viktorpenelski/aws-vpn-client

Connect to the AWS Client VPN with SAML using OSS Client

aws-vpn-client

This is PoC to connect to the AWS Client VPN with OSS OpenVPN using SAML authentication. Tested on macOS and Linux, should also work on other POSIX OS with a minor changes.

See my blog post for the implementation details.

Content of the repository

• openvpn-v2.4.9-aws.patch - patch required to build AWS compatible OpenVPN v2.4.9, based on the AWS source code (thanks to @heprotecbuthealsoattac) for the link.
• server.go - Go server to listed on http://127.0.0.1:35001 and save SAML Post data to the file
• aws-connect.sh - bash wrapper to run OpenVPN. It runs OpenVPN first time to get SAML Redirect and open browser and second time with actual SAML response

How to use

1. Build patched openvpn version and put it to the folder with a script
2. Start HTTP server with go run server.go
3. Set VPN_HOST in the aws-connect.sh
4. Replace CA section in the sample vpn.conf with one from your AWS configuration
5. Finally run aws-connect.sh to connect to the AWS.

Todo

Better integrate SAML HTTP server with a script or rewrite everything on golang