Install openlawsvpn

Linux CLI, GTK4 GUI, and Android app — open source, zero runtime dependencies.

Install now ↓ View on GitHub →

Platforms

🐧

Linux CLI

Statically linked Go binary. No Mono, no Java, no Electron, no runtime. Works on any Linux distro. Available for amd64, arm64, and ppc64le.

working
🖥️

GTK4 Desktop GUI

libadwaita app for GNOME — profile importer, one-click connect, tray icon, and a built-in Relay screen. Ships as a Fedora COPR RPM.

working
📱

Android App

Pure Go VPN core via gomobile — no NDK, no JNI glue. SAML authentication in-app via Chrome Custom Tab. Includes the Relay screen.

working

Full SAML / SSO support

openlawsvpn implements the complete AWS Client VPN CRV1 challenge-response flow. It works with any SAML 2.0 identity provider supported by AWS — Okta, Microsoft Entra ID (Azure AD), Google Workspace, JumpCloud, and others. No custom IdP configuration required beyond what you already have set up for AWS Client VPN.

🔐

Interactive (desktop / mobile)

SAML login page opens in your system browser or Chrome Custom Tab. Credentials never touch openlawsvpn code — only your IdP and the AWS endpoint see them.

⚙️

Headless (CI/CD, servers)

Use the Relay feature so a human approves auth from their phone while the headless agent establishes the tunnel. No secrets stored in the pipeline.

Learn about Relay →

GTK4 Desktop GUI

A clean libadwaita app that lives in your GNOME tray. Import a .ovpn profile, click Connect — SAML opens in your browser, the tunnel comes up, and the tray icon turns red. The Relay screen lets you approve headless agent connections directly from your desktop.

openlawsvpn GTK4 GUI: profile list, connected state, and Relay approval screen

Install

BASE=https://github.com/openlawsvpn/go-openlawsvpn/releases/latest/download
curl -LO $BASE/openlawsvpn-cli-linux-amd64
chmod +x openlawsvpn-cli-linux-amd64
sudo mv openlawsvpn-cli-linux-amd64 /usr/local/bin/openlawsvpn-cli
BASE=https://github.com/openlawsvpn/go-openlawsvpn/releases/latest/download
curl -LO $BASE/openlawsvpn-cli-linux-arm64
chmod +x openlawsvpn-cli-linux-arm64
sudo mv openlawsvpn-cli-linux-arm64 /usr/local/bin/openlawsvpn-cli
BASE=https://github.com/openlawsvpn/go-openlawsvpn/releases/latest/download
curl -LO $BASE/openlawsvpn-cli-linux-ppc64le
chmod +x openlawsvpn-cli-linux-ppc64le
sudo mv openlawsvpn-cli-linux-ppc64le /usr/local/bin/openlawsvpn-cli

statically linked, zero dependencies — requires root or CAP_NET_ADMIN+CAP_NET_RAW

for the GUI or Fedora RPM — use the Fedora / RHEL tab

sudo dnf copr enable vorona/openlawsvpn -y
sudo dnf install openlawsvpn-cli -y
sudo openlawsvpn-cli --config ~/Downloads/downloaded-client-config.ovpn

requires root or CAP_NET_ADMIN+CAP_NET_RAW

sudo dnf copr enable vorona/openlawsvpn -y
sudo dnf install openlawsvpn-cli -y
sudo openlawsvpn-cli --config ~/Downloads/downloaded-client-config.ovpn

relay mode: openlawsvpn-cli -relay <token> -daemon

sudo dnf copr enable vorona/openlawsvpn -y
sudo dnf install openlawsvpn-gui -y
openlawsvpn-gui

GTK4 + libadwaita desktop app — includes relay screen; pulls in openlawsvpn-daemon automatically

COPR build status amd64 · arm64 · ppc64le · Fedora 43/44/rawhide 
# APK artifacts require a free GitHub account to download
# sign in at github.com, then open the link below

Latest CI build (GitHub Actions) →

download the apk artifact from the latest passing run

includes Relay screen — approve headless agent VPN auth from your phone

iOS / macOS planned for a future release

git clone https://github.com/openlawsvpn/go-openlawsvpn
cd go-openlawsvpn
make cli

CGO_ENABLED=0 — fully static, no C toolchain required

Using VPN in CI/CD or on headless servers?

The Relay feature lets CI/CD runners connect to AWS Client VPN without storing credentials. A human approves the SAML flow from their phone with one tap. A public demo token is available — no account required, sessions up to 10 minutes.

Learn about Relay → Try the demo ↓