- Newest
- Most votes
- Most comments
Seems AWS should update (or the dependency they are using?) their SW to use ssllib3, instead of the not-included ssllib1.1. You can install it manually (assuming 64-bit linux architecture on Intel/AMD here):
wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb
dpkg -i ./libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb
Though the version keeps changing there, so please look out for the latest one via http://security.ubuntu.com/ubuntu/pool/main/o/openssl.
The following package addition should help.
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.0g-2ubuntu4_amd64.deb
sudo dpkg -i libssl1.1_1.1.0g-2ubuntu4_amd64.deb
the problem seems to be related to dotnet not using the libssl3 (which is the only choice available in 22.04).
Installing libssl1.1 from Ubuntu 20.04 seems to solve the issue.
Here is the stack overflow with a work around https://askubuntu.com/questions/1406567/amazon-workspaces-client-not-working-on-22-04
Had the same issue on Ubuntu 23.04 Kept getting "Unable to connect" after a succseful authentication. This did the trick - https://askubuntu.com/questions/1406567/amazon-workspaces-client-not-working-on-22-04
Perhaps someone at @aws can provide an official fix so we dont have to make this workaround?
I have contacted AWS support about this and their is pretty much that they're not actively maintaining the Client VPN for Linux. I was told that there is an open feature request to support the current Ubuntu LTS release, but apparently this isn't planned yet. (Due to a combination of lack of customer interest / lack of maintenance of the Linux client)
If you're planning to use the Client VPN from Linux I would suggest you open a case and request them to resume basic maintenance of the client. As they're obviously not pro-active with this kind of thing otherwise.
In a recent communication they have let me know that support for Ubuntu 22.04 is under active development. No specific ETA yet, but it sounds like it's in the pipeline.
For Ubuntu 23.04 to work you need two steps:
- You have to install libssl1 as specified in the rest of the posts
- You have to set the DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1 in your environment, best thing is to add to your
~/.bashrc
file the entryexport DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
- You need to change your service file
/etc/systemd/system/awsvpnclient.service
. In particular you need to add the lineEnvironment=DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
. Your end file will look like:
[Service]
Type=simple
ExecStart=/opt/awsvpnclient/Service/ACVC.GTK.Service
Restart=always
RestartSec=1s
User=root
Environment=DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
[Install]
WantedBy=multi-user.target
This solves the "Unknown error occurred. Try again."
There are safer ways to edit a service file, and you probably should have the variable, and value in a string. https://serverfault.com/questions/413397/how-to-set-environment-variable-in-systemd-service. You also will need to run
sudo systemctl daemon-reload
after updating the service file.
I am getting this in Ubuntu 23.04 and Debian 12 (same config is working in Debian 11 and Ubuntu 22). Config is federated with okta
2023-10-18 08:09:43.091 -05:00 [DBG] Received exception for connection state Disconnected. Show error message to user 2023-10-18 08:09:43.091 -05:00 [ERR] Exception received by connect window view model Tmds.DBus.ConnectException: Connection refused awsvpnclient ---> System.Net.Internals.SocketExceptionFactory+ExtendedSocketException (111): Connection refused awsvpnclient at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.Net.Sockets.Socket.UnsafeBeginConnect(EndPoint remoteEP, AsyncCallback callback, Object state, Boolean flowContext) at System.Net.Sockets.Socket.BeginConnect(EndPoint remoteEP, AsyncCallback callback, Object state) at System.Net.Sockets.Socket.ConnectAsync(EndPoint remoteEP) at System.Net.Sockets.SocketTaskExtensions.ConnectAsync(Socket socket, EndPoint remoteEP) at Tmds.DBus.Transports.TransportSocket.ConnectAsync(EndPoint endPoint) at Tmds.DBus.Transports.TransportSocket.ConnectUnixAsync(AddressEntry entry, CancellationToken cancellationToken, Boolean supportsFdPassing) at Tmds.DBus.Transports.Transport.ConnectAsync(AddressEntry entry, ClientSetupResult connectionContext, CancellationToken cancellationToken) at Tmds.DBus.DBusConnection.ConnectAsync(ClientSetupResult connectionContext, Action`1 onDisconnect, CancellationToken cancellationToken) at Tmds.DBus.Connection.DoConnectAsync() --- End of inner exception stack trace --- at Tmds.DBus.Connection.DoConnectAsync() at Tmds.DBus.Connection.ConnectAsync() at ACVC.Core.OpenVpn.OvpnGtkServiceClient.StartVpnAsync(String[] ovpnConfigFileContents, String[] managementPortPasswordFileContents) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnGtkServiceClient.cs:line 24 at ACVC.Core.OpenVpn.OvpnGtkProcessManager.Start(String openVpnConfigPath, String managementPortPasswordFile, Int32 timeoutMilliseconds) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnProcessManager.cs:line 750 at ACVC.Core.OpenVpn.OvpnConnectionManager.Connect(OvpnConnectionProfile configProfile, GetCredentialsCallback getCredentialsCallback, Int32 timeout) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnConnectionManager.cs:line 989 2023-10-18 08:09:43.099 -05:00 [DBG] Inserted event UI_APP_VPN_CONNECT_GENERAL_ERROR 1 to MetricsTable 2023-10-18 08:09:43.101 -05:00 [DBG] Inserted event UI_APP_VPN_CONNECT_GENERAL_ERROR 1 to AnalyticsTable 2023-10-18 08:09:43.103 -05:00 [DBG] Inserted event UI_APP_VPN_CONNECT_ATTEMPT_FAIL_UNCATEGORIZED_ERROR 1 to MetricsTable 2023-10-18 08:09:43.105 -05:00 [DBG] Inserted event UI_APP_VPN_CONNECT_ATTEMPT_FAIL_UNCATEGORIZED_ERR 1 to AnalyticsTable 2023-10-18 08:09:43.105 -05:00 [DBG] Clean up connections. Connection state: Connecting```
Relevant content
- asked 10 months ago
- asked 2 years ago
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 7 months ago
Keep in mind that this means that you will have a version of openssl installed outside of your package manager and you will not get any security fixes for this library unless you manually download and install the patched version.
It's really should not be an acceptable workaround because AWS refuses to maintain their Linux VPN Client.
wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb gives 404 now