This is PoC to connect to the AWS Client VPN with OSS OpenVPN using SAML authentication. Tested on macOS and Linux, should also work on other POSIX OS with a minor changes.
See my blog post for the implementation details.
P.S. Recently AWS released Linux desktop client, however, it is currently available only for Ubuntu, using Mono and is closed source. Consider opening a ticket asking for RPM distribution support!
- openvpn-v2.5.1-aws.patch - patch required to build AWS compatible OpenVPN v2.5.1, based on the AWS source code (thanks to @heprotecbuthealsoattac) for the link.
- server.go - Go server to listed on http://127.0.0.1:35001 and save SAML Post data to the file
- aws-connect.sh - bash wrapper to run OpenVPN. It runs OpenVPN first time to get SAML Redirect and open browser and second time with actual SAML response
- Download openvpn 2.5.1 source.
- patch -p1 < ../aws-vpn-client/openvpn-v2.5.1-aws.patch
- Copy or symlink openvpn-2.5.1/src/openvpn/openvpn into aws-vpn-client directory.
- Download your AWS Client VPN .ovpn config file.
- Run
aws-connect.sh <OVPN FILE>
- Supports a
domains.txt
file with a list of domains to resolve via VPN. - Will automatically use https://github.com/jonathanio/update-systemd-resolved for name resolution on systemd systems.
Better integrate SAML HTTP server with a script or rewrite everything on golang