AWS Client VPN for Linux

[ivankovnatsky]

Project description AWS Client VPN for Linux

Metadata

• homepage URL: https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-user-what-is.html
• source URL: https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html
• license: unfree
• platforms: linux

PR: https://github.com/NixOS/nixpkgs/pull/128262

[mcwitt]

I've started working on this here but am running into a few issues with patching the binaries (I've been trying various methods here). I'm pretty new to contributing to nixpkgs (and this is my first attempt at packaging a binary), so I'd really appreciate advice from someone with more experience.

So far I've found that the autoPatchelfHook method doesn't appear to work: it doesn't seem to recognize the dependency on icu, and the resulting binary immediately terminates with Process terminated. Couldn't find a valid ICU package installed on the system.. I've had more success with either

• manually patching the .so files and executables with patchelf (in addition to the deps that autoPatchelf picks up, I also need to include gtk3 and icu in the library path passed to --set-rpath)
• using buildFHSUserEnv

but both of these methods result in a binary that immediately shows a dialog There was a problem. Please report the issue. with nothing logged to the terminal or to ~/.nix-profile/var/log as far as I can tell.

I'll keep plugging away at this, but feel free to advise / take over if you have more experience :slightly_smiling_face:

[mcwitt]

In case it's helpful to anyone, here's the minimal set of patches I found necessary to get as far as the There was a problem dialog.

patchelf \
    --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
    --set-rpath "/nix/store/ikl21vjfq900ccbqg1xasp83kadw6q8y-glibc-2.32-46/lib:/nix/store/5lgyy30nyvq59c4m2a7skmwaqz3jja3n-gcc-10.3.0-lib/lib:/nix/store/p3siqrak0k6nqa84gqkclb8cva7790l2-gtk+3-3.24.27/lib" \
    out/opt/awsvpnclient/AWS\ VPN\ Client

patchelf \
    --set-rpath "/nix/store/bydin6pjfb07wqww7a28ib9vzwwhqlg4-icu4c-69.1/lib" \
    out/opt/awsvpnclient/System.Globalization.Native.so

patchelf \
    --set-rpath "/nix/store/bydin6pjfb07wqww7a28ib9vzwwhqlg4-icu4c-69.1/lib" \
    out/opt/awsvpnclient/Service/System.Globalization.Native.so

[ivankovnatsky]

@mcwitt that's great, thanks.

currently i'm using this software: https://github.com/samm-git/aws-vpn-client

and saw a message by the author that official client has been released, and created an issue for a packaging request as a placeholder.

though, since you already started to work on this, let's maybe file a pr in nixpkgs to tackle it there, what do you think?

i did not package gui apps yet, but i think we'll figure it out.

[mcwitt]

Thanks for the tip about aws-vpn-client! I hadn't found that (we just switched to AWS VPN at work so I'm trying to make anything work right now :sweat_smile: )

though, since you already started to work on this, let's maybe file a pr in nixpkgs to tackle it there

sounds good to me. I'll open a PR later today.

side note: I'm now leaning toward the buildFHSUserEnv approach, because I could see it being the case that there's some integrity check in the code and it doesn't like its binaries being modified. The fact that there's no debugging information along with Please report the issue seems suspiciously like a failed integrity check..

[ivankovnatsky]

Thanks for the tip about aws-vpn-client! I hadn't found that (we just switched to AWS VPN at work so I'm trying to make anything work right now 😅 )

yeah, i struggled a bit too.

employer granted with a mac, but i could not be satisfied that fast 😁

let me push my changes later in a fork, maybe that will help you rolling with that software.

[ivankovnatsky]

@mcwitt meanwhile if you need to access vpn under linux, you can refer to my commit: https://github.com/ivankovnatsky/aws-vpn-client/commit/af6beb86f46ea1b10c7c6d8bbe98d718c6f8feeb

and overlay with patched openvpn: https://github.com/ivankovnatsky/nixos-config/blob/main/system/overlays/openvpn.nix

[stale[bot]]

I marked this as stale due to inactivity. → More info

[dmedinag]

I need this too!

[ivankovnatsky]

I don't use it now, but in case someone missed this comment: https://github.com/NixOS/nixpkgs/pull/128262#issuecomment-1060003246

[danwdart]

I was looking for this, but found this ticket instead. I don't quite understand what to add to my configuration files to get this installed system-wide, however.

[danilevy1212]

@danwdart If you use a flake for your system configuration, you can just set it up in your flake.nix and import it into your systemPackages. You can check how I do it here: https://github.com/danilevy1212/nixos/blob/main/flake.nix#L17 , https://github.com/danilevy1212/nixos/blob/main/flake.nix#L119

[danwdart]

Hey, I don't but I figured out how to expose the derivation for my existing configuration.nix:

let awsvpnclient = builtins.fetchTarball {url = "https://github.com/ymatsiuk/awsvpnclient/archive/master.tar.gz"; };
in
    (pkgs.callPackage "${awsvpnclient}/awsvpnclient.nix" { openvpn = pkgs.callPackage "${awsvpnclient}/openvpn.nix" { }; })