What is openlawsvpn?

The official AWS Client VPN client doesn't support Linux. openlawsvpn fills that gap: a pure-Go implementation of the AWS Client VPN protocol, including the full CRV1 SAML challenge-response flow. It works with any SAML 2.0 identity provider AWS supports — Okta, Microsoft Entra ID, Google Workspace, JumpCloud, and others.

No runtime dependencies. No Electron, no Mono, no JVM. Statically linked binary that runs on any Linux distro or macOS.

Products

🐧

Linux client

Static CLI binary and GTK4 GUI. Fedora COPR RPM. amd64, arm64, ppc64le.

🍎

macOS client

Static CLI binary for Apple Silicon and Intel. No installer needed.

📱

Android app

Pure Go VPN core via gomobile. SAML auth in-app via Chrome Custom Tab.

Play Store ⚙️

Relay service

Headless VPN auth for CI/CD runners and servers. Human approves SAML from phone. Public demo — no account required.

📲

Android relay app

Dedicated app for relay operators — approve agent connections, manage tokens, monitor sessions.

coming soon

SAML / SSO support

openlawsvpn implements the complete CRV1 challenge-response flow required by AWS Client VPN. It works with any SAML 2.0 IdP supported by AWS — no custom configuration beyond what you already have set up.

🔐

Interactive (desktop / mobile)

SAML login page opens in your system browser or Chrome Custom Tab. Credentials never touch openlawsvpn code.

🤖

Headless (CI/CD, servers)

Use Relay — a human approves auth from their phone while the headless agent establishes the tunnel. No secrets in the pipeline.

Quick start

For full install options including Fedora COPR RPM, GTK4 GUI, macOS, and Android — see the Client install page.

BASE=https://github.com/openlawsvpn/go-openlawsvpn/releases/latest/download
curl -LO $BASE/openlawsvpn-cli-linux-amd64
chmod +x openlawsvpn-cli-linux-amd64
sudo mv openlawsvpn-cli-linux-amd64 /usr/local/bin/openlawsvpn-cli
sudo openlawsvpn-cli --config ~/Downloads/client-config.ovpn