AWS Client VPN on Ubuntu 22.04?

Seems AWS should update (or the dependency they are using?) their SW to use ssllib3, instead of the not-included ssllib1.1. You can install it manually (assuming 64-bit linux architecture on Intel/AMD here):

wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb
dpkg -i ./libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb

Though the version keeps changing there, so please look out for the latest one via http://security.ubuntu.com/ubuntu/pool/main/o/openssl.

The following package addition should help.

wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.0g-2ubuntu4_amd64.deb
sudo dpkg -i libssl1.1_1.1.0g-2ubuntu4_amd64.deb

the problem seems to be related to dotnet not using the libssl3 (which is the only choice available in 22.04).

Installing libssl1.1 from Ubuntu 20.04 seems to solve the issue.

Here is the stack overflow with a work around https://askubuntu.com/questions/1406567/amazon-workspaces-client-not-working-on-22-04

Had the same issue on Ubuntu 23.04 Kept getting "Unable to connect" after a succseful authentication. This did the trick - https://askubuntu.com/questions/1406567/amazon-workspaces-client-not-working-on-22-04

Perhaps someone at @aws can provide an official fix so we dont have to make this workaround?

Any update on the support for 23.04?

I have contacted AWS support about this and their is pretty much that they're not actively maintaining the Client VPN for Linux. I was told that there is an open feature request to support the current Ubuntu LTS release, but apparently this isn't planned yet. (Due to a combination of lack of customer interest / lack of maintenance of the Linux client)

If you're planning to use the Client VPN from Linux I would suggest you open a case and request them to resume basic maintenance of the client. As they're obviously not pro-active with this kind of thing otherwise.

For Ubuntu 23.04 to work you need two steps:

1. You have to install libssl1 as specified in the rest of the posts
2. You have to set the DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1 in your environment, best thing is to add to your ~/.bashrc file the entry export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
3. You need to change your service file /etc/systemd/system/awsvpnclient.service. In particular you need to add the line Environment=DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1. Your end file will look like:

[Service]
Type=simple
ExecStart=/opt/awsvpnclient/Service/ACVC.GTK.Service
Restart=always
RestartSec=1s
User=root
Environment=DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1

[Install]
WantedBy=multi-user.target

This solves the "Unknown error occurred. Try again."

I am getting this in Ubuntu 23.04 and Debian 12 (same config is working in Debian 11 and Ubuntu 22). Config is federated with okta

2023-10-18 08:09:43.091 -05:00 [DBG] Received exception for connection state Disconnected. Show error message to user
2023-10-18 08:09:43.091 -05:00 [ERR] Exception received by connect window view model
Tmds.DBus.ConnectException: Connection refused awsvpnclient
 ---> System.Net.Internals.SocketExceptionFactory+ExtendedSocketException (111): Connection refused awsvpnclient
   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
   at System.Net.Sockets.Socket.UnsafeBeginConnect(EndPoint remoteEP, AsyncCallback callback, Object state, Boolean flowContext)
   at System.Net.Sockets.Socket.BeginConnect(EndPoint remoteEP, AsyncCallback callback, Object state)
   at System.Net.Sockets.Socket.ConnectAsync(EndPoint remoteEP)
   at System.Net.Sockets.SocketTaskExtensions.ConnectAsync(Socket socket, EndPoint remoteEP)
   at Tmds.DBus.Transports.TransportSocket.ConnectAsync(EndPoint endPoint)
   at Tmds.DBus.Transports.TransportSocket.ConnectUnixAsync(AddressEntry entry, CancellationToken cancellationToken, Boolean supportsFdPassing)
   at Tmds.DBus.Transports.Transport.ConnectAsync(AddressEntry entry, ClientSetupResult connectionContext, CancellationToken cancellationToken)
   at Tmds.DBus.DBusConnection.ConnectAsync(ClientSetupResult connectionContext, Action`1 onDisconnect, CancellationToken cancellationToken)
   at Tmds.DBus.Connection.DoConnectAsync()
   --- End of inner exception stack trace ---
   at Tmds.DBus.Connection.DoConnectAsync()
   at Tmds.DBus.Connection.ConnectAsync()
   at ACVC.Core.OpenVpn.OvpnGtkServiceClient.StartVpnAsync(String[] ovpnConfigFileContents, String[] managementPortPasswordFileContents) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnGtkServiceClient.cs:line 24
   at ACVC.Core.OpenVpn.OvpnGtkProcessManager.Start(String openVpnConfigPath, String managementPortPasswordFile, Int32 timeoutMilliseconds) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnProcessManager.cs:line 750
   at ACVC.Core.OpenVpn.OvpnConnectionManager.Connect(OvpnConnectionProfile configProfile, GetCredentialsCallback getCredentialsCallback, Int32 timeout) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnConnectionManager.cs:line 989
2023-10-18 08:09:43.099 -05:00 [DBG] Inserted event UI_APP_VPN_CONNECT_GENERAL_ERROR 1 to MetricsTable
2023-10-18 08:09:43.101 -05:00 [DBG] Inserted event UI_APP_VPN_CONNECT_GENERAL_ERROR 1 to AnalyticsTable
2023-10-18 08:09:43.103 -05:00 [DBG] Inserted event UI_APP_VPN_CONNECT_ATTEMPT_FAIL_UNCATEGORIZED_ERROR 1 to MetricsTable
2023-10-18 08:09:43.105 -05:00 [DBG] Inserted event UI_APP_VPN_CONNECT_ATTEMPT_FAIL_UNCATEGORIZED_ERR 1 to AnalyticsTable
2023-10-18 08:09:43.105 -05:00 [DBG] Clean up connections. Connection state: Connecting```