--- date: 2023-02-23 title: The Woes of AWSVPNClient tags: - Amazon - AWS - AWSVPNClient --- For my current `$dayjob` I am required to start using the AWS VPN Client. This is not a problem per se, however, this piece of software has given me some particular headaches. In this post, I want to air some frustrations that it has brought me in the past two days, trying to get this software working properly on Debian. ## GNU+Linux Support The AWS VPN Client has gotten an official client for GNU+Linux users. Not all of them, sadly, they specifically support Ubuntu 18.04. I find it important to note that this is 2 LTS versions behind the current Ubuntu version 22.04. Apart from that, only Ubuntu is rather limited. Amazon isn't a small company, and they should be able to support various distributions. In general I would recommend to support the upstream distribution, which in this case would be Debian. This would ensure that it becomes available on Ubuntu by virtue of it being Debian based. That said, only Ubuntu packages wouldn't be a huge problem if not for the next issue I have with this software... ## Proprietary Software The code for this application is private, and Amazon has no intention to change this. There's nothing very special about the application, it's just a proprietary wrapper around OpenVPN, so in my mind I find it hard to believe that they're trying to "protect" anything sensitive. It feels like a simple move to instill the idea that you're highly dependent on them. If they _were_ to make this software free (as in freedom), packaging could be done by package maintainers, or really just anyone who feels like doing it. This would remove a burden on Amazon, and ensure better availability for all potential users. Additionally, it would make debugging issues much easier. Because... ## Logging The logging the application does is pathetic. There's a lot of duplicated logs that are spammed hundreds of times per second. Tailing your logs can also be more annoying than it needs to be, since the client rotates which file it logs to every 1048629 bytes. I currently have 30 log files, generated by two sessions. In these log files, the line `[INF] Begin receive init again` appears 509114 times. Over _half a million_ times. The total number of log lines in all these log files is 510394, meaning only 1280 lines are something different. Of those 1280 lines, the logs themselves aren't much better. I apparently had to install `systemd-resolved` in order to fix the following error: ``` 2023-02-23 10:02:50.870 +01:00 [DBG] CM received: >LOG:1677142970,F,WARNING: Failed running command (--up/--down): external program exited with error status: 1 >FATAL:WARNING: Failed running command (--up/--down): external program exited with error status: 1 2023-02-23 10:02:50.870 +01:00 [DBG] CM processsing: >LOG:1677142970,F,WARNING: Failed running command (--up/--down): external program exited with error status: 1 2023-02-23 10:02:50.870 +01:00 [DBG] CM processsing: >FATAL:WARNING: Failed running command (--up/--down): external program exited with error status: 1 2023-02-23 10:02:50.870 +01:00 [DBG] Fatal exception occured 2023-02-23 10:02:50.870 +01:00 [DBG] Stopping openvpn process 2023-02-23 10:02:50.870 +01:00 [DBG] Sending SIGTERM to gracefully shut down the OpenVPN process 2023-02-23 10:02:50.871 +01:00 [DBG] Invoke Error 2023-02-23 10:02:50.871 +01:00 [DBG] DeDupeProcessDiedSignals: OpenVPN process encountered a fatal error and died. Try connecting again. ``` It is not particularly clear this fails due to not having `systemd-resolved` installed and running. The `.deb` provided by Amazon does not even depend on `systemd-resolved`! Another gripe I've had with the logs is their location. It saves these in `~/.config/AWSVPNClient/logs`. It may seem weird since this path contains a directory named `.config`, and indeed, this is not a great place to store logs. The [XDG Base Directory Specification](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html) specifies `$XDG_STATE_HOME`, with one explicit example for it being logs. However, for this to make sense, the application needs to respect the `XDG_*` values to begin with, which it currently doesn't. ## All in all This software is pretty bad, but if it were free software, at least the users could improve it to suck less, and easily introduce support for various additional platforms. Instead, we're just stuck with a piece of bad software.