https://github.com/samm-git/aws-vpn-client

Connect to the AWS Client VPN with SAML using OSS Client
https://github.com/samm-git/aws-vpn-client

aws openvpn vpn

Last synced: 5 months ago
JSON representation

Connect to the AWS Client VPN with SAML using OSS Client

• Host: GitHub
• URL: https://github.com/samm-git/aws-vpn-client
• Owner: samm-git
• License: mit
• Created: 2020-07-07T19:40:21.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2025-05-01T07:30:16.000Z (about 1 year ago)
• Last Synced: 2025-05-01T08:28:54.853Z (about 1 year ago)
• Topics: aws, openvpn, vpn
• Language: Ruby
• Homepage:
• Size: 25.4 KB
• Stars: 211
• Watchers: 19
• Forks: 101
• Open Issues: 9
• Metadata Files:
  • Readme: README.md
  • Changelog: ChangeLog.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# aws-vpn-client

This is PoC to connect to the AWS Client VPN with OSS OpenVPN using SAML

authentication. Tested on macOS and Linux, should also work on other POSIX OS with a minor changes.

See [my blog post](https://smallhacks.wordpress.com/2020/07/08/aws-client-vpn-internals/) for the implementation details.

P.S. Recently [AWS released Linux desktop client](https://aws.amazon.com/about-aws/whats-new/2021/06/aws-client-vpn-launches-desktop-client-for-linux/), however, it is currently available only for Ubuntu, using Mono and is closed source. 

## Content of the repository

- [openvpn-v2.4.9-aws.patch](openvpn-v2.4.9-aws.patch) - patch required to build

AWS compatible OpenVPN v2.4.9, based on the

[AWS source code](https://amazon-source-code-downloads.s3.amazonaws.com/aws/clientvpn/osx-v1.2.5/openvpn-2.4.5-aws-2.tar.gz) (thanks to @heprotecbuthealsoattac) for the link.

- [server.go](server.go) - Go server to listed on http://127.0.0.1:35001 and save

SAML Post data to the file

- [aws-connect.sh](aws-connect.sh) - bash wrapper to run OpenVPN. It runs OpenVPN first time to get SAML Redirect and open browser and second time with actual SAML response

## How to use

1. Build patched openvpn version and put it to the folder with a script

1. Start HTTP server with `go run server.go`

1. Set VPN_HOST in the [aws-connect.sh](aws-connect.sh)

1. Replace CA section in the sample [vpn.conf](vpn.conf) with one from your AWS configuration

1. Finally run `aws-connect.sh` to connect to the AWS.

### Additional Steps

Inspect your ovpn config and remove the following lines if present

- `auth-user-pass` (we dont want to show user prompt)

- `auth-federate` (propietary AWS keyword)

- `auth-retry interact` (do not retry on failures)

- `remote` and `remote-random-hostname` (already handled in CLI and can cause conflicts with it)

## Todo

Better integrate SAML HTTP server with a script or rewrite everything on golang