VPN connections fail on Fedora 41

[wrossmann]

One of my devs upgraded to Fedora 41 which broke his VPN with the message "Connection failed, Try Again".

We've tracked it down to /opt/awsvpnclient/Resources/openvpn/configure-dns which logged the following:

Tue Nov 26 13:55:13 PST 2024 Executing up script with parameters 'tun0 1500 0 10.255.66.162 255.255.255.224 init'
Tue Nov 26 13:55:13 PST 2024 Configuring to use DNS servers from OpenVPN
Tue Nov 26 13:55:13 PST 2024 Getting DNS servers from OpenVPN
Tue Nov 26 13:55:13 PST 2024 foreign_option_1 from OpenVPN: dhcp-option DNS 172.29.0.2
Tue Nov 26 13:55:13 PST 2024 Getting device index for tun0
Tue Nov 26 13:55:13 PST 2024 'ip link show dev tun0' exit code: 127, output:

Which indicates that the ip binary cannot be found. This may have something to do with the Fedora changes surrounding sbin lately, but the PATH in the environment in which this script is running seems to have neither /sbin/ nor /usr/sbin in its PATH.

We have temporarily worked around this with ln -s /usr/sbin/ip /bin/ip which seems to let the VPN work.

I have replicated this issue and workaround on a fresh Fedora 41 install in a VM.

[krg-digital]

Mentioned here with the same solution a few comments down in the discussion.

[wrossmann]

Google failed me utterly, and I lost an afternoon to tracking this down.

Going to leave this one open, though. IMO there should be an issue specifically about it even if the discussion is happening elsewhere. Though I won't get salty if a maintainer disagrees.