Issues with building on OSX

[JohnPolansky]

Platform: OSX Big Sur 11.2.3 (20D91)

As many I'm sure I found your repo after finding the AWS VPN Client very annoying. I downloaded it and then was trying to determine how to build it.. I think your README steps may be a bit outdated.

I have to confess that it took me longer than it should have to figure out what to do with the openvpn-aws.rb file, after trying to run it in Ruby, I finally figured out that it's some sorta local brew formula and I attempted to run it with

brew install --formula openvpn-aws.rb

It appeared to start working downloading, patching, but when it got to the compile section I ran into two errors:

==> ./configure --with-crypto-library=openssl --enable-pkcs11 --prefix=/usr/local/Cellar/openvpn-aws/2.5.1
Error: An exception occurred within a child process:
  Utils::Inreplace::Error: inreplace failed
sample/sample-plugins/Makefile:
  expected replacement of #<Pathname:/usr/local/Homebrew/Library/Homebrew/shims/mac/super/sed> with "/usr/bin/sed"

then

  ==> make install
Error: An exception occurred within a child process:
  Errno::ENOENT: No such file or directory @ apply2files - /usr/local/Cellar/openvpn-aws/2.5.1/share/doc/openvpn-aws/README.mbedtls

I did manage to get past both errors by commenting out those sections of the formula here is the DIFF:

diff --git a/openvpn-aws.rb b/openvpn-aws.rb
index 1f0d1b7..517c4cc 100644
--- a/openvpn-aws.rb
+++ b/openvpn-aws.rb
@@ -38,8 +38,8 @@ end
     inreplace "sample/sample-plugins/Makefile" do |s|
       s.gsub! HOMEBREW_LIBRARY/"Homebrew/shims/mac/super/pkg-config",
               Formula["pkg-config"].opt_bin/"pkg-config"
-      s.gsub! HOMEBREW_LIBRARY/"Homebrew/shims/mac/super/sed",
-              "/usr/bin/sed"
+      # s.gsub! HOMEBREW_LIBRARY/"Homebrew/shims/mac/super/sed",
+      #         "/usr/bin/sed"
     end
     system "make", "install"

@@ -51,7 +51,7 @@ end
     (etc/"openvpn").install doc/"samples/sample-config-files/server.conf"

     # We don't use mbedtls, so this file is unnecessary & somewhat confusing.
-    rm doc/"README.mbedtls"
+    # rm doc/"README.mbedtls"
   end

   def post_install

After this the build was successful at least as far as I could tell. However when I setup the vpn.conf file with all the settings correctly (as the AWS VPN Client) worked with them all i got was the dreaded

Sat Apr 24 12:01:14 2021 AUTH: Received control message: AUTH_FAILED,Invalid username or password

I spent a couple hours fighting this, but in the end I don't believe it's my setup, but possibly the openpn i built. The reason I say this, is I borrowed acvc_openvpn from the /Applications/AWS VPN Client/AWS VPN Client.app/Contents/Resources/openvpn/ and when I updated the aws-connect.sh to point to the acvc-openvpn boom my VPN connected perfectly. So I'm guessing somehow i messed up the build/patching OR I've seen references to issues with "large SAML" responses.. My saml-response.txt is 12,230 bytes if that helps.

Anyway I mostly opened this ticket to hopefully help solve the build issue I was having as I'd prefer to use your patched newer version if possible. I am open other tickets with some other ideas.

[alexandergunnarson]

Similar comments, except 1) I already had vanilla openvpn linked via brew so I had to unlink that first, and 2) I didn't have to comment out the /usr/bin/sed line (I did have to comment out the mbedtls line). The acvc_openvpn worked perfectly for me.

Also, while we're updating files here, maybe it would be nice to update the PORT in aws-connect.sh to be 443 by default? For us, that's what AWS Client VPN Endpoint wanted — port 1143 just hung and it was difficult to see why for a bit.

Appreciate your work on this repo @samm-git — really helped us out! 🙌

[seanzxx]

I got the same issue here. I built the openvpn-aws with home-brew but got AUTH_FAILED.

After I replaced the openvpn with ccvc_openvpn in the official vpn client, it worked without any issues.

[edalford11]

Confirmed this works with the acvc_openvpn on debian linux.

[frontr-uk]

After I replaced the openvpn with ccvc_openvpn in the official vpn client, it worked without any i

Sorry could you help out more., what exactly where did you replace?

[dbaber]

After I replaced the openvpn with ccvc_openvpn in the official vpn client, it worked without any i

Sorry could you help out more., what exactly where did you replace?

They're pulling the acvc-openvpn binary out of the main AWS client because the patched openvpn one does not work. I even updated it to run against the latest OpenVPN (2.6.3) and used the brew forumla code for v2.6.3 and I still can't get it to connect. Was hoping I could maybe patch Tunnelblick then and use that as it'll setup your DNS and everything else too and it has hooks for scripts.

[hrd-jrizzo]

In case anyone else ends up here...

Try removing --enable-pkcs11 from configure.