This is PoC to connect to the AWS Client VPN with OSS OpenVPN using SAML authentication. Tested on macOS and Linux, should also work on other POSIX OS with a minor changes.
See my blog post for the implementation details.
- openvpn-v2.4.9-aws.patch - patch required to build AWS compatible OpenVPN v2.4.9, based on the AWS source code (thanks to @heprotecbuthealsoattac) for the link.
- server.go - Go server to listed on http://127.0.0.1:35001 and save SAML Post data to the file
- aws-connect.sh - bash wrapper to run OpenVPN. It runs OpenVPN first time to get SAML Redirect and open browser and second time with actual SAML response
- Build patched openvpn version and put it to the folder with a script
- Start HTTP server with
go run server.go
- Set VPN_HOST in the aws-connect.sh
- Replace CA section in the sample vpn.conf with one from your AWS configuration
- Finally run
aws-connect.sh
to connect to the AWS.
Inspect your ovpn config and remove the following lines if present
auth-user-pass
(we dont want to show user prompt)auth-federate
(do not retry on failures)auth-retry interact
(propietary AWS keyword)remote
andremote-random-hostname
(already handled in CLI and can cause conflicts with it)
Better integrate SAML HTTP server with a script or rewrite everything on golang