This is an implementation of the original AWS VPN client PoC with OpenVPN using SAML authentication, based on the docker setup from rdvencioneck/aws-vpn-client-docker. The goal is to have an easy to consume Linux client, and I just didn't find the docker setup to be so easy after all.
See the original blog post for the implementation details.
- openvpn-v2.5.8-aws.patch - patch required to build AWS compatible OpenVPN v2.5.8, based on the AWS source code, adjusted for OpenVPN 2.5.8
- (Outdated, but still usable) openvpn-v2.4.9-aws.patch - patch required to build AWS compatible OpenVPN v2.4.9, based on the AWS source code (thanks to @heprotecbuthealsoattac for the link).
- server.go - Go server to listen on http://127.0.0.1:35001 and save SAML Post data to the file.
- build.sh - builds the patched OpenVPN client
- connect.sh - connects to the VPN
- Rename your VPN config file to
vpn.conf - Build patched openvpn version by running
./build.sh - Run
sudo ./connect.shto connect to the AWS Client VPN
This will attempt to connect as long as the connection fails. For some reason, OpenVPN might fail to establish a connection. This has been mentioned, for example in threads on serverfault.com. I've experienced that running openvpn as root (with sudo greatly reduces the amount of tries it takes to establish a connection).
I have installed and built this project by in clean docker images of the following distros, while noting which packages are required for building the patched openvpn client.
apt install git curl unzip patch gcc automake libtool libssl-dev net-tools liblzo2-dev libpam-dev cmake openssl golang-bindnf install git curl unzip patch gcc automake libtool openssl-devel net-tools lzo-devel pam-devel cmake openssl golang-binzypper install git curl unzip patch gcc automake libtool openssl-devel net-tools-deprecated lzo-devel pam-devel cmake openssl go-docpacman -S git curl unzip patch gcc automake autoconf libtool openssl net-tools lzo pam make golang-bin