AWS VPN Client on a guest VM

The AWS VPN Client for Linux (https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html) at the time of writing (Nov 26, 2023) is only supported on Ubuntu and the latest Ubuntu version supported is 20.04 LTS. This version of Ubuntu is nearly 4 years old and people have been having problems with the client - there have been numerous complaints on the forums by people trying to get it working on newer Ubuntu versions, for example https://repost.aws/questions/QUNJeF_ja_Suykous7EvfX5Q/aws-client-vpn-on-ubuntu-22-04.

While it is possible to get the VPN client working on Ubuntu 22.04, there is a caveat - the client uses an outdated libssl version (libssl1) and Ubuntu 22.04 comes with a libssl3, which makes the client error out.  The workaround is manual installation of libssl1, replacing libssl3. If one uses another distro or simply does not want to downgrade libssl just for the AWS VPN client, one solution is to run the client on guest installation of Ubuntu 20.04 in a virtual machine. Configuration for the host and guest OSes follows below.

Guest OS

I run the guest installation of Ubuntu 20.04 on Virtual Box, with a Bridged network adapter. Select the correct interface, in my case - enp5s0 (screenshot below)
One thing worth doing is obtaining a static IP for the host machine in the DHCP server (where it reserves a specific IP to a MAC address), if the router has that functionality. For the sake of example, I've set mine to 192.168.0.105.

Let's proceed with configuring the guest machine.

Host OS

On the host, the configuration is as follows.

This solution is not ideal - it requires the guest OS to be up, as it serves as a default gateway, and everything gets routed through the guest OS. Perhaps a better solution would be to explicitly define IP ranges to route through the guest, but it does the job for the time being.

Comments

Post a Comment

Popular posts from this blog

Cyberghost Vpn on Arch Linux

  CyberGhost has apps or shell scripts for various Linux distros but not for Arch Linux, at least not at the time of writing this. However, it is very easy to configure it for Arch. Here’s what I did. Steps Logged into  https://my.cyberghostvpn.com/,  “My Download Apps” -> “Other Apps” -> “Routers and other devices” -> “Configure New Device”. Make the selections, for my setup I’ve selected “Open VPN” as the protocol. Download the OpenVPN configuration files. Extract the archive, mv the files to  /etc/openvpn/client . chmod 600 /etc/openvpn/client/* chown openvpn:network /etc/openvpn/client/* Create an auth file that stores the login credentials for this VPN connection /etc/openvpn/client/login.conf with the username on the 1st line and the password on the 2nd line. Change  auth-user-pass  in cyberghost.conf to  auth-user-pass login.conf . sudo systemctl start openvpn-client@cyberghost sudo systemctl enable openvpn-client@cyberghost Check the IP here  https://www.cyberghostvpn.
Read more

Go application layering

Several months ago I built a web service in go which, inspired by the blog post "Packages as layers, not groups" , I made strictly layered. Not to make a rule out of it and not saying that this is what packages are, I think using packages as layers for different building blocks of an application (RPC, business logic, storage, cache, auth, etc) helps a lot in structuring an application. There was another blog post that talked about using separate structs for the same model (or data transfer object) in each microservice or layer, as opposed to re-using the same struct from a single library and so introducing a dependency everywhere. I cannot find it any more but I loved the idea and I used it in my app as well. I wanted to put these two ideas out there and so I changed all the code from the original app and made it a dumb key-value storage REST API. The project is on GitHub: https://github.com/varfrog/layers . Comments are welcome!
Read more