AWS Client VPN not working on Linux Mint

Question

I am currently an AWS user, regularly using the AWS Client VPN on windows. I recently setup a new Linux Mint box that I would prefer to work on and installed the Client VPN on it.

At first, It would start up until I created a profile, at which point it would crash shortly after opening. Some research uncovered the need to install libssl1.1, which I did. This resolved the crashing issue.

Next, I followed the instructions on the AWS Linux Troubleshooting page, and installed and verified resolvconf, but still couldn't connect to the VPN.

Following the page's instructions, I added script-security 2 and the up and down directives to my openvpn configuration. The result of this is a connection failure - one OpenVPN log says it won't resolve the address to reach the VPN endpoint, another OpenVPN log says "script-security 2 contains flags that are not supported. Fail the import" and appears to stop the resolving process there. Removing the script-security and up and down lines results in an infinite Re-establishing Connection message. There's probably something simple I'm missing that I haven't found on Google or elsewhere, whether it's a config setting or another library.

Thanks in advance.

Answer

I did follow the pre-requisites, installing the AWS Client VPN from the .deb package, and looking at the aws client log, I can see that it's already prepending a random string to the endpoint url before it attempts to resolve the url.

> LOG:1712668660,N,RESOLVE: Cannot resolve host address: f7cb9785179c.cvpn-endpoint-.prod.clientvpn.us-east-2.amazonaws.com:443 (Name does not resolve)

If need be, I can install the older LTS Ubuntu version, but I hope to see support soon for the current Ubuntu LTS version, 22.04, which Mint is based on.

Answer

Hi, I understand that you are facing connection issues for your VPN on Linux Mint. The following are some troubleshooting steps that you can take to determine the source of your issue:

Prerequisite - https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html#client-vpn-connect-linux-req

Currently the VPN Client for Linux is only supported for Ubuntu 18.04 LTS and 20.04 LTS. It does not mean that it can not work, but the resources for its support are limited.

Also, when you use openVPN you have to add random string to the Client VPN endpoint DNS name otherwise it will through error "won't resolve the address to reach the VPN endpoint".

Locate the line that specifies the Client VPN endpoint DNS name, and prepend a random string to it so that the format is random_string.displayed_DNS_name. For example:
Original DNS name: cvpn-endpoint-0102bc4c2eEXAMPLE.prod.clientvpn.us-west-2.amazonaws.com
Modified DNS name: xyz.cvpn-endpoint-0102bc4c2eEXAMPLE.prod.clientvpn.us-west-2.amazonaws.com

- Save and close the Client VPN endpoint configuration file.
- Distribute the Client VPN endpoint configuration file and the client certificate and key to your clients.

AWS Client VPN not working on Linux Mint

Relevant content