resolv.conf if /etc/resolv.conf.ovpnsave exists
2021-07-05 11:07:43.506 +02:00 [DBG] [TI=13] /etc/resolv.conf.ovpnsave not found
It looks like the process expects a password from a management interface, but then immediately fails and shuts down openvpn.
I have set up systemd-resolved and awsvpnclient services as instructed here, as well as updated nsswitch.conf. When I start the awsvpn gui client and try to connect I still get the "Unknown error occurred. Try again" error dialog.
I also tried xdg-open 'http://google.com' and it opens up a browser tab just fine.
@damentz Thanks! For some reason it worked out well. Took some time to figure out the nss which even broke my boot up and wifi connection on boot.
Regardless it worked! I am amazed at how efficient the AUR community is.
@dcaixinha The log message you shared looks normal to me.
Can you check if xdg-open 'http://google.de' works (package xdg-utils if not installed..) ? Maybe there is just an issue with opening the browser (Not sure if this is the mechanism the AWS tool is using)
I've followed the suggestions below to enable systemd-resolved and awsvpnclient services, they're both running, but when I try to connect I get an "unexpected error" message and in the logs I see:
2021-06-30 15:32:07.409 +01:00 [DBG] [TI=18] [PID: 5416] Wed Jun 30 15:32:07 2021 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:8096
2021-06-30 15:32:07.409 +01:00 [DBG] [TI=18] [PID: 5416] Wed Jun 30 15:32:07 2021 Need password(s) from management interface, waiting...
I'm using federated-auth in the client config and it should open up a browser window when it reaches this stage, but nothing happens. Any hints from anyone?
@ambots13, if you didn't have systemd-resolved originally, that means you still have more to configure. Check the wiki: https://wiki.archlinux.org/title/Systemd-resolved
1) Their first suggestion is to replace /etc/resolv.conf with a symlink to systemd-resolved's stub: ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf.
2) Update /etc/NetworkManager/NetworkManager.conf to specify which DNS subsystem you're using:
# Configuration file for NetworkManager.
# See "man 5 NetworkManager.conf" for details.
[main]
dns=systemd-resolved
3) Update /etc/nsswitch.conf to support resolve resolution: https://man.archlinux.org/man/nss-resolve.8
For example: hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
Distributions that are configured to use systemd-resolved do all these things ahead of time, but to convert over from a non-systemd-resolved system requires more than simply turning on the service. You have to inform your system to use it at the network manager and system level, as shown in the examples above.
Please note the following requirements for AWS VPN Client:
If you depend on DNS servers from VPN you need to have a running systemd-resolved.service.
Please ensure it does not conflict with any other DNS resolver service or configuration you may use.
sudo systemctl --now enable systemd-resolved.service
You have to enable and start the awsvpnclient.service after installation:
sudo systemctl --now enable awsvpnclient
For troubelshooting its worth checking first the logs:
/home/$USER/.config/AWSVPNClient/
/var/log/aws-vpn-client/$USER/
See also the official docs: https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html
If you face any other problem please check the troubleshooting guide (DNS issues): https://docs.aws.amazon.com/vpn/latest/clientvpn-user/linux-troubleshooting.html#aws-provided-client
Hey there, just updated the package with a patched desktop file (KDE).
@jantman Thanks sharing the fixes in KDE,
I have managed to run system-resolved followed by enable system-resolved.service
However, I still can't connect. Is there a specific config I need to modify that is not out of the box?
I am new to arch btw
Pinned Comments
project0 commented on 2021-06-28 15:58 (UTC) (edited on 2024-02-12 11:07 (UTC) by project0)
Please note the following requirements for AWS VPN Client:
If you depend on DNS servers from VPN you need to have a running systemd-resolved.service. Please ensure it does not conflict with any other DNS resolver service or configuration you may use.
sudo systemctl --now enable systemd-resolved.serviceYou have to enable and start the awsvpnclient.service after installation:
sudo systemctl --now enable awsvpnclientFor troubelshooting its worth checking first the logs:
See also the official docs: https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html
If you face any other problem please check the troubleshooting guide (DNS issues): https://docs.aws.amazon.com/vpn/latest/clientvpn-user/linux-troubleshooting.html#aws-provided-client