5/27/2023 0 Comments Aws vpn client![]() I see the browser open, get the "Got SAMLResponse field, it's safe to close this window" page. Using the 2.5.1 patch, I'm getting the same error as above. Mon Apr 5 14:27:31 2021 VERIFY EKU OK Mon Apr 5 14:27:31 2021 VERIFY OK: depth=0, CN=.com Mon Apr 5 14:27:31 2021 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Mon Apr 5 14:27:31 2021 Peer Connection Initiated with 52.54.xxx.yyy:1194 Mon Apr 5 14:27:32 2021 SENT CONTROL : 'PUSH_REQUEST' (status=1) Mon Apr 5 14:27:32 2021 AUTH: Received control message: AUTH_FAILED,Invalid username or password Mon Apr 5 14:27:32 2021 SIGTERM received, process exiting Here is a snip of the logs from where it fails (note: the peer connection was to the exact same IP both times): We've been testing this out for a small number (under 5) of linux clients we would need to connect to the vpn. But I also realize this is not a lot to go on and so if nothing jumps out that's ok and appreciate at least taking the time to scan the details. If there is anything that jumps out at you I'd be grateful for the assist. The only difference I see here versus in the native AWS client logs is that there are two PUSH_REQUEST messages in the native log. Mon Mar 29 16:06:56 2021 SIGTERM received, process exiting Mon Mar 29 16:06:56 2021 AUTH: Received control message: AUTH_FAILED,Invalid username or password Mon Mar 29 16:06:54 2021 Peer Connection Initiated with :443 ![]() Mon Mar 29 16:06:54 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Mon Mar 29 16:06:54 2021 Validating certificate extended key usage Mon Mar 29 16:06:54 2021 VERIFY OK: depth=1, C=US, O=Amazon, OU=Server CA 1B, CN=Amazon Mon Mar 29 16:06:54 2021 VERIFY OK: depth=2, C=US, O=Amazon, CN=Amazon Root CA 1 Mon Mar 29 16:06:54 2021 VERIFY OK: depth=3, C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2 Mon Mar 29 16:06:54 2021 TCP_CLIENT link local: (not bound) Mon Mar 29 16:06:54 2021 TCP connection established with :443 Mon Mar 29 16:06:53 2021 Attempting to establish TCP connection with :443 Mon Mar 29 16:06:53 2021 TCP/UDP: Preserving recently used remote address: :443 Mon Mar 29 16:06:53 2021 NOTE: the current -script-security setting may allow this configuration to call user-defined scripts Mon Mar 29 16:06:53 2021 WARNING: file '/dev/fd/63' is group or others accessible
0 Comments
Leave a Reply. |