Skip to content

Connect to the AWS Client VPN with SAML using OSS Client

License

Notifications You must be signed in to change notification settings

gloutsch/aws-vpn-client

 
 

Repository files navigation

aws-vpn-client

This is PoC to connect to the AWS Client VPN with OSS OpenVPN using SAML authentication. Tested on macOS and Linux, should also work on other POSIX OS with a minor changes.

See my blog post for the implementation details.

P.S. Recently AWS released Linux desktop client, however, it is currently available only for Ubuntu, using Mono and is closed source.

Content of the repository

How to use

  1. Build patched openvpn version and put it to the folder with a script
  2. Start HTTP server with go run server.go
  3. Set VPN_HOST in the aws-connect.sh
  4. Replace CA section in the sample vpn.conf with one from your AWS configuration
  5. Finally run aws-connect.sh to connect to the AWS.

Additional Steps

Inspect your ovpn config and remove the following lines if present

  • auth-user-pass (we dont want to show user prompt)
  • auth-federate (do not retry on failures)
  • auth-retry interact (propietary AWS keyword)
  • remote and remote-random-hostname (already handled in CLI and can cause conflicts with it)

Todo

Better integrate SAML HTTP server with a script or rewrite everything on golang

About

Connect to the AWS Client VPN with SAML using OSS Client

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 51.7%
  • Shell 32.8%
  • Go 15.5%