By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Any workarounds to run AWS Client VPN on Ubuntu 22.10?

4

I am forced to use AWS Client VPN. My organisation uses SAML-based authentication. Therefore OpenVPN client cannot be used.

I successfully used AWS Client VPN version 3.3.0 with Ubuntu 22.04, using workarounds described in https://repost.aws/questions/QUNJeF_ja_Suykous7EvfX5Q/aws-client-vpn-on-ubuntu-22-04. After I updated my system to Ubuntu 22.10, a different problem appeared and I am unable to connect.

I found a solution to:

Process terminated. Couldn't find a valid ICU package installed on the system. Set the configuration flag System.Globalization.Invariant to true if you want to run with no globalization support.
   at System.Environment.FailFast(System.String)
   at System.Globalization.GlobalizationMode.GetGlobalizationInvariantMode()
   at System.Globalization.GlobalizationMode..cctor()

Ubuntu 22.10 comes with libicu71. I don't have older versions available. I solved the problem based on a StackOverflow question, so with export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1.

Setting the env var makes the app start successfully. But I am block by the final problem: clicking 'Connect' button ends with a window saying

Unknown error ocurred. Try again.

Browsing logs from ~/.config/AWSVPNClient/logs shows:

2023-05-10 19:02:04.024 +02:00 [DBG] Starting OpenVpn process
2023-05-10 19:02:04.048 +02:00 [DBG] Received exception for connection state Disconnected. Show error message to user
2023-05-10 19:02:04.048 +02:00 [ERR] Exception received by connect window view model
Tmds.DBus.ConnectException: Connection refused awsvpnclient
 ---> System.Net.Internals.SocketExceptionFactory+ExtendedSocketException (111): Connection refused awsvpnclient

This looks like a new problem to me. The question for Ubuntu 22.04 mentioned libssl, but there the problem manifested itself with a hard crash with core dump.

I tried different versions of libssl1.1:

  • libssl1.1_1.1.0g-2ubuntu4_amd64.deb
  • libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb (this worked for me when using Ubuntu 22.04)
  • libssl1.1_1.1.1f-1ubuntu2.18_amd64.deb

But nothing changes.

  • PiotrKubowiczSup
    2 years ago

    More on 'connection refused'. When everything worked, logs were:

    [DBG] OvpnGtkServiceClient connected. Calling StartVpnAsync
[DBG] OvpnGtkServiceClient received OpenVPN process PID: 62858
[INF] Connecting to management interface... host 127.0.0.1, port 8096
[DBG] Socket connected

    Now the exception is:

       at Tmds.DBus.Connection.DoConnectAsync()
   at Tmds.DBus.Connection.ConnectAsync()
   at ACVC.Core.OpenVpn.OvpnGtkServiceClient.StartVpnAsync(String[] ovpnConfigFileContents, String[] managementPortPasswordFileContents) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnGtkServiceClient.cs:line 24
   at ACVC.Core.OpenVpn.OvpnGtkProcessManager.Start(String openVpnConfigPath, String managementPortPasswordFile, Int32 timeoutMilliseconds) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnProcessManager.cs:line 695
   at ACVC.Core.OpenVpn.OvpnConnectionManager.Connect(OvpnConnectionProfile ckonfigProfile, GetCredentialsCallback getCredentialsCallback, Int32 timeout) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnConnectionManager.cs:line 862
  • Jack S
    2 years ago

    Same exact issue on Ubuntu 23.04

Topics
Networking & Content Delivery
Tags
AWS Client VPN
Language
English
PiotrKubowiczSup
asked 2 years ago332 views
1 Answer
0

Hello PiotrKubowiczSup, thank you for providing the detailed error message. Let's break down the problem and explore some potential solutions.

The error message indicates that the OpenVPN process is failing to start due to a connection refusal. This is different from the libssl issue you mentioned, which resulted in a crash with a core dump. Here are some steps to troubleshoot and potentially resolve the issue:

Verify SAML Configuration: Ensure that your SAML-based authentication is correctly configured in the AWS Client VPN endpoint. Double-check the SAML provider settings and make sure they match your organization's identity provider configuration.

Check AWS VPN Client Version: Make sure you're using the latest version of the AWS VPN Client compatible with Ubuntu 22.04. Older versions might have compatibility issues with newer operating systems.

Verify Network Connectivity: Ensure that your system can reach the necessary AWS endpoints. Try accessing the AWS Management Console or other AWS services to confirm basic connectivity.

Check System Permissions: The error message suggests a possible permission issue. Verify that the user running the AWS VPN Client has the necessary permissions to establish connections.

Examine System Logs: Look for additional error messages or warnings in the system logs that might provide more context about the connection refusal. You can use the following command to check system logs:

sudo journalctl -u awsvpnclient.service

Reinstall AWS VPN Client: If the issue persists, try uninstalling and reinstalling the AWS VPN Client. Make sure to follow the official AWS documentation for the installation process specific to Ubuntu 22.04.

Verify DBus Configuration: The error message mentions a DBus-related issue. Ensure that the DBus service is running and properly configured on your system. You can check its status with:

systemctl status dbus

Firewall Configuration: Check if any local firewall rules are blocking the AWS VPN Client. Temporarily disable the firewall to test if it resolves the issue (remember to re-enable it afterward).

If none of the above steps resolve the issue, it may be necessary to contact AWS Support for further assistance. They can provide more specific guidance based on your Client VPN endpoint configuration and SAML setup. To verify if the problem has been solved after trying these steps, attempt to connect using the AWS VPN Client again. If successful, you should be able to establish a connection without encountering the previous error message.

Additional Resources:

https://docs.aws.amazon.com/vpn/latest/clientvpn-user/linux-troubleshooting.html

https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-cannot-connect.html

https://docs.aws.amazon.com/vpn/latest/clientvpn-user/common-troubleshooting.html

Best of luck and thank you for using AWS!

Brian

profile pictureAWS
BrianDAnderson_AWS
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content