1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
---
date: 2023-02-23
title: The Woes of AWSVPNClient
tags:
- Amazon
- AWS
- AWSVPNClient
---
For my current `$dayjob` I am required to start using the AWS VPN Client. This
is not a problem per se, however, this piece of software has given me some
particular headaches. In this post, I want to air some frustrations that it has
brought me in the past two days, trying to get this software working properly
on Debian.
## GNU+Linux Support
The AWS VPN Client has gotten an official client for GNU+Linux users. Not all
of them, sadly, they specifically support Ubuntu 18.04. I find it important to
note that this is 2 LTS versions behind the current Ubuntu version 22.04. Apart
from that, only Ubuntu is rather limited. Amazon isn't a small company, and
they should be able to support various distributions.
In general I would recommend to support the upstream distribution, which in
this case would be Debian. This would ensure that it becomes available on
Ubuntu by virtue of it being Debian based.
That said, only Ubuntu packages wouldn't be a huge problem if not for the next
issue I have with this software...
## Proprietary Software
The code for this application is private, and Amazon has no intention to change
this. There's nothing very special about the application, it's just a
proprietary wrapper around OpenVPN, so in my mind I find it hard to believe
that they're trying to "protect" anything sensitive. It feels like a simple
move to instill the idea that you're highly dependent on them.
If they _were_ to make this software free (as in freedom), packaging could be
done by package maintainers, or really just anyone who feels like doing it.
This would remove a burden on Amazon, and ensure better availability for all
potential users.
Additionally, it would make debugging issues much easier. Because...
## Logging
The logging the application does is pathetic. There's a lot of duplicated logs
that are spammed hundreds of times per second. Tailing your logs can also be
more annoying than it needs to be, since the client rotates which file it logs
to every 1048629 bytes.
I currently have 30 log files, generated by two sessions. In these log files,
the line `[INF] Begin receive init again` appears 509114 times. Over _half a
million_ times. The total number of log lines in all these log files is 510394,
meaning only 1280 lines are something different.
Of those 1280 lines, the logs themselves aren't much better. I apparently had
to install `systemd-resolved` in order to fix the following error:
```
2023-02-23 10:02:50.870 +01:00 [DBG] CM received: >LOG:1677142970,F,WARNING: Failed running command (--up/--down): external program exited with error status: 1
>FATAL:WARNING: Failed running command (--up/--down): external program exited with error status: 1
2023-02-23 10:02:50.870 +01:00 [DBG] CM processsing: >LOG:1677142970,F,WARNING: Failed running command (--up/--down): external program exited with error status: 1
2023-02-23 10:02:50.870 +01:00 [DBG] CM processsing: >FATAL:WARNING: Failed running command (--up/--down): external program exited with error status: 1
2023-02-23 10:02:50.870 +01:00 [DBG] Fatal exception occured
2023-02-23 10:02:50.870 +01:00 [DBG] Stopping openvpn process
2023-02-23 10:02:50.870 +01:00 [DBG] Sending SIGTERM to gracefully shut down the OpenVPN process
2023-02-23 10:02:50.871 +01:00 [DBG] Invoke Error
2023-02-23 10:02:50.871 +01:00 [DBG] DeDupeProcessDiedSignals: OpenVPN process encountered a fatal error and died. Try connecting again.
```
It is not particularly clear this fails due to not having `systemd-resolved`
installed and running. The `.deb` provided by Amazon does not even depend on
`systemd-resolved`!
Another gripe I've had with the logs is their location. It saves these in
`~/.config/AWSVPNClient/logs`. It may seem weird since this path contains a
directory named `.config`, and indeed, this is not a great place to store logs.
The [XDG Base Directory
Specification](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html)
specifies `$XDG_STATE_HOME`, with one explicit example for it being logs.
However, for this to make sense, the application needs to respect the `XDG_*`
values to begin with, which it currently doesn't.
## All in all
This software is pretty bad, but if it were free software, at least the users
could improve it to suck less, and easily introduce support for various
additional platforms. Instead, we're just stuck with a piece of bad software.
|
