Comments (9)
We've been testing this out for a small number (under 5) of linux clients we would need to connect to the vpn. We're experiencing the same issue. Here is a snip of the logs from where it fails (note: the peer connection was to the exact same IP both times):
Unsuccessful:
Mon Apr 5 14:27:31 2021 VERIFY EKU OK Mon Apr 5 14:27:31 2021 VERIFY OK: depth=0, CN=<redacted>.com Mon Apr 5 14:27:31 2021 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Mon Apr 5 14:27:31 2021 [<redacted>.com] Peer Connection Initiated with [AF_INET]52.54.xxx.yyy:1194 Mon Apr 5 14:27:32 2021 SENT CONTROL [<redacted>.com]: 'PUSH_REQUEST' (status=1) Mon Apr 5 14:27:32 2021 AUTH: Received control message: AUTH_FAILED,Invalid username or password Mon Apr 5 14:27:32 2021 SIGTERM[soft,auth-failure] received, process exiting
Successful:
Mon Apr 5 14:28:17 2021 VERIFY EKU OK Mon Apr 5 14:28:17 2021 VERIFY OK: depth=0, CN=<redacted>.com Mon Apr 5 14:28:17 2021 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Mon Apr 5 14:28:17 2021 [<redacted>.com] Peer Connection Initiated with [AF_INET]52.54.xxx.yyy:1194 Mon Apr 5 14:28:18 2021 SENT CONTROL [<redacted>.com]: 'PUSH_REQUEST' (status=1) Mon Apr 5 14:28:18 2021 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route-gateway 10.17.0.33,topology subnet,ping 1,ping-restart 20,ifconfig 10.17.0.34 255.255.255.224,peer-id 0,cipher AES-256-GCM'
from aws-vpn-client.
@samm-git Actually, after a reboot it now works! I'm successfully able to connect. Thank you for this awesome patch.
from aws-vpn-client.
I recently updated patch and documentation. Please let me know if changes fixing your issue.
from aws-vpn-client.
Using the 2.5.1 patch, I'm getting the same error as above.
I see the browser open, get the "Got SAMLResponse field, it's safe to close this window" page.
The aws_connect.sh exits with this:
2021-04-19 13:36:20 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-04-19 13:36:20 VERIFY EKU OK 2021-04-19 13:36:20 VERIFY OK: depth=0, CN=*.com 2021-04-19 13:36:20 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 2021-04-19 13:36:20 [*.com] Peer Connection Initiated with [AF_INET]35.81.112.236:443 2021-04-19 13:36:21 SENT CONTROL [*.com]: 'PUSH_REQUEST' (status=1) 2021-04-19 13:36:21 AUTH: Received control message: AUTH_FAILED,Invalid username or password 2021-04-19 13:36:21 SIGTERM[soft,auth-failure] received, process exiting
To avoid any problems I've used our vpn.conf and followed your instructions to remove unsupported fields.
`client
dev tun
proto tcp
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
verb 3
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
auth-nocache
reneg-sec 0
`
I had to change the port in aws_connect from 1194 to 443 to get it to work at all.
When I connect using the AWS VPN Client on Windows, the message I get in browser is "Authentication details received, processing details. You may close this window at any time.". When connecting through your solution, the message I get in browser is "Got SAMLResponse field". Not sure if that makes a difference.
from aws-vpn-client.
@andrei-ivanov-pie different text does not matter, its expected. Which IDP do you use? Does it work fine on native client?
from aws-vpn-client.
We use Okta. The AWS VPN client works fine on Windows with the vpn config file above (minus the fields that were removed per your instructions)
from aws-vpn-client.
@andrei-ivanov-pie this is very strange, i use okta as well. If you can make me some "guest" testing account i can test. As i cant reproduce it on my side otherwise.
from aws-vpn-client.
I'm experiencing very random results with connecting. We're authenticating using okta. Sometimes it connects after 2-3 tries, sometimes it takes 10 or more. It just says that auth failed. Any pointers on how i could debug what's going on?
from aws-vpn-client.
@furai, we were also experiencing authentication issues while using Okta. However, after the discussions in #2, we stabilized our auth attemps, by removing the following fields from the VPN configuration file: https://github.com/samm-git/aws-vpn-client/blob/0f206a7985c7feb24a27b97ea6920796f2007322/README.md#additional-steps
from aws-vpn-client.
Related Issues (18)
- [FYI] AWS provides modified source code for openvpn HOT 9
- AWS released their own client app for Ubuntu but lacks support for private DNS resolution... HOT 2
- Consistent auth failed HOT 2
- RFC: Improvements to the script & go server
- v3.1.0 contains patch openvpn-2.4.5-aws-3
- Linux: transient authentication failures HOT 24
- Rust based client
- AWS VPN connect in pipeline azure devops CI/CD HOT 4
- How to Connect to AWS Client VPN in CI/CD Pipelines? HOT 5
- rootless socks5 tunnel, openvpn 2.6 HOT 1
- URL redirect to https HOT 13
- Failing to apply patch HOT 1
- Build patch process HOT 2
- Add ci to build packages for Linux and macOS
- Issues with building on OSX HOT 6
- Suggestions for server.go / aws-connect.sh HOT 1
- Suggestion to remove server.go and listen for POST SAML response
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-vpn-client.