Arch Linux User Repository

Here's the steps I did:

• Add VERSION=0

sudo cp /etc/os-release /etc/os-release.bak
sudo bash -c 'echo "VERSION=\"0\"" >> /etc/os-release'

• Patch the libLinuxCore

sudo perl -i.bak -0777 -pe '$c += s/c632b3df-fb67-4d84-bdcf-b95ad541b5c8/41b23e61-6c1e-4545-b367-cd054e0ed4b4/g' /opt/microsoft/microsoft-azurevpnclient/lib/libLinuxCore.so

• Add user to network group

sudo usermod -aG network <USER NAME>

• logout and login, or newgrp network

This successfully opened the browser for authentication, but apparently the Linux version uses a different application/resource ID than the Mac or Windows and an admin requires to give access to it by going to this address or through the panel: https://login.microsoftonline.com/common/adminconsent?client_id=ec494e19-467d-46cb-8442-c2c0379868ca

• note: this was all in vain. I ended up generating a openvpn config directly and connect to it from Linux. This bypasses the SSO login, but it's better than nothing.

Only thing I had to do was to add VERSION=0 to /etc/os-reLease and make the user a member of the network group. Without VERSION=0 the browser did not open so I couldn't login.

I tried the hex change also but then I get an error when logging in (has to do with the configuration of azure vpn at the azure side, it changes the clientID on which you connect. So this will probably vary per onganisation)

Anyway, working great now!

I'd like to add my experiences, and summarize some findings that the real experts in this thread has provided:

Connecting:

• You probably need to add VERSION=0 to /etc/os-release

• You probably need to fix the so-file using some hex-magic. I did it with this oneliner:

sudo perl -i.bak -0777 -pe '$c += s/c632b3df-fb67-4d84-bdcf-b95ad541b5c8/41b23e61-6c1e-4545-b367-cd054e0ed4b4/g; END { print STDERR "$c replacement(s)\n" }' /opt/microsoft/microsoft-azurevpnclient/lib/libLinuxCore.so

Using a downloaded and imported connection:

Having connected successfully, things still didn't work - nslookup showed correct results but actually trying to access resources didn't work. I added dns-suffixes for the services I actually use, and then things started working:

<clientconfig>
    <dnssuffixes>
        <dnssuffix>.privatelink.azconfig.io</dnssuffix>
        ...

Can confirm that the hex patch by @Ulvhedin worked for me straight out the gate (I already had systemd-resolved running). All I had to do was install the package, add the VERSION="0" field in /etc/os-release (I think the "0" field is optional, it's just that the field needs to be defined), and patched /opt/microsoft/microsoft-azurevpnclient/lib/libLinuxCore.so with sed, and logged in via firefox with no further issues, I was accessing my machines with no issues.

Maybe the issues that arise for other users have to do with the VPN settings themselves and I just got lucky that mine was configured in a way that works well with linux?

Just a note to anyone struggling.

There are two methods to setup and configure Azure VPN:

• Microsoft-registered App ID - c632b3df-fb67-4d84-bdcf-b95ad541b5c8
• Manually registered App ID - 41b23e61-6c1e-4545-b367-cd054e0ed4b4

If you're using Manually registered (41b23e61-6c1e-4545-b367-cd054e0ed4b4) then Linux is not supported apparently (See link).

I've struggled with this for a while now and can't make it work. I've tried the hex patch, and I've also tried changing the Audience GUID, tried all the combinations. Best I can get things to work is I get Authentication complete. You can return to the application. Feel free to close this browser tab. in my browser window, but then straight away in the VPN client I get:

Connection failed

ABC Connection failed: Connection dropped.
Session State: Key Material sent

See: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-entra-gateway

It seems our company switched from AzureVPN to FortiVPN, and I was following an old guide.

I have the same exact issue as @mathemaat

I have systemd-resolved: ● systemd-resolved.service - Network Name Resolution Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; enabled; preset: enabled) Active: active (running) since Mon 2025-11-10 16:13:09 EST; 1 day 1h ago

I added the clientconfig as suggested. I even added an extra suffix as the vpn server url: azuregateway-[guid?].vpn.azure.com

so added .vpn.azure.com

Just get: Connection failed: Can't reach VPN server.

No luck connecting for me unfortunately. I applied the UUID fix by Ulvhedin, I enabled systemd-resolved, and I added the client config iceman9665 posted. Also I checked that my user is in the network group.

With the UUID fix I can now successfully select my user account in the browser, but when I return to the program, the following error shows:

Connection failed: Can't reach VPN server

Unsure what to try/check next.

I was able to solve my issue. I don't think I have anything special going on and I can't make any changes on the VPN side.

Root cause was that the Azure VPN wasn't being used for DNS resolution. So I was getting the public IP which was then routed through the internet instead of the VPN.

dig is your friend. THe fix:

I had to add the following to the Azure vpn profile and re-import it. Now it always gets the private ip over VPN and routes over the VPN.

  <clientconfig>
    <dnssuffixes>
        <dnssuffix>.core.windows.net</dnssuffix>
        <dnssuffix>.documents.azure.com</dnssuffix>
    </dnssuffixes>
  ....

I confirm that the fix of Ulvhedin works for me. Based on the comment of iceman9665 I also needed to enable systemd-resolved which I was not using (I was receiving an error message that the app could not set DNS or something).